Servelec Social Care Ltd

Abacus

Abacus social care finance software integrates with a range of case management systems. It can reduce your administrative workload by as much as 80% to generate big cost savings while enabling you to focus on providing care.

An intuitive, integrated system, that automates processes, provides user-friendly workflows and financial reporting.

Features

  • Abacus Residential (inc A4W, Intranet & JS
  • Abacus Non Residential (inc A4W, Intranet & JS
  • Abacus Residential & Non Residential (inc A4W, Intranet & JS)
  • Abacus Children's Module
  • Abacus Direct Payments
  • Abacus Self Directed Support
  • Abacus Provider Portal Residential
  • Abacus Provider Portal Non Residential
  • Abacus Provider Portal Residential & Non Residential

Benefits

  • Save money on all aspects of social care financial management
  • Avoid overpayment with automatic invoice checking
  • Save time by eradicating manual processes and duplicate data entry
  • Reduce postage, printing and paper costs
  • Improve data quality and reduce telephone queries
  • Get software updates before legislative deadlines
  • Produce clear management reports for use during any disputes
  • Get Faster and more accurate payments
  • Improve cash flow, as invoice queries are resolved faster
  • Reduce the number and value of disputed payments.

Pricing

£245 to £2,500 a user a year

Service documents

Framework

G-Cloud 12

Service ID

2 1 1 7 3 4 0 9 5 5 0 1 7 5 8

Contact

Servelec Social Care Ltd James Bouch
Telephone: 0207 354 8000
Email: mosaicbids@servelec.co.uk

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Stand alone, integrated with ANY case management solution or Add on to Mosaic Case Management System.
Cloud deployment model
Private cloud
Service constraints
Constraints might include planned maintenance arrangements or support being limited to specific hardware configurations.
System requirements
  • End-user facing elements of the solution are accessed via web-browser
  • Supported by, Windows, macOS, iOS and Android
  • No additional software or plug-ins are required on client devices
  • There are no additional licencing implications

User support

Email or online ticketing support
Email or online ticketing
Support response times
Hours of Service:
Monday to Friday 08.30 to 18.00 (Excl. English bank hols)

Response Times:
P1 - Production System Unavailable = within 30 minutes
P2 - Major System Unavailability = within 1 hour
P3 - Significant Issue = within 2 hours
P4 - Moderate Issue = within 4 hours
P5 - Minor Issue = within 8 hours
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Servelec operates a standard service level which is designed to provide appropriate and reliable response and resolution times to all of our customers at a cost effective price. Responses are guaranteed within 1 working hour for all priorities with the exception of priority 1 issues which have a 30 minute response. Resolution times are contained within the SLA, those being P1 = 1 working day, P2 = 5 working days, P3 = 20 working days and P4 being the next reasonable release. Further details of response and resolution times, as well as escalation procedures are provided in the accompanying license and support agreement. The Support desk is staffed between 8.30am and 6pm UK time, Monday to Friday, excluding Bank Holidays. Technical and operational incidents can be logged via the phone during opening times. Incidents may be logged and updated via email or by the Customer Self Service Portal 24 hours a day seven days a week. All incidents logged via the above methods will be responded to by a support consultant within the timescales stated during the working day. The customer will have access to the Servelec technical services and application support teams.
Support available to third parties
No

Onboarding and offboarding

Getting started
Servelec offers the following on-site system training:

• Abacus Familiarisation
• Workshop Preparation
• Finance Familiarisation
• System Administration
• Workflow
• User Acceptance
• Train the Trainer
• Abacus Provider Portal
• Go-Live Guidance

Each training course is designed to be interactive for up to 12 delegates. As new versions of our software are released, our guidance is updated and new guidance produced to highlight and explain any new functionality.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Servelec provide a data schema for each version of Abacus and this is available to customers to allow the extraction of data into a required format. If the customer prefers; it could commission Servelec to extract the data into .csv files. Costs for this service can be provided on request.
End-of-contract process
Servelec’s approach to decommissioning is to work with the Authority to meet its objectives and ensure any move to a new supplier is smooth and simple. Data is provided to the customer in the agreed format. Any technical involvement in script writing from Servelec is normally chargeable however advice and support is given freely until the contract end date. The data is deleted securely when the customer has agreed all data has been provided and drives holding the data are securely cleansed. Servelec can provide an Exit Management Plan to highlight the steps involved in decommissioning the application.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Yes
Compatible operating systems
  • Android
  • Windows
  • Windows Phone
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
When used on Windows 10, iOS and Android smartphones and tablets, screens are drawn in a way that is responsive to the device size. Native finger-friendly device functions such as date pickers are used by default.
Service interface
No
API
No
Customisation available
Yes
Description of customisation
Services are configurable to meet the needs of the finance structure required.

Scaling

Independence of resources
Proactive monitoring of the platform is provided using NAGIOS. Where a server or other component is deemed to be nearing the threshold requiring additional resource the issue is rectified.

Analytics

Service usage metrics
Yes
Metrics types
Service metrics are provided in the form of call lists which users can filter on calls outstanding either by call reference, created date range, call status, name of reporter, assignee and summary. Customers can log in to the online support portal to view this information as and when required at no additional cost. Service measurements are used internally to monitor performance accordingly. Reporting of SLA performance and KPIs can also be provided.
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Servelec provides access to the Abacus database allowing data to be extracted and interrogated via industry standard third party reporting and business intelligence tools. Supporting documents (Entity Relationship Diagrams and Data Dictionary are provided to support). All reports run via the client application and can be exported to Microsoft Excel and saved in the desired format. Where a specific format is required for a return submission, Servelec provide this in addition to tables to allow data validation prior to submission.
Data export formats
CSV
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • Word
  • Excel

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Availability will be 99.8% within hours of operation as per our standard SLA.
Approach to resilience
Available on request.
Outage reporting
Servelec utilises industry standard monitoring solutions which immediately alert our teams to a service outage. Contact with customers is made via telephone or email to agree contacts.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Abacus uses a role based authorisation scheme (RBAC) and users are granted specific roles that have fine-grained permissions to ensure that only authorised people can see or edit specific areas of the system. The Council's system administrator has full control over what functions and data in the system users can access. A standard out-of-the box set of roles is provided to enable the solution to be implemented quickly. These can be fully configured by the Council using the inbuilt tools supplied with the system. The roles cover all the different job types normally found in Social Care Finance departments.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
22/10/2019
What the ISO/IEC 27001 doesn’t cover
All areas of the business are covered
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • ISO9001: 2015
  • ISO20000-1: 2011
  • ISO22301: 2012
  • ISO27018:2014
  • PSN Connection Compliance
  • Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Servelec has an Information Security System documenting all policies and procedures to support the organisation’s security principles and compliance to the relevant standards. All employees are trained on Servelec’s policies, standards and procedures at induction as well as any ongoing awareness training. All policies and procedures are available on the staff intranet to all staff. Servelec has a documented Customer Data Protection Procedure and Customer Data and Systems Policy to provide staff with the means for handling customer data. These are supported by our Data Protection Act Policy, Information Security Policy, Information Sensitivity Procedure, Access Control Policy, Mobile Working Policy and Cryptography Policy. All managers are directly responsible for implementing these policies and procedures within their business areas, and for adherence by their staff. The Executive Directors give overall strategic direction by approving and mandating the information security principles but delegate operational responsibilities for physical and information security to the Security Committee chaired by the CEO. The Group Quality and Compliance Manager is responsible for reporting to the Executive Directors on the status of the IT Governance, and for ensuring policies and procedures are in place to support the organisation’s security principles and compliance to the relevant standards.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
All requests are logged via our support desk and issued with a unique reference number. This tracks the issue through to completion within the assigned team. Should the issue require software development effort, this is also tracked within the same system. Our ISO 9001 accredited development process defines that each work item has security considered as part of the development effort, which is logged within the work item. Servers and infrastructure are hardened in line with industry standard best practice. The environment and applications are tested for vulnerabilities, with any issues treated as faults and resolved appropriately.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
We provide quarterly internal scans and annual scans by external parties against the infrastructure which feeds into our PSN and Cyber Essentials certifications.

Our internal hosting policies define that the solution and hosted environment are tested for vulnerabilities regularly with a view to nullify threats, vulnerabilities and exploitation techniques. Penetration tests are conducted by an independent organisation to verify security.

Results of the tests are resolved by making a development change or making configuration changes to the hosted platform. In either case, the fixes are made based on priority according to the nature of the software and hosting methods.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Potential compromises are identified by an enterprise IPS/IDS system. In the event of a breach or security incident which relates to the customer or the infrastructure, the customer would be informed typically via phone call or via email. We log security incidents on an ITIL compliant system. Remediation/action takes places immediately but all the security incidents are raised in information security meetings for mitigation. Servelec has a documented security incident plan which is embedded within the information Security Management System in accordance with ISO27001 accreditation. The plan defines what constitutes a security incident and outlines the incident response phases.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Servelec has an Incident Management Process that is documented, approved and monitored. It specifies the policies and procedures for monitoring, detecting, analysing and reporting of information security events and incidents, and for the reporting of information security weaknesses. All personnel are responsible for reporting information security incidents to the Security Forum as quickly as possible. The Incident Report Form is used for recording the details of the incidents.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£245 to £2,500 a user a year
Discount for educational organisations
No
Free trial available
No

Service documents