AskSARA
AskSARA (self-assessment rapid access) is an online guided advice tool designed to provide advice to older and disabled people about equipment for independent living. Users choose from over 90 topics, answer a series of questions and then view a personalized report including local signposting that links to over 10,000 products.
Features
- A choice of over 90 daily living topics
- OT-authored advice about suitable product types
- Governed by the NHS Information Standard
- Links to Living Made Easy with over 10,000 product listings
- Products from over 950 national suppliers
- Easy to use 3-step tool written in plain English
- Dynamic questions lead to tailored advice
- Directs users to an assessment when indicated by their answers
- Includes signposting information about local services and programmes
- Reporting insights help licensees plan future services
Benefits
- Enables users to identify suitable products quickly
- Reduces the demand for formal assessments by OTs
- When an assessment is indicated the quality is improved
- Local updates managed by DLF on instruction from the licensee
- In continuous improvement, up-to-date
- Supports self-funders and reduces the risk of poor product choices
- Allows carers, friends and family to get advice they need
- Consistent with OT practices and fits easily into work-streams
- Enables front-door teams to provide timely advice
- Acts as a triage tool
Pricing
£8,250 a licence a year
- Education pricing available
Service documents
Request an accessible format
Framework
G-Cloud 11
Service ID
1 8 7 1 5 5 8 0 6 6 9 3 8 6 1
Contact
Shaw Trust Accessibility Services
Joe Manock / Carly Horsford
Telephone: 0300 123 7005
Email: business.development@shaw-trust.org.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- On completion of the development and testing of their version licensees will be issued with a unique URL for their version of AskSARA they they need to list on their website.
- System requirements
- Licensees add the link for their version to their websites
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- We respond to email queries by the end of the next working day
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- No
- Support levels
-
Every licensee is assigned a named Account Manager at DLF to be their central point of contact, they are also provided with contact details for the Account Management Team who coordinate handling any in-licence update and issues.
Changes to AskSARA
Requests to make amendments to a customised version of AskSARA must be provided in a written format and sent to DLF
Response Times
For any queries or errors you report in relation to AskSARA, we will endeavour to respond by the next working day from the time we receive the report. However, we will endeavour to respond as soon as a technician is available. Response times will apply 9.30 am – 5.00 pm Monday to Friday (except for public holidays).
Reporting
Reports for customised version of AskSARA can be provided by DLF on written request.
Escalation
We have an escalation procedure. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- DLF provides on-site workshops to organise the customization activity. These are supported by a Workbook which is issued to the licensee to help collate the custom content and assets. We jointly agree a timing plan that includes testing a draft version.
- Service documentation
- No
- End-of-contract data extraction
-
The custom version is taken offline on an agreed date and custom content is deleted from DLF's files.
We hold no personal data. - End-of-contract process
- The custom version is taken offline on an agreed date and custom content is deleted from DLF's files.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- The service is based on a mobile-first design
- Service interface
- No
- API
- No
- Customisation available
- Yes
- Description of customisation
- Customisation includes both the visual identity and the addition of custom content. Licensees provide logos and graphic design requirements, along with adverts for the home page. They complete a workbook of information content about local projects, programmes and services which is then integrated into the AskSara user-generated reports so that product advice is surrounded by signposting to relevant pathways. Post-launch this custom information is updated with notice. Licensees provide written instructions about changes they require and the changes are carried out by DLF to an agreed timescale.
Scaling
- Independence of resources
- The DLF work with their server infrastructure partner to ensure sufficient resources are available as demands fluctuate, for example as new buyers are brought onboard. We operate at around 20-25% capacity in order to manage unforeseen fluctuations in demand.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
We provide reports from three sources:
- Google Analytics for the custom version of AskSARA
- Statistics from our server about the reports completed by users of the service
- Responses to the built-in customer satisfaction survey - Reporting types
-
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Staff screening not performed
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- European Economic Area (EEA)
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- Less than once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
- Physical access control, complying with CSA CCM v3.0
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- The DLF retains a copy of the custom information provided by the licensee and this can be reviewed at any point. There is no other licensee data captured on the system apart from anonymised user analytics.
- Data export formats
- CSV
- Data import formats
- Other
Data-in-transit protection
- Data protection between buyer and supplier networks
- Other
- Other protection between networks
- No data is transferred between the buyer's network and our network. We provide an independent hosted solution.
