This is a package of predefined, self-service, licensing forms covering a wide variety of services commonly required. The intuitive and flexible forms solution enables the digital capture and processing of data. Using the One Digital Contact Manager, the solution provides a single view of customer engagement.
- A package of 17 common licensing forms.
- Contact management with document upload and viewer for uploaded attachments.
- Automated document production and messaging services (SMS, email, etc).
- Sophisticated workflow, enabling task automation and configuration of business logic.
- Comprehensive form sections and dynamic questions.
- Seeding of answers between forms, providing pre-population of data.
- Management information, dashboards and reporting.
- Single view contact management with an assisted digital function.
- Integrated with the One Digital Portal solution.
- Full integration to Capita’s One Digital Portal solution (sold separately).
- Reduce operating cost; powerful automation and configuration of workflow processes.
- Quick return on investment; rapid, simple form and process creation.
- Highly secure; penetration tested and designed to secure data appropriately.
- Quick deployment with predefined forms.
- Deliver with agility; simply create, build and adjust forms/ workflow.
- Reduced infrastructure costs; fully hosted solution, with upgrades and patching.
- Improve customer experience; forms pre-populated; video and webchat capability.
- Create single views of digital engagement with integrated contact management.
- Increase take-up; workflow creates accounts in One Digital Portal.
- Increase accessibility; mobile responsive and device agnostic; HTML5/ Bootstrap framework.
£3364 per unit per year
Capita Business Services Limited
Capita Business Services Ltd
|Software add-on or extension||Yes|
|What software services is the service an extension to||The One Digital Licensing Forms package operates with the One Digital Portal and One Forms and Contact Manager solutions also available via G-Cloud 10.|
|Cloud deployment model||Private cloud|
One Digital Forms (public facing) shall provide at least 99.5% availability during scheduled operating hours, defined as 24 hours a day, 365 days a year, excluding scheduled downtime. One Digital Contact Manager (internal facing) shall provide at least 99.0% availability during office hours, defined as 08:00 – 18:00 Monday-Friday, excluding English public holidays and scheduled downtime.
Scheduled downtime covers tasks including, but not limited to, new releases (software upgrades) and server patching. In cases of unscheduled downtime for emergency changes, we will endeavour, but cannot guarantee, to complete work outside normal office hours (09:00 – 17:30 Monday to Friday).
|System requirements||Establishment of a VPN connection to the Capita SaaS platform|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Response times apply Monday to Friday, 08:00 – 18:00.
High Severity (must be logged by telephone): day-to-day work cannot be continued or assistance needed to meet business-critical deadlines. We aim to respond within 1 working hour and, whenever possible, provide a solution/ advise how quickly a solution will be available.
Medium Severity: day-to-day work can be continued, but there is still a requirement for a speedy resolution. We aim to respond within 4 working hours.
Low Severity: day-to-day work can be continued but the problem is minor. We aim to respond within 2 working days.
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Support desk requests are logged on a call tracking system and dealt with in priority and severity order. The support desk is operated Monday to Friday, 08:00 – 18:00. Requests are logged online, by email or by telephone.
High Severity: day-to-day work cannot be continued, or assistance needed to meet business-critical deadlines. We aim to respond within 1 working hour.
Resolution: continuous monitoring and customer updating until the fault is resolved, which we aim to be within 4 working hours.
Medium Severity: day-to-day work can be continued, but there is still a requirement for a speedy resolution. We aim to respond within 4 working hours.
Resolution: whenever possible, a solution will be given or we will advise how quickly a solution will be available, within 8 working hours.
Low Severity: day-to-day work can be continued and the problem is minor. We aim to respond within 2 working days.
Resolution: whenever possible, a solution will be given or we will advise how quickly a solution will be available, within 5 working days.
A Technical Account Manager is available under the standard escalation procedure within our Service Charter.
The cost of on-site support consultancy is detailed in the pricing document.
|Support available to third parties||No|
Onboarding and offboarding
Onboarding to One Digital Licensing Forms and Contact Manager can be a very swift process and delivered within any reasonable timescale, varying accordingly to project dependencies and deliverables. Once requirements have been analysed and configuration of the required forms and workflow has been completed, on-site training will be delivered, supported by a comprehensive set of user documentation. This documentation is updated in line with each release of the software and is provided in PDF format. All user acceptance testing (UAT) will be carried out in the One Digital pre-production environment. Completing UAT will be undertaken by customer employees while feeding back any reported issues and having a regular dialogue with our teams to prioritise such issues and plan for resolutions. The UAT stage will include a nominated contact within Capita for reporting any such issues. Once the UAT stage has been completed within the pre-production environment and the solution has been signed off, deployment to the production environment will commence, along with Go Live activities.
