Capita Student Information System (SIS) in the Cloud.
Capita’s SIS captures and maintains data that educators need to support their students’ success along their academic journey. It does this by enabling more informed and effective collaboration between students and employees, as well as facilitating more beneficial and timely stakeholder engagement between parents, other institutions, agencies and employers.
- Provides an Integrated Single or Multi-Company database platform.
- Tracks the ‘Learner Journey’ from enquiry to completion.
- Promotes ‘Self-Service’ for prospective new and existing learners.
- Allows branding, customisation and local workflow-based business process mapping.
- Facilitates a Mobile 1st platform for staff, learners and stakeholders.
- Eliminates data errors by validating student data at source.
- Reduces Statutory ILR/HESA maintenance overheads with efficient bulk error correction.
- Promotes staff ‘Self-Service’ and improves learner engagement and outcomes.
- Powerful reporting tools to interrogate/manipulate information from multiple data sources.
- Provides ‘One version of the Truth’ from one system.
- Reduces the cost of maintaining more than one database instance.
- Reutilises data many times during the learner journey avoiding duplication.
- Improves/increases revenue generation adopting a learner self-service e-business model.
- Provides an off-the-shelf adapted tailored solution for local customisation.
- Provides a smart mobile platform reducing cost of learner engagement.
- Improves accuracy and validity of ILR/HESA data and thereby funding.
- Reduces ILR/HESA maintenance costs and improves returns timeliness & accuracy.
- Improves retention and achievement by achieving better/smarter learner engagement.
- Improved decision-making by consolidating/comparing data from multiple data sources.
- Reduces time/effort spent on cross-comparison of multiple systems.
£40 per user per month
- Education pricing available
- Free trial available
- Pricing document
- Skills Framework for the Information Age rate card
- Service definition document
- Terms and conditions
- Modern Slavery statement
Capita Business Services Limited
Capita Business Services Ltd
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||We can offer the same solutions and services as an on premise solution. All the same product benefits and features are available in the on-premise solution and we can also offer a managed service for this type of deployment.|
|Cloud deployment model||Public cloud|
|Service constraints||The service provided is based on a Windows stack as a SaaS solution and is delivered to the Customer via RDS for back office power user applications and Browser for front office applications. This requires the power user client to be able to run a RDP client which comes as standard on Windows O/S and is available as an option for non-Windows clients. The service costs include the RDS licences required to fully implement the solution.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Target response times are based on the severity of the issue as follows:
Priority 1 and 2 within 4 working hours.
Priority 3 within 8 working hours.
Priority 1 – This indicates that the system is down or inoperable and no workaround can be found.
Priority 2 – Urgent but does not affect the whole system, or a business-critical function.
Priority 3 – Standard, problem needs a fast turnaround, but does not threaten any business-critical functions.
The above response times are for Monday to Friday working hours and do not apply to weekends.
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Consultant Project Manager:
•Definition of detailed remits for Supplier services, monitoring delivery and actions.
•Providing detailed objectives information, preparation, expected outcomes, attendees, and outlines for consultancy sessions.
•Providing project management resource to co-ordinate the work of the functional groups.
•Providing expert advice and support for the implementation of software and related changes to working practices.
Lead Consultant: Responsible for the delivery of consultancy workshops and training during implementation. They understand the requirements and are able to provide support, advice and guidance.
Key responsibilities include:
•Conduct workshops to provide an overview of the application, review processes and establish the deliverables for the following consultancy and training sessions for each functional area.
•Develop process-driven training following any decisions reached during the workshop sessions to establish procedures.
•Deliver consultancy and training sessions ensuring all specified objectives are met.
Business Analyst/Developers: Their role is to gather information and confirm for the development of portals, reporting, workflows and data migration.
Installation Engineer: The installation engineer is responsible for installation and support of products on preconfigured servers.
Daily rate of up to £1095 per day with discounts for bulk purchases of days.
Capita provides a FOC Technical Account Manager to deal with support and application issues.
|Support available to third parties||Yes|
Onboarding and offboarding
An initial project management meeting is held to establish the boundaries and to plan whether delivery has a big-bang or phased approach. Once the plan is established taking account of the Customer’s milestones, training and consultancy workshops are scheduled and delivered on-site. Training is module-based and can be clearly divided into technical and business areas. As it is process-based, it increases the effectiveness of the training and is relevant to staff roles. Training in modules for functional areas is provided following consultancy workshop and process review sessions so that the training follows any decisions reached that impact the implementation of a module. Proficiency is measured by constant reviews with the Lead Consultant and Project Manager to ensure that all objectives are being met and are understood by the relevant staff.
All training will be provided using the train-the-trainer approach. This will ensure that employees can continually update their skills via training programmes in the workplace. It also ensures that the trainer continually improves upon the design, delivery and management of training programmes.