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
-
Availability: DLF is responsible for its internet connection to AskSARA, and has an agreement with an ISP for 24 hour internet access. We aim to provide 90% uptime of AskSARA during working hours: 9.30 am – 5.00 pm Monday to Friday (except for public holidays), aggregated per quarter (running from the date of any Agreement).
Performance: We can give no indicative response times for external access, since these times are dependent on the equipment being used, the speeds at which the user’s communications equipment operates, equipment in use at their Internet Service Provider, and general utilisation of the Internet network. - Approach to resilience
- Available on request.
- Outage reporting
- Email alerts on service outages are reported to DLF IT support team and forwarded to the nominated contact within the licensee's organisation.
Identity and authentication
- User authentication needed
- No
- Access restrictions in management interfaces and support channels
- Only named staff within the DLF team have access to the AskSara management tool and to our support tool.
- Access restriction testing frequency
- Less than once a year
- Management access authentication
-
- Public key authentication (including by TLS client certificate)
- Username or password
Audit information for users
- Access to user activity audit information
- Users receive audit information on a regular basis
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- You control when users can access audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- DAS Certification/ SN Registrats (Holdings) Ltd
- ISO/IEC 27001 accreditation date
- 29.07.2016
- What the ISO/IEC 27001 doesn’t cover
- The certificate is valid for the following scope of operations: The advancement of education and the relief of unemployment, need and social disadvantage for the public benefit, through the provision of training and/or training facilities or by such means as the trustees shall from time to time determine appropriate, including DWP’s security requirements under its Work Choice and Work Programme Prime Contracts.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
- Cyber Essentials Plus
- Information security policies and processes
-
Reporting structures are in place to ensure any incident is escalated to the appropriate level, with Board oversight and audit of all incidents. The policies that support our compliance with standards include:
- I.S. Incident Management and Corrective Preventive Action Procedures
- Internal ISMS Auditing Procedures
- Access Control and Network Management and Storage Procedures
- Antivirus and other Malicious Code Procedures
- Data Encryption Procedures & Encryption Key Management Policy
- Information Security Policy
- Security Incident and Corrective Action Request and Report (SICAR) Form
Please email IT@dlf.org.uk for a copy of these policies.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- DLF/Shaw Trust operates with a change management procedure for development of online services in compliance with our development server infrastructure provider. All changes to the Trust’s ICT-related Systems are required to follow the established “ICT Change Management Process” to ensure the mitigation of associated risks and minimise disruption to business critical services. Please request a copy of our ICT Change Management Procedures from IT@dlf.org.uk.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Our dedicated server infrastructure provider is responsible for the management of security and threat assessment. This includes monitoring security mailing lists, reviewing vendor notifications and websites and researching public websites for the release of new patches. Monitoring includes scanning the network to identify known vulnerabilities, undertaking evaluation of patches within 4 hours of release and categorising criticality. All patch releases follow a defined process for deployment. Weekly change meetings approve the schedule ahead of implementation. Emergency patches are deployed within eight hours of availability. Email IT@dlf.org.uk for DLF/Shaw Trust Patch Management procedures.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- All new services are penetration tested and then any changes are regulated through change management. All devices including servers connected to the network have proper virus-protection software, current virus-definition libraries and the most recent operating system and security patches installed. Monitoring includes scanning the network and communicating identified vulerabilities to staff, including the Head of Information Security. DLF would be alerted to potential compromises by our server infrastructure team and would respond with mitigating actions within 5 working days.
- Incident management type
- Supplier-defined controls
- Incident management approach
- DLF/Shaw Trust operates an incident management policy, the objective of which is to protect the confidentiality, integrity and availability of the organisation's information systems and data from any actual or suspected security incidents or weaknesses. Events and incidents are monitored and detected by means of CAT internal contract compliance audits, internal CAT ISO 27001 audits, external audits, penetration tests, IT Health-checks and staff awareness. The procedures for the identification, collection, acquisition and preservation of information, which can serve as evidence, are found in the Trust’s Serious Incident Management and Reporting Procedure. Please email IT@dlf.org.uk for a copy of these policies.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- No
Pricing
- Price
- £8,250 a licence a year
- Discount for educational organisations
- Yes
- Free trial available
- No