BetterTrack

BetterTrack SaaS

BetterTrack enables organisations to improve performance by establishing live KPIs that help leaders and teams to spot performance gaps and put in place the remedial actions to get back on track.

Features

• Management & cascade of objectives and KPIs
• Alignment & status of deliverables and actions to KPIs
• Management of data sources and feeds
• Automated indicators and exception reporting
• Collaboration
• Modern user interface with multi-device support
• Microsoft technology base

Benefits

• More meaningful and relevant KPIs to achieve performance objectives
• More focused effort and involvement of project teams
• Improved quality, range and speed of KPI production
• Earlier warning and better visibility of gaps for corrective action
• Improved engagement & participation to achieve performance objectives
• Greater levels of adoption & more rewarding use
• More robust and scalable solution

£33 to £195 a user a quarter

• Free trial available

Service documents

• Pricing document (pdf)
• Skills Framework for the Information Age rate card (pdf)
• Service definition document (pdf)
• Terms and conditions (pdf)

Framework

G-Cloud 12

Service ID

513398276259431

Contact

Andrew Hudson
07776145009
ahudson@bettertrack.org

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: SQL Server, PowerBI
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: Software updates & maintenance is between 0200-0300 on Sundays
• System requirements:
  • Google Chrome, MS Edge, Internet Explorer
  • MS Office

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Mon-Fri 0800-1700 <2hours; Sat-Sun 0900-1700 <4hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Users see a chat option on the bottom right of the screen. Clicking on this link opens a discussion panel. If user has text to speech software assistant technology installed, then this should be configurable to read out discussions from the web chat and provide for user speech recognition.
• Web chat accessibility testing: We have experience of using Dragon and JAWS accessibility software tools
• Onsite support: Yes, at extra cost
• Support levels: 1. Software support (functionality and bugs) is included in the SaaS contract and provided to designated contacts as a 2nd line of support; 2. Proactive support includes training, configuration and data setup on a pre-paid basis charged quarterly or annually at a rate of £650 per day+VAT.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide initial setup and configuration support to system administrator and data managers. This includes support for setup of standing and dynamic dataset feeds plus the setup of the initial analysis and indicators for KPI tracking. ; ; For end users we provide online training in the method and tool. Most users would not need formal training due to the simple and intuitive user interface. For organisations looking to establish better measurement and continuous improvement practices, we can help to facilitate workshops that help teams to find more of the right measures. Via a "train the trainer" approach, we can help to establish performance measurement competencies and disciplines within the organisation.; ; We also provide support to develop a strategy & plan for deployment. This includes establishment of Objectives, KPIs and dataset management.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: Admin users may perform a download of all of standing, dynamic, analysis, collaboration and indicator datasets in JSON format. This is suitable for load and import into third party SQL/NoSQL database tools.; ; Datasets are saved in an encrypted and password protected ZIP file format and is only available for a single download once permissions have been granted by the registered data administrator.; ; Users may also print/export pages to PDF format
• End-of-contract process: Included: JSON extract of datasets to the assigned data controller. In the case of dedicated server instances, we also provide a certificate confirming eradication of the Azure environment.; ; Additional Cost: Support for migration to alternative system or server

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile devices have restricted access to certain types of lists dependent on the device type (e.g. smart phone versus tablet). For smart phone devices only the first 3 list columns are shown with a click link to expand and view further details
• Service interface: No
• API: No
• Customisation available: Yes
• Description of customisation: Users customise dataset feeds, field names, filters as well as analysis and indicator datasets. This is done by nominated data managers who have the credentials to setup feeds / IP addresses etc with connected systems

Scaling

• Independence of resources: Indicators and datasets are maintained so that access to data is localised to reporting needs. This minimises the impact of complex queries which are pre-processed. Azure service performance is also monitored and if demand peaks, additional capacity may be provisioned. Customer instances are also separated rather than using a multi-tenanted setup.

Analytics

• Service usage metrics: Yes
• Metrics types: Users can see #Views, #Comments and #Likes of their Objectives and KPIs, ; Admin users can monitor, #user logins, #views, #comments and #likes by Objective and KPI
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Microsoft Azure, SQL Server

Staff security

• Staff security clearance: Conforms to BS7858:2012
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: From any list, users can export their data to XLSX or CSV format; From any screen - e.g. with charts, details and list, users can save a copy in PDF format; From the data manager screens, admin users can export data in JSON format
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • JSON
  • XLSX
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XLSX
  • SQL
  • JSON

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Priority 1 - 1 hour response, 4 hours resolution; Priority 2 - 1 hour response, 1 day resolution; Priority 3 - 4 hours response, 5 days but can vary; Priority 4 - 1 days , next major release
• Approach to resilience: Datacentre is managed by Azure and includes daily full backup, 3hour incremental backs and an Azure managed recovery and restore service on instance and data
• Outage reporting: We provide email alerts to service admin users with ongoing recovery status updates in the event of outages.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Management requests are performed over secure and authenticated channels. All management requests via phone are screened to confirm requestor credentials. All management requests are notified to the nominated site administrators by email.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 09/11/2018
• What the ISO/IEC 27001 doesn’t cover: Client side encryption standards - this covers Azure server side only
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Full details are available in our Information Security and Privileged Account Management policies. The information security policy includes ; 1.0 Information Security Mission Statement; 2.0 Information Security Policy Overview; 3.0 Security Policy; 4.0 Security Organisation; 5.0 Asset Classification and Control; 6.0 Personnel Security; 7.0 Physical and Environmental Security; 8.0 Communications and Operations Management; 9.0 Access Control; 10.0 Systems Development and Maintenance; 11.0 Compliance
• Information security policies and processes: 1.0 Information Security Mission Statement; 2.0 Information Security Policy Overview; 3.0 Security Policy; 4.0 Security Organisation; 5.0 Asset Classification and Control; 6.0 Personnel Security; 7.0 Physical and Environmental Security; 8.0 Communications and Operations Management; 9.0 Access Control; 10.0 Systems Development and Maintenance; ; Included in the IS policy are details of compliance processes that include

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We track services via a product log of MS architecture components in a change log. All code is versions and releases are tightly controlled with use Gitlab for code management and automated release deployment to instances maintained is a master register.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We use Accunetix to conduct penetration tests on our test instance which replicates all other sites. Code threats are monitored a news feed of alerts and we assess these for levels of risk to our architecture and setup. Vulnerabilities are also reviewed and actioned via a risk based vulnerability log.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Protective monitoring is included in our IS and PAM policies. These include clearly defined roles and objectives for protective monitoring. Monthly PAM reporting is based on the server event log with analysis of admin user access, failed attempts, new accounts and permission changes. We also monitor IP addresses for potential DoS and intrusion attacks.
• Incident management type: Supplier-defined controls
• Incident management approach: Tbc

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £33 to £195 a user a quarter
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We provide access to a trial environment that can be used as a sandbox to create indicators from Excel data sources and share these with colleagues. We do not include access to the data manager for management of data feeds.

Service documents

• Pricing document (pdf)
• Skills Framework for the Information Age rate card (pdf)
• Service definition document (pdf)
• Terms and conditions (pdf)