Lateral

Case Management System

A software system to store data and manage cases or files related to a job, service, product, or person(s). Includes ability to have custom fields and manual or automated work flows with text, email, and letter templates. It also includes a financial system for managing fees, commissions...

Features

  • Multiple Case Types
  • Intelligent Workflows
  • Bulk Processing
  • Powerful Reporting
  • Document Management
  • User Permissions
  • Email, Letter, Texting integrated
  • Automated workflows
  • Ability to create forms and new data types
  • Custom Fields and Tags

Benefits

  • Manage Cases more efficiently by streamlining your business process
  • Less clicks and scrolling - optimised user experience
  • Less time to train staff - easy to learn
  • Companion app available along with field service management
  • integrates with 3rd-party systems easily

Pricing

£45 to £155 per user per month

  • Free trial available

Service documents

G-Cloud 10

291249102328062

Lateral

Jan Heuff

01242515320

jan@getlateral.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints No
System requirements Must have access to a modern browser (post 2009)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Within 2 hours during the week M-F 8am - 6pm is our standard service level agreement
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), 7 days a week
Web chat support No
Onsite support Onsite support
Support levels We provide 24/7 ticket and email support and offer the following terms in our SLA (service level agreement).

Critical - Target response time: 4 hours, Target resolution time: 8 hours

Serious: Target response time: 8 hours, Target Resolution time: 24 hours

Moderate: Target response time, 12 hours, Target Resolution Time, 48 hours

Minor: Target response time, 24 hours, Target Resolution time, 72 hours
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide a two day onsite training included in our implementation fee, as well as user documentation manual, and a help desk that has pre-populated questions such as 'How do I...?".
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction Our customers can have a copy of all their data through reports or database backups as they prefer.
End-of-contract process We allow users to access any reports or get data backups of any relevant data at no additional cost. We like to make it easy to come on board and easy to exit if our customers wish to do so.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service We offer both a responsive mobile experiences (accessing the website) and mobile companion apps for different workflows depending on the services the client is interested in.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing We have tested our technology with Jaws reader and blind users mostly as one of our clients had this requirement. We had to make some changes to make sure our solution conformed.
API Yes
What users can and can't do using the API Our Restful API allows users to create their own functionality and interfaces as well as update any data in the system. There are no limitations to the data that clients can modify or access using our API as we now use the API for internal admin area tools as well as external use.
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation At the core of our service is a workflow engine so the entire workflow can be customised. In addition custom fields, custom interface (users can drag and drop widgets for various pages including the dashboard). In addition, users given the permissions to do so, can change the theme (colors and logo), the menus, the user roles, any questions on a form, exit codes for a task or stage in the workflow. There is a report generator so reports can be customized.

Because our service has been used across industries we boast one of the most configurable and flexible software systems on the market.

Scaling

Scaling
Independence of resources We have a horizontally scaling architecture - each of our clients has their own database and sometimes their own private cloud servers as well. All background processes such as letter batching get executed on a separate node to ensure that users don't experience any slow down during they system executing a high demand of processes. We also use a data warehouse for complex reports so that complicated reports don't slow down the system.

Analytics

Analytics
Service usage metrics Yes
Metrics types By request, we log any usage of our service and can provide reports on this.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with CSA CCM v3.0
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach All reports (over 100 come built in) come with the ability to export to CSV file for easy importing into other systems or Microsoft Excel. How to export data is included in our training. We also provide automated solutions for exporting data for our customers that wish to have a daily on-site back up of the database for example.
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability We have a 99.99% guaranteed up-time of the service. As our service normally has a monthly service fee, our customers are refunded if we don't meet guaranteed levels of availability for that month. We also have the following included in our standard SLA:

Critical - Target response time: 2 hours, Target resolution time: 4 hours

Serious: Target response time: 8 hours, Target Resolution time: 24 hours

Moderate: Target response time, 12 hours, Target Resolution Time, 48 hours

Minor: Target response time, 24 hours, Target Resolution time, 72 hours
Approach to resilience We use third party datacentres such as Pulsant in the UK - (used by the ministry of Justice). We can also use Rackspace Uk, or another datacentre that passes our screening tests.
Outage reporting We use an external - uptime robot to check our systems which will email us of an outage.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels We restrict user access through a proven RBAC system (role based access control). Only allowed roles (and the users in those roles) have access to management interfaces and support channels.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Certified Quality Systems Ltd
ISO/IEC 27001 accreditation date 27/1/2017
What the ISO/IEC 27001 doesn’t cover We have other policies in place to cover the new GDPR regulations.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We follow quarterly internal audits to comply with both ISO 27001 and GDPR. We review security risks at least annually, and whenever something changes, for example a supplier of cloud service changes. We minimize the people in the company that have access to the live servers and live data, and have not had a security issue since inception (over 8 years ago)

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We execute code reviews before pushing any code to the live system, ensuring we are not adding any security vulnerabilities to the system. In addition, all changes are tracked through 'git' ensuring the ability to roll-back to previous versions and see all history of any file throughout the system. We also use continuous integration / continuous delivery. That means that the entire application is monitored constantly (every day) performing roughly 15,000 automated tests that are there to ensure all requirements are fulfilled through an evolving / improving codebase.
We periodically perform analysis to address more sophisticated code base review processes.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We keep ourselves up to date through fast communication channels (including relevant social media and website announcements) regarding imminent threats or potential patches.

If there is evidence that a vulnerability is being exploited and could have an effect on our system, we deploy a patch immediately. If there is no evidence that a vulnerability is being actively exploited, we deploy a patch with the following time scales: ‘Critical’ patches should be deployed within hours ‘Important’ patches should be deployed within 2 weeks of a patch becoming available ‘Other’ patches deployed within 8 weeks of a patch becoming available.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We identify potential breaches through monitoring applications such as newrelic or monit (which monitor the resources consumption on our nodes) and other monitoring tools. Should the reports be out of the ordinary we proceed in a rapid assessment of affected system logs. This can trigger an immediate halt to all activities on a detected/affected node after contacting all parties involved. This is done to avoid an escalation of a threat until further information is available. We respond within 1 to 2 hours from finding an incident.
Incident management type Supplier-defined controls
Incident management approach We have pre-defined procedures covered through our ISO 27001 manual that state the most common accident types and procedure for how to handle events including escalation and staff involvement.

Users are free to report incidents mainly through emails or phone calls. When the incident is resolved we perform a post-mortem report within 72 hours for internal purposes and share the report with any affected clients. This report would include the reasons, the handling of the incident and what will be put in place to prevent it from happening again.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £45 to £155 per user per month
Discount for educational organisations No
Free trial available Yes
Description of free trial For certain customers that meet our criteria, we often build a proof of concept that we provide use of for 2 weeks. This does not include integrations, but would include configuration work to make the system relevant for the potential customer to see how it would fit with their business.

Documents

Documents
Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