A training database is installed and all training documentation is provided in hard copy and electronic format. Handbooks are also supplied with each module.
|End-of-contract data extraction||
All critical data for the operation of our Hosted and SaaS solutions resides within the RDBMS within the solution. The data within the solution remains the property of the Customer.
Capita’s SIS provides a set of data extraction tools (Report Generator) that enable users to extract data they wish to retain at the end of the Contract. This can be done at any time prior to the Contract end date.
Capita will work closely with the Institution in the Project Initiation phase to capture all requirements and dependencies and feed these into an agreed service transfer plan. It is also important that during this phase we identify and mitigate the issues and risks associated with this exit. At Capita, we are keen to work in partnership with all customers to ensure delivery of a successful solution. Once the data extract scope has been agreed, Capita is happy to liaise directly with the successor provider. If the leaving customer requires assistance in defining the scope, Capita will provide this support and would reserve the right to charge for this if the data is to be transferred in a format other that CSV.
At the end of Contract the system will no longer be accessible for operational use. We can however provide read-only access to the database server along with a report generator licence to allow for data access or extraction beyond the Contract period subject to an additional annual reoccurring cost.
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||Windows|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
Capita's SIS provides two front-facing solutions for mobile devices.
Online Services – This provides a web-based set of services for enquiries, applications and enrolments including payment options for new prospective and returning students. These services support the use of tablets and through responsive templates can be configured for smartphone use.
Advantage – Provides a suite of web-based information service apps for students, staff, parents and senior managers. These are designed for appropriate mobile applications with the student app supporting smartphone and the others, tablet devices.
|What users can and can't do using the API||
Capita's SIS Web API takes the form of a REST API that can be called from within any third party product, based on an environment that supports the use of the HTTP protocol.
The API provides export and import data using a report writer tool, CRUD (Create, Read, Update and Delete) methods on all data classes and specific functionality for business processes such as creating an enrolment.
|API documentation formats|
|API sandbox or test environment||Yes|
|Description of customisation||
Capita’s SIS is highly customisable; it is possible to modify all data entry screens and web screens or create entirely new screens. We provide the ability to modify all standard reports and to design and deploy those defined by the Customer.
We provide a set of tools called Information Interface and Internet Builder that can be used to modify and design data entry screens and a Report Generator engine for the modification and design of reports that can be deployed to SQL Reporting Services or Office Applications. We also provide APIs to enable further extensibility.
Customers can be trained to use all the customisation tools, we also provide consultancy services to assist in bespoking and extending the solution, through a partnership programme third parties can also be endorsed to integrate with our solution using the supplied APIs.
|Independence of resources||
Each Customer is individually hosted with their own designated services and therefore isolated from the demands of other users.
Service availability is assured by contractual commitment on a Customer by Customer basis. Capita will use all reasonable efforts to make the system available with an annual uptime percentage of 99.5% during the Service year of 365 days. Availability is checked using a third party monitoring service, these carry out checks against monitoring targets reporting both availability and response times from numerous locations around the world. This guarantees that availability is not adversely affected by the demand of other users.
|Service usage metrics||Yes|
Customers are provided with a Service Statement either monthly or weekly depending on the Contract. The statement lists:
- Open Cases Backlog as at report date.
- Cases Raised in the Last Month.
- Cases Closed in the Last Month.
- Disk usage, Utilisation and Performance report.
- Index and tables checks.
- Backup checks.
- Server Availability (uptime) in the Last Month.
- Server Availability (uptime) in the Last Twelve Months.
- Average Server Availability in the Last Twelve Months.
- Summary of Licences and Products (Active and Expired).
- Useful Links to find additional information.
- Forthcoming events.
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider|
|Protecting data at rest||Other|
|Other data at rest protection approach||Microsoft uses industry standard access mechanisms to protect Windows Azure’s physical infrastructure and data centre facilities. Access is limited to a very small number of operations’ personnel, who must regularly change their administrative access credentials. Data centre access, and the authority to approve data centre access, is controlled by Microsoft operations personnel in alignment with local data centre security practices.|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||
Customers are provided with a range of tools for the import and export of data. During the onboarding process we will work closely with you to import data from your legacy system through a set of CSV imports and at the off-boarding stage to extract data as defined as part of the Implementation Project.
During operation we provide tools for one-shot, scheduled or real-time data import/export using our Report Generator, Scheduler, XML Exporter and RESTful APIs.
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||
|Data protection within supplier network||Other|
|Other protection within supplier network||Connections between the data centres, and access to the servers themselves, if needed, are provided over an AES128/192/256 encrypted VPN. Data centres are located either in the UK, Dublin or other centres specifically requested by the Customer. Capita can therefore guarantee that all data for our customers will be located within the EEA and will not be transmitted outside of the EEA.|
Availability and resilience
The solution is available 24 hours a day, 7 days a week, 365 days a year outside of regular and planned maintenance windows for routine upgrades which will be scheduled in consultation with the Customer.
