G-Cloud 11 services are suspended on Digital Marketplace

If you have an ongoing procurement on G-Cloud 11, you must complete it by 18 December 2020. Existing contracts with Shaw Trust Accessibility Services are still valid.
Shaw Trust Accessibility Services

AskSARA

AskSARA (self-assessment rapid access) is an online guided advice tool designed to provide advice to older and disabled people about equipment for independent living. Users choose from over 90 topics, answer a series of questions and then view a personalized report including local signposting that links to over 10,000 products.

Features

  • A choice of over 90 daily living topics
  • OT-authored advice about suitable product types
  • Governed by the NHS Information Standard
  • Links to Living Made Easy with over 10,000 product listings
  • Products from over 950 national suppliers
  • Easy to use 3-step tool written in plain English
  • Dynamic questions lead to tailored advice
  • Directs users to an assessment when indicated by their answers
  • Includes signposting information about local services and programmes
  • Reporting insights help licensees plan future services

Benefits

  • Enables users to identify suitable products quickly
  • Reduces the demand for formal assessments by OTs
  • When an assessment is indicated the quality is improved
  • Local updates managed by DLF on instruction from the licensee
  • In continuous improvement, up-to-date
  • Supports self-funders and reduces the risk of poor product choices
  • Allows carers, friends and family to get advice they need
  • Consistent with OT practices and fits easily into work-streams
  • Enables front-door teams to provide timely advice
  • Acts as a triage tool

Pricing

£8,250 a licence a year

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at business.development@shaw-trust.org.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 11

Service ID

1 8 7 1 5 5 8 0 6 6 9 3 8 6 1

Contact

Shaw Trust Accessibility Services Joe Manock / Carly Horsford
Telephone: 0300 123 7005
Email: business.development@shaw-trust.org.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
On completion of the development and testing of their version licensees will be issued with a unique URL for their version of AskSARA they they need to list on their website.
System requirements
Licensees add the link for their version to their websites

User support

Email or online ticketing support
Email or online ticketing
Support response times
We respond to email queries by the end of the next working day
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
No
Support levels
Every licensee is assigned a named Account Manager at DLF to be their central point of contact, they are also provided with contact details for the Account Management Team who coordinate handling any in-licence update and issues.
Changes to AskSARA
Requests to make amendments to a customised version of AskSARA must be provided in a written format and sent to DLF
Response Times
For any queries or errors you report in relation to AskSARA, we will endeavour to respond by the next working day from the time we receive the report. However, we will endeavour to respond as soon as a technician is available. Response times will apply 9.30 am – 5.00 pm Monday to Friday (except for public holidays).
Reporting
Reports for customised version of AskSARA can be provided by DLF on written request.
Escalation
We have an escalation procedure.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
DLF provides on-site workshops to organise the customization activity. These are supported by a Workbook which is issued to the licensee to help collate the custom content and assets. We jointly agree a timing plan that includes testing a draft version.
Service documentation
No
End-of-contract data extraction
The custom version is taken offline on an agreed date and custom content is deleted from DLF's files.
We hold no personal data.
End-of-contract process
The custom version is taken offline on an agreed date and custom content is deleted from DLF's files.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The service is based on a mobile-first design
Service interface
No
API
No
Customisation available
Yes
Description of customisation
Customisation includes both the visual identity and the addition of custom content. Licensees provide logos and graphic design requirements, along with adverts for the home page. They complete a workbook of information content about local projects, programmes and services which is then integrated into the AskSara user-generated reports so that product advice is surrounded by signposting to relevant pathways. Post-launch this custom information is updated with notice. Licensees provide written instructions about changes they require and the changes are carried out by DLF to an agreed timescale.

Scaling

Independence of resources
The DLF work with their server infrastructure partner to ensure sufficient resources are available as demands fluctuate, for example as new buyers are brought onboard. We operate at around 20-25% capacity in order to manage unforeseen fluctuations in demand.

