RM Education Ltd

RM Finance

RM Finance is an intuitive and straightforward online financial management system for administering school finances and budgeting.
Please refer to onboarding and offboarding section for exit plan details.

Features

  • Accounts payable transactions
  • Cash management
  • Financial summaries
  • Purchase orders
  • BACS
  • CFR return
  • Role-based access
  • 24/7 access
  • Automatic backups
  • Comprehensive reporting system

Benefits

  • It’s easy to use and saves valuable time
  • It meets strict accounting and audit requirements
  • It has straightforward transaction processing
  • Powerful and flexible reporting
  • Accessible from anywhere with an internet connection
  • Secure data storage with automatic backup is also available
  • No formal financial background is required
  • Remote support is available

Pricing

£740 to £1250 per licence per year

  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

2 7 8 0 3 5 9 7 8 7 5 8 8 8 8

Contact

RM Education Ltd

RM Education Ltd

08450 700300

tendersteam@rm.com

Service scope

Software add-on or extension
Yes
What software services is the service an extension to
RM Unify. A free (Basic) licence is offered with RM Finance.
Additional Accounts such as Fund Account can be added.
Cloud deployment model
Public cloud
Service constraints
Requires an internet connection.
System requirements
  • Latest Internet Browser
  • Supports Firefox, Chrome, Internet Explorer and Edge
  • Internet

User support

Email or online ticketing support
Email or online ticketing
Support response times
During working hours within a day. No response outside of this.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
We have 1st, 2nd, 3rd and 4th line support. Support costs are included in the price of the software. No technical account managers or cloud support engineers are provided.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
RM Finance is simple to use. As part of the initial sale we provide onsite training. We can also offer online training.
A comprehensive help system is provided with the product.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
The data can be exported to csv or printed on reports.
End-of-contract process
We send the customer a reminder at least 1 month before the end of the service to let them know it will end and how to renew.
There are no additional costs to decommission the service.
At the end of the contract, access to the service is lost and the data is deleted 60 days later. The end of contract process is managed to let the customer know what is happening at each stage of the process.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The service will work on internet connected Tablets that support modern browsers. It does not have a user interface suitable for mobile phones
Service interface
No
API
No
Customisation available
Yes
Description of customisation
The system can be customised to suit the user. This includes, cheque printing layouts, transactional options, levels of access to different areas and the Chart of Accounts.

Scaling

Independence of resources
The product is hosted in Microsoft Azure and is able to auto-scale according to service utilisation. The monitors are able to react within 30 minutes.
We monitor and report on user APDEX scores to ensure that the service is fast and responsive for customers.

Analytics

Service usage metrics
No

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users can print, export to CSV/Excel or PDF.
Data export formats
  • CSV
  • Other
Other data export formats
  • Excel
  • CSV
Data import formats
  • CSV
  • Other
Other data import formats
None available

Data-in-transit protection

Data protection between buyer and supplier networks
Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
No fixed SLA though we do aim for >99.5 % uptime
Approach to resilience
Available on request
Outage reporting
Internal monitoring, email alerts and a public Status dashboard.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
RM Finance uses a custom Roles based permissions system for management and support teams.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Security across RM is governed by the Group Security & Business Continuity Committee. All staff are required to abide by Group security policies which are available on an internal security portal. There is a Group security compliance function that oversees security management across the RM Group.
Information security policies and processes
RM has the following security policies:
RM Group Security Policy.
Acceptable Usage Policy and Security Guidelines ("AUP").
Backup Policy.
Data Classification and Handling.
Data Protection.
Policy & Guidelines.
Cryptographic Policy.
Incident Reporting Management & Forensic Readiness.
Legislative Compliance (Security) Policy.
Physical Access.
Protective Monitoring.

All staff are required to read and acknowledge the AUP on an annual basis, as well as having security clauses in their contracts.

Core functions, e.g. IT and HR, are subject to regular internal and external audit.

There is a network of Local Security Officers and the Group Security and Business Continuity Committee monitors compliance with polices.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All deliverables are logged and tracked in Change Control tickets with implementation steps, an approval workflow, priority and rollback information where required. Issues affecting the security of the platform are peer reviewed by the Operations team and CAB.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
All public-facing IP addresses are subject to 3rd party vulnerability scanning on a quarterly basis. The results of these scans are reviewed by the development team and patches installed, the timescale of which will be governed by recorded priority.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Operational service monitoring is undertaken through quarterly vulnerability scanning from an independent CREST approved vendor. Each issue is then tracked and given an appropriate priority by the Operations Manager. High priority issues will be reported within hours and dealt with as soon as possible, ie hours or days. Medium or Low priority issues will be prioritised within weeks.
Incident management type
Supplier-defined controls
Incident management approach
All security incidents are reported on an internal logging system. The log records nature and impact of incident, as well as potential preventative measures. All reported incidents are reviewed by senior management and evaluated at either divisional or Group security forums. Major security incidents would be managed according to a defined major incident management process.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£740 to £1250 per licence per year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
We can provide full access to the system to try it out for up to 3 months.

Service documents

Return to top ↑