Oxford Computer Consultants

OCC MarketPlace

OCC MarketPlace provides a resource directory covering organisations supplying adult and children's care and support services. Optional features include eBrokerage; NHS Data Syndication; Ofsted Integration; SEND compliance; Online Financial Assessments: Online Client Financial Statement; Online Needs Assessment for Clients and Carers.

Features

  • Search and Categorisation
  • Electronic Payment for Services
  • User Feedback and Ratings
  • Vacancy Listings
  • Support Planning
  • eBrokerage
  • Online Financial Assessments
  • NHS Data Syndication
  • Online Needs Assessment

Benefits

  • Electronic Payment for Services
  • User Feedback and Ratings
  • Vacancy Listings
  • Support Planning
  • Integration with back office systems
  • eBrokerage

Pricing

£32000 per licence

  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

2 3 6 2 5 4 5 8 4 5 6 3 6 1 9

Contact

Oxford Computer Consultants

Reynold Greenlaw

01865 305200

tenders@oxfordcc.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
None
System requirements
  • Microsoft Windows Server 2012 R2
  • Microsoft SQL Server 2014 SP2
  • Microsoft .Net Framework 4.5.2
  • Microsoft IIS 8.5

User support

Email or online ticketing support
Yes, at extra cost
Support response times
This depends on the priority of the issue. We publish an SLA to our clients. Support is weekdays only.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
We supply packs of service days from 5 days to 50 days and costing from £5,341 to £40,352 excluding VAT.
We provide a cloud support engineer where necessary.
Support available to third parties
No

Onboarding and offboarding

Getting started
We run in-house and on-site training events for all of our products. We have created and refined standard training sessions but also often to deliver training tailored to a specific client’s needs. As a result of this, we have highly experienced training staff that have fine-tuned the various techniques and materials we make use of in our training delivery.
Our training sessions are built around a set of core outcomes, decided upon through consultations with our clients, and delivered through a series of well-defined modules.
The trainer makes use of slides to guide the session but spends most of the time demonstrating and guiding activities within the product. Training packs for each attendee consist of printed hand-outs with clear guidance covering the course content, as well as electronic copies of the slides and other training material, ensuring that the client gets the most out of the event and can review everything at their convenience. Each OCC MarketPlace implementation is dependent upon which modules that the Council has chosen to purchase. Courses include: OCC MarketPlace Administration, Data Migration and Brokerage. In addition, we provide full documentation online and in pdf format for OCC MarketPlace and its modules.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Overnight, all data within the OCC MarketPlace database is transformed into a data mart that is suitable to report against. By default, the data mart is accessible through Microsoft SQL Server Reporting Services (SSRS). Individual reports can be defined using Microsoft Report Builder 3.0 by Council staff with the correct privilege. These report definitions can be accessed through the administration pages by Council workers with the correct permissions and access control levels.

Alternatively, we can supply a database dump of the data.
End-of-contract process
All data is owned by the client and OCC will supply data extract at no additional cost.

Using the service

Web browser interface
Yes
Supported browsers
Microsoft Edge
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
We present the same functionality to both mobile and desktop users
Service interface
No
API
Yes
What users can and can't do using the API
The system comes with integration with our Supplier and Contract management database, with the ability to include up to date cost, availability, quality, and outcomes information. We offer an open standard Web Service API to allow interfacing with other data sources, such as existing public health, targeted directories and GP referral systems. The architecture will allow aggregation of data to regional and national directories.

OCC MarketPlace is designed to work with a number of live data sources and to be published in a variety of ways.

Services can be created and maintained in external stand-alone systems databases that populate the OCC MarketPlace; such as SPOCC for housing related support, or ContrOCC for social services. Systems from any number of LAs could contribute. OCC supplies the following elements:
• LA Contracts Database(s)
• Directory and Directory Web Services Layer Modules
• OCC MarketPlace

Service data is transmitted from these systems, in a common format, to a central web service. The web service accepts the standardised service data and caches it in a central directory database, optimised for fast response to common queries. Importantly, safeguarding information is transmitted from contract systems to MarketPlace allowing services to hide in the case of issues.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The service is fully configurable to the buyer, including skinning by OCC.