Analytics

Service usage metrics
Yes
Metrics types
We provide reports from three sources:
- Google Analytics for the custom version of AskSARA
- Statistics from our server about the reports completed by users of the service
- Responses to the built-in customer satisfaction survey
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
Less than once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
The DLF retains a copy of the custom information provided by the licensee and this can be reviewed at any point. There is no other licensee data captured on the system apart from anonymised user analytics.
Data export formats
CSV
Data import formats
Other

Data-in-transit protection

Data protection between buyer and supplier networks
Other
Other protection between networks
No data is transferred between the buyer's network and our network. We provide an independent hosted solution.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Availability: DLF is responsible for its internet connection to AskSARA, and has an agreement with an ISP for 24 hour internet access. We aim to provide 90% uptime of AskSARA during working hours: 9.30 am – 5.00 pm Monday to Friday (except for public holidays), aggregated per quarter (running from the date of any Agreement).
Performance: We can give no indicative response times for external access, since these times are dependent on the equipment being used, the speeds at which the user’s communications equipment operates, equipment in use at their Internet Service Provider, and general utilisation of the Internet network.
Approach to resilience
Available on request.
Outage reporting
Email alerts on service outages are reported to DLF IT support team and forwarded to the nominated contact within the licensee's organisation.

Identity and authentication

User authentication needed
No
Access restrictions in management interfaces and support channels
Only named staff within the DLF team have access to the AskSara management tool and to our support tool.
Access restriction testing frequency
Less than once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
Users receive audit information on a regular basis
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
DAS Certification/ SN Registrats (Holdings) Ltd
ISO/IEC 27001 accreditation date
29.07.2016
What the ISO/IEC 27001 doesn’t cover
The certificate is valid for the following scope of operations: The advancement of education and the relief of unemployment, need and social disadvantage for the public benefit, through the provision of training and/or training facilities or by such means as the trustees shall from time to time determine appropriate, including DWP’s security requirements under its Work Choice and Work Programme Prime Contracts.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Essentials Plus
Information security policies and processes
Reporting structures are in place to ensure any incident is escalated to the appropriate level, with Board oversight and audit of all incidents. The policies that support our compliance with standards include:
- I.S. Incident Management and Corrective Preventive Action Procedures
- Internal ISMS Auditing Procedures
- Access Control and Network Management and Storage Procedures
- Antivirus and other Malicious Code Procedures
- Data Encryption Procedures & Encryption Key Management Policy
- Information Security Policy
- Security Incident and Corrective Action Request and Report (SICAR) Form
Please email IT@dlf.org.uk for a copy of these policies.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
DLF/Shaw Trust operates with a change management procedure for development of online services in compliance with our development server infrastructure provider. All changes to the Trust’s ICT-related Systems are required to follow the established “ICT Change Management Process” to ensure the mitigation of associated risks and minimise disruption to business critical services. Please request a copy of our ICT Change Management Procedures from IT@dlf.org.uk.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Our dedicated server infrastructure provider is responsible for the management of security and threat assessment. This includes monitoring security mailing lists, reviewing vendor notifications and websites and researching public websites for the release of new patches. Monitoring includes scanning the network to identify known vulnerabilities, undertaking evaluation of patches within 4 hours of release and categorising criticality. All patch releases follow a defined process for deployment. Weekly change meetings approve the schedule ahead of implementation. Emergency patches are deployed within eight hours of availability. Email IT@dlf.org.uk for DLF/Shaw Trust Patch Management procedures.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
All new services are penetration tested and then any changes are regulated through change management. All devices including servers connected to the network have proper virus-protection software, current virus-definition libraries and the most recent operating system and security patches installed. Monitoring includes scanning the network and communicating identified vulerabilities to staff, including the Head of Information Security. DLF would be alerted to potential compromises by our server infrastructure team and would respond with mitigating actions within 5 working days.
Incident management type
Supplier-defined controls
Incident management approach
DLF/Shaw Trust operates an incident management policy, the objective of which is to protect the confidentiality, integrity and availability of the organisation's information systems and data from any actual or suspected security incidents or weaknesses. Events and incidents are monitored and detected by means of CAT internal contract compliance audits, internal CAT ISO 27001 audits, external audits, penetration tests, IT Health-checks and staff awareness. The procedures for the identification, collection, acquisition and preservation of information, which can serve as evidence, are found in the Trust’s Serious Incident Management and Reporting Procedure. Please email IT@dlf.org.uk for a copy of these policies.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£8,250 a licence a year
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at business.development@shaw-trust.org.uk. Tell them what format you need. It will help if you say what assistive technology you use.