Thrive CSR Limited

Social Value Data Collection & Reporting

Software for collecting and tracking Social Value metrics/data; making Social Value calculations; and reporting the Social Value of Community Investment activities. Our software enables in-depth, real-time insight into the Social Value and Social Impact delivered at an Individual, Project, or Organisation Level. Service can be provided with 'wrap-around' consultancy support.

Features

  • Portal for collecting, calculating and reporting Social Value
  • Automatic prompts to data submitters when info is due
  • Build your own set of proxy values and metrics
  • Report at multiple levels: individual, client, project, business-unit, region, organisation
  • Can require data to be verified by a third party
  • Collect data from both internal stakeholders AND supply chain
  • In-depth visual reporting, project tracking and data export functionality
  • Data submitters can upload evidence to support data
  • Automatic Social Value calculations by metrics/frameworks
  • Can be provided with a 'wrap-around' consultancy support service

Benefits

  • Automatically prompt data submitters to provide info
  • Maximised data collection using multiple reminders to data submitters
  • Easy data collection across entire supply chain
  • Evidence can be uploaded to ensure a clear audit trail
  • Optional audit functionality so data can be verified before reporting
  • Fully flexible - configuration to specific frameworks or bespoke metrics
  • Integration with Thrive CSR's other modules; grants & volunteer management
  • Visual project & metric tracking; easily see progress against targets
  • Automatic calculation of Social Value
  • Optional consultancy support to help tailor system and verify data

Pricing

£4,000 to £75,000 a unit a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at neilm@thrive-csr.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

3 7 1 9 6 0 9 5 3 3 2 4 9 8 3

Contact

Thrive CSR Limited Neil Macdonald
Telephone: 07789644049
Email: neilm@thrive-csr.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
No
System requirements
Modern browser with Internet Access

User support

Email or online ticketing support
Email or online ticketing
Support response times
Contractually within 1 business day. On average in the last rolling year the average response time has been less than 2 hours.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
No direct testing but we use off the shelf products for web chat that already have appropriate accessibility certifications.
Onsite support
Yes, at extra cost
Support levels
We provide standard support levels of all our customers, with the ability to vary these for special projects. Our standard support is via our own UK based helpdesk who can assist with both technical and product based questions/problems. This helpdesk is available to all administrators of our system. We also provide access to an account manager.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We work with the client to scope out exactly how our platform will be configured to their needs, have it set up and then provide onsite training and documentation as appropriate to ensure a smooth roll out.
Service documentation
Yes
Documentation formats
  • ODF
  • PDF
End-of-contract data extraction
We help the client extract their data in a suitable CSV format.
End-of-contract process
We help the client extract their data and then securely delete their data. These two actions are included in our costs.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
All parts of the system are accessible on both mobile and desktop.
Service interface
Yes
Description of service interface
A full web interface
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
We have clients who have staff using a variety of assistive technologies.
API
Yes
What users can and can't do using the API
They can extract real time reporting information
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Most areas of the platform can be customised to ensure it suits client needs. Available configurations will carry no additional charges but any substantial bespoke customisation work will carry additional charges which will be outlined to the client in a proposal document. Many ongoing core platform upgrades and expansions made by Thrive are made available free of charge to existing clients. Any additional substantial bespoke customisations requested during the contract term will be chargeable.

Scaling

Independence of resources
We have a scalable cloud based architecture and we upgrade capacity far in advance of maximum user utilization being reached.

Analytics

Service usage metrics
Yes
Metrics types
Number of users of the system and the common actions they take. Our system allows full tracking of the public/staff facing and admin parts of the platform to deeply understand and audit how the product is being used.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
From within the administration interface
Data export formats
  • CSV
  • Other
Other data export formats
XLS
Data import formats
  • CSV
  • Other
Other data import formats
XLS

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We have a 99.9% uptime SLA. Users are refunded 50% of their fee in the last month if we fall below 99%, and 100% if we fall below 96%.
Approach to resilience
For security reasons this information is available on request - however as a guide, the resilient design of our architecture means we have never yet dropped below 99.9% uptime availability.
Outage reporting
Email alerts

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Access to management interfaces and support channels are restricted by both technical and procedural enforced security, including infrastructure restrictions and privileged access management software.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
We make ultimate security governance and compliance a board level responsibility yet at the same time we identify individual staff, at all levels, who are responsible for making security decisions and empower them to do so. We look to clearly link our security activities to Thrive CSR's goals and priorities. We have a corporate culture that ensures accountability for related decisions. We work to ensure that feedback is provided to decision-makers on the impact of their choices. We continously monitor our approach to make sure its fits our wider organisational approach to governance.
Information security policies and processes
Thrive follows current industry best practices with numerous technical and procedural security policies. As an option, we can provide a Service Manager, as a single point of contact for ensuring service quality, for service level reporting, for keeping the client up-to-date on new releases/upgrades etc.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Thrive tracks all key assets through their life cycle via a central register and when any key asset is changed, removed, or introduced Thrive has an established risk analysis process, which includes a security analysis of any key changes. Significant changes to Thrive's risk profile require director level sign off.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Thrive performs automated and manual quality assurance and security testing on every major release. Vulnerabilities and potential threat intelligence is sourced from external news sources and relationships with key industry advisors. Issues and vulnerabilities are tracked in Thrive task management system and addressed per priority.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We have a detailed intrusion detection and monitoring system with 24/7 alerting in place. We have an established incident response plan that involves employees at all levels of the organisation, including director level. At the heart of this is open and clear communication with our clients about verified incidents and resolutions.
Incident management type
Supplier-defined controls
Incident management approach
The process starts by educating staff how to report a breach or deal with a report from the outside. Once our incident response process is triggered by a breach report a designated team of senior management is convened who directly oversee the investigation and remediation of the breach. This includes alerting users (via phone or email as contractually defined) and government entities as appropriate. After this we have a structured postmortum and process improvement process.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£4,000 to £75,000 a unit a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at neilm@thrive-csr.com. Tell them what format you need. It will help if you say what assistive technology you use.