Capita will use all reasonable efforts to make the solution available with an annual uptime percentage of at least 99.5% during the Service year.
Availability is checked by both Capita and an independent third party monitoring service. These systems carry out identical checks against dedicated monitoring targets to report both availability and response times from numerous locations around the world. The SLA agrees to a 99.5% uptime and Capita would be pleased to discuss the requirements for service credits should an organisation wish for these.
|Approach to resilience||
The solution has been designed to be as resilient as possible to avoid the need to invoke a disaster recovery process. There would need to be a very significant incident to trigger the disaster recovery process. Capita tests our disaster recovery procedures at least once a year.
During the implementation stage Customers may request a DR test for their environment, which can be incorporated as part of the Go Live sign-off.
Microsoft uses industry standard access mechanisms to protect Windows Azure’s physical infrastructure and data centre facilities. Access is limited to a very small number of operations’ personnel, who must regularly change their administrative access credentials. Data centre access, and the authority to approve data centre access, is controlled by Microsoft operations personnel in alignment with local data centre security practices.
Where an incident results in a major outage, all Customers affected by the outage will be notified by email as the problem becomes known. In cases where the delivery of emails between the Service Desk and the Customer may take longer than 60 minutes, every effort will be made to contact the Customer by telephone.
The Service Desk will take responsibility for restoring full service as soon as possible and will provide updates on the resolution of the problem and estimated time of restoration of full service, both by email and via the website, during Scheduled Service Hours. In the event that the outage is predicted to last more than one working day, this will be escalated to the Support and Education Manager.
In the event of a critical system failure, the Service Desk will liaise with all necessary parties to resolve the problem and keep all Customers informed of the situation.
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||Capita’s SIS provides a user access control system, database manager – users, allows access restrictions to both applications but also column and row level locking, which will limit the users/group access to records (only students within a specific department for example) or field level (no access to NI Number for example). These rules are applied throughout the system and so can apply to management interfaces.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||British Assessment Bureau|
|ISO/IEC 27001 accreditation date||31/03/2015|
|What the ISO/IEC 27001 doesn’t cover||The Information Security Management System is applicable to: Provision of data centre and connectivity services, and those aspects of associated ‘cloud’ managed services under the company’s control Statement of Applicability, version 5. Anything outside of the certification is not included or covered|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||The solution is designed to comply with all the legislative requirements such as the ones mentioned above. Wherever possible, the solution will meet and exceed the UK legislative requirements. Capita conforms to the data protection requirements for our hosted solution and is registered with the Information Commissioner’s Office. Our hosting supplier Microsoft Azure is certified to ISO 27001:2013. The certification scope is as follows: The management of information security in relation to the supply of data centre hosting, co-location, support and managed services. This is in accordance with the current version of the Statement of Applicability.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
All reports of incident and changes to the Service Desk are assigned a priority dependent upon an assessment by the Service Desk of the severity of the problem and the impact it has on the user base and the Customer.
The Service Desk will contact the originator of the call within one hour of receipt of the incident through the Service Desk. All changes made to the system, whether hardware or software related, will be made using the standard Capita’s Assist Managed Services change control process; this has been written in accordance with ITIL.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
We assess threats in accordance with the Capita Security Standard by undertaking continual risk assessments of the Azure platform.
Patches are deployed via an automated process within the standards’ agreed guidelines: 30 days within tolerance, 7 days at tolerance and 24 hours at the critical limit.
A monitoring solution (Operations Management Suite) uses a Microsoft knowledge base and scans the servers and identifies any patches that need to be applied and the tolerance level.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Our service makes use of the Security Information and Event Management (SIEM) this provides a real-time analysis of security and potential threats and compromises.
When potential risk is identified, the following process is undertaken using Capita Cyber Security Guidelines:
Identify what happened and determine the implications.
Limit the effects of the incident and then eliminate its cause.
Recover from the incident and resume normal business operation.
Review the incident to help prevent recurrence.
Vulnerability notifications are transmitted in real-time to the Hosting Operations Team, assessed and responded to in line with the incident management SLA.
|Incident management type||Supplier-defined controls|
|Incident management approach||
Capita has defined processes in place to ensure that effective communication between ourselves and our Customers takes place at all times, and recognises that this is especially important should there be an incident affecting our Customers.
The Customer will log incidents with the Capita Service Desk via the Support Portal, by email or via the direct support telephone number.
Monthly summary of all cases is provided to the Customer. In the event of a major incident a specific report is issued.
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£40 per user per month|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||As part of a procurement process it is possible to provide access to a sandbox should it be required.|