To support the onboarding process, Capita can provide a range of services, including Project Management, Business Analysis, Technical Consultancy and Business/ Training Consultancy.
|End-of-contract data extraction||The data extraction format may be via standard methods, such as CSV, SQL database extract or XML. At the end of the Contract, Capita and the buyer will determine the most appropriate method of data extraction, depending upon the buyer’s specific requirements and availability.|
|End-of-contract process||At the end of the Contract, Capita and the buyer will determine the most appropriate method of data extraction depending upon the buyer’s specific requirements and availability. This process will be fully scoped and project managed with Capita’s technical employees. Any cost associated with End of Contract activity will be provided as scoped.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||One Digital Licensing Forms provides a fully mobile-responsive user interface which renders appropriately to the screen size of the device being used. The solution can therefore be utilised on a mobile device just as it would on a desktop. We recognise that mobile browsing is now becoming the dominant method for accessing the web and our platform supports this fully. No special configuration or styling is required. HTML5 and the Bootstrap framework are utilised to enable this device-agnostic user interface.|
|Accessibility standards||WCAG 2.0 AA or EN 301 549|
Accessibility is considered at every stage of design and development of the One Digital platform. Our solution meets the current requirements of the WCAG 2.0 guidance to AA standard and we regularly test all the One Digital components to ensure this standard is maintained as new features are added to the solution. We believe our platform is accessible to those with differing needs and it supports assistive technologies, such as screen readers used by those with sight problems.
One Digital meets the requirements for compliance to the following standards:
- WCAG 2.0 guidance to AA standard
- British Standard 8878:2010 – Web Accessibility – Code of Practice
- ISO 9241 Ergonomics of Human-System Interaction.
|What users can and can't do using the API||
Web services available as part of the One Digital platform are, where appropriate, embedded within One Digital Forms, utilising the powerful Workflow component. They are utilised to either retrieve information from back office One Digital systems, to assist the citizen in completing their application or to update the back office systems on successful submission of a form.
These web services can be provided in isolation and integrated with alternative, third party solutions.
Further information on the content of the API and how it is implemented is available on request.
|API documentation formats|
|API sandbox or test environment||Yes|
|Description of customisation||
Branding and styling the One Digital Licensing Forms does not require any development expertise. Form themes can be created and configured allowing customisation of the colour scheme (buttons, text colour, font size, etc) and logos.
Users with the appropriate permissions can create and then customise the forms to meet their local requirements. This includes adding or amending introductory text and form hints, updating existing questions, adding new questions and updating qualifying criteria. Where relevant, all such updates are made within the boundaries necessary for a successful submission and for back office integration.
All form customisation is undertaken within the username and password protected One Digital System Administration Module.
|Independence of resources||Within our hosted environment, we have deployed HA Proxy load balancers to provide horizontal scalability across our multi-tenanted services. This allows us to add capacity as new customers come onboard very easily. In addition, we have the option to allocate dedicated resources for individual implementations where necessary. Active monitoring of the servers/ services is also in place to alert us to any possible contention and modify the load balancing rules as necessary.|
|Service usage metrics||Yes|
Analytics are provided in the form of a Reporting Module that is accessible to non-technical users. It provides reports which detail platform usage in terms of registered users and the services they are linked to or transactions that they have carried out. Reports on the successful completion rates of forms and those where users are tending to drop out of the process are also provided.
Third party software, such as Google Analytics and GovMetric, can also easily be incorporated into the solution to provide details on user interactions and where users of the digital channel are focusing their time.
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||
Within the System Administrator Module, extracts of data are available mainly in CSV or XML format. As part of the implementation for a customer, any data extract requirements are identified and the relevant routines developed. We also provide reporting using MS SSRS, both predefined reports and ad hoc reporting. This allows the export of data in CSV, XML, PDF, MS Word and MS Excel formats.
For data imports, data can be imported into the application database through the System Administration Module. Other methods of data import may be identified during implementation and the appropriate routines developed.
|Data export formats||Other|
|Other data export formats||
|Data import formats||Other|
|Other data import formats||MS Excel|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
One Digital Forms, as a public-facing web application, shall provide at least 99.5% availability during scheduled operating hours, defined as 24 hours a day, 365 days a year, excluding scheduled downtime.
The One Digital Contact Manager internal-facing web application shall provide at least 99.0% availability during supported office hours, which is defined as 08:00 – 18:00 Monday to Friday, excluding English public holidays and scheduled downtime.
The scheduled downtime will cover tasks including, but not limited to, new releases (software upgrades) and server patching. In addition to the scheduled downtime there will be occasions where Capita is required to initiate unscheduled downtime for emergency changes. In exceptional cases when emergency changes are required, we will endeavour, but cannot guarantee, to complete this work outside of the core normal office hours (09:00 – 17:30 Monday to Friday).
Specific requirements, pertaining to refunds regarding Service Level Agreements, will need to be discussed with the individual buyer at the time of procurement.
|Approach to resilience||
We protect the service with a geographically separated disaster recovery datacentre, which maintains a replication of both the solution and data, and which would be invoked in the case of a disaster.
Further detailed information on our resilience procedures and processes is available on request.
|Outage reporting||The solution is a SaaS based offering and as such the monitoring of system availability, resource utilisation, etc, are performed as part of the managed service by Capita. These real-time processes are not normally made available to the end user. All incident management type events and activities are recorded within our CRM and accessed via the Customer Portal.|
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||
Access to the One Digital Contact Manager is by username and password.
Where One Digital Forms are accessed via users registered on the One Digital Portal, or authenticated against services available on the portal, access can be provided by two-factor authentication (portal), username and password (portal), online authorisation (authenticated services) or PIN (authenticated services). Please see our entry on G-Cloud for the One Digital Portal for further details.
|Access restrictions in management interfaces and support channels||
Access to the Contact Manager and the System Administration Module (where administrative functions are managed, including form creation/ maintenance, user maintenance and system configuration) is controlled by username and password.
Access to the Capita Support Portal is controlled by username and password. New customers with responsibility for contacting the support desk are encouraged to register on the Support Portal. If customers contact us by telephone or email, their details are matched to an existing registration. If none exists, they are either asked to register or, if appropriate, the details of their call are linked to a colleague who is registered.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||British Assessment Bureau|
|ISO/IEC 27001 accreditation date||15/12/2014|
|What the ISO/IEC 27001 doesn’t cover||Our ISO 27001 Certification Scope only covers the hosted environment as offered on G-Cloud.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
As part of Capita Business Services, we work to policies and standards that are aligned with ISO 27001, these are agreed and signed off by the Group CEO and cascaded to the businesses via an internal intranet site and email communication. In addition, each year when employees complete their annual training they agree to comply with both Group and Business Unit Level policies.
Information Security employees as well as Capita Audit complete announced and unannounced checks to ensure that the polices and standards are being followed. Any non-conformities are reviewed and dealt with appropriately.
Information Security is dealt with at all levels of the business, including at the Business Unit, Divisional Unit and Capita Group.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||As part of the ISO 27001 Accredited ISMS, we have a defined and documented change control process. At the core of this change control process is an assessment on all areas of the system, including security. If the risk to security is deemed to be high, it is assessed by Information Security. All change requests are stored on a CRM system and as part of our 27001 audit schedule, are randomly checked to ensure accurate record keeping is maintained and the process followed.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||We employ a market leading AVS tool that is scheduled to run regularly. These results are then fed into the ongoing threat assessment and management program. Patching is completed on a scheduled basis and any failures are identified by the AVS and raised. Out of cycle patches are risk assessed and scheduled, if required they could be in place within less than 24 hours. Capita subscribes to multiple information sources for threats, including CISP and ISF, in addition Information Security regularly review other public and private websites for threat information.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||The platform uses a system that was designed to comply with GPG13. Events are categorised and events that have been flagged for review are reviewed daily. In addition, the information is stored with controlled access for investigations.|
|Incident management type||Supplier-defined controls|
|Incident management approach||
We have a defined, approved and tested Incident Management process, it forms part of our ISO 27001 accredited ISMS. The process has a list of example incidents that are designed to cover a wide range of scenarios. All employees are made aware of the incident reporting process and randomly tested for effectiveness