Scaling

Independence of resources
The servers are monitored regularly to ensure that the server is performing within acceptable tolerances and smooth running of the sites on these servers. Monitoring is carried using a third party monitoring utility called Site24x7 (www.site24x7.com) and the infrastructure team are notified of any occasions where the thresholds below are exceeded. In the event that capacity thresholds are continually exceeded. Possible changes are discussed with the customer along with costs.

Analytics

Service usage metrics
Yes
Metrics types
We use a combination of system performance tools and logs aswell as Site24x7 to monitor performance and availability
Reporting types
Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
No
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
OCC MarketPlace supports exports through the use of Microsoft SQL Server Reporting Services. In this way power users can define reports that end users can run and export their data in the following formats: PDF, CSV, XML,Word, Excel.
Alternatively, the user or downstream systems can retrieve data in JSON or XML by way of a WebAPI.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • HMTL
  • JSON
  • XML
  • MS Word
  • MS Excel
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Our standard SLA and credit scheme is as follows:

99.5% availability 24 Hours per Day, 365(6) Days per year except pre-agreed maintenance windows.

During any calendar month, where there is failure to meet one or more of the agreed Service Levels, a Service Credit may become payable by the Service Provider.

The credits available are as below:
• 2% of the monthly charge if the Availability is less than 99.5% over a calendar month or whatever is specified in the Hosting Agreement Appendix.
• 5% of monthly charge if the Availability is less than 98% average over a calendar month.

Service Credits are agreed with the client and refunded quarterly.
Approach to resilience
All data is housed in a SAN, the SAN is an array of hard disks in Raid 10. This allows the failure of 2 drives in each array without loss of downtime or data.

In the event of other hardware failure, virtual machines will be migrated to another node with in the N+1 cluster, this allows the virtual machines to continue running on another physical machine while the faulty server is repaired.

The data centre also has:
• Power systems are designed to run uninterrupted, with every server receiving conditioned UPS (Uninterruptible Power Supply) power.
• UPS power subsystem is N+1 redundant, with instantaneous failover if the primary UPS fails.
• If an extended utility power outage occurs, on-site diesel generators can run indefinitely.
• Only fully redundant, enterprise-class routing equipment is used in data centres.
• Fibre carriers enter data centres at disparate points to guard against service failure.

All data is backed up to a secondary data centre, In the event of data centre loss the data is mirrored to another data centre, so VM can be started on a managed public cloud.
Outage reporting
OCC monitoring is carried out using a third party monitoring utility called Site24x7 (www.site24x7.com), our third party suppliers may also use their own.

As standard e-mail alerts are set up but the service is capable of providing a public dashboard, an API and email alerts as required by the customer.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Available on request.
Access restriction testing frequency
At least once a year
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
SGS
ISO/IEC 27001 accreditation date
Since 30 July 2012
What the ISO/IEC 27001 doesn’t cover
All controls are included in our statement of applicability.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
We have a board level director responsible for security and hosting is included as part of our ISO27001 scope and therefore is audited as part of this.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
In order to track all activity on the server, if someone logs onto a server in order to make ANY CHANGES on the server or site related configuration (e.g. DNS records), this is recorded in the Change Control Log. The log entries are not hugely detailed but should provide enough information to allow sufficient investigation to be carried out if there is a subsequent site incident.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Available on request.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Available on request.
Incident management type
Supplier-defined controls
Incident management approach
Available on request.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£32000 per licence
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
We include a fully featured white label MarketPlace site with Hosting and maintenance. We also include onboarding including making sure the LA’s CQC data is migrated.
Branding and custom configuration is not included.
There is a 4 month free trial period.
The above price is for a medium sized LA.

Service documents

Return to top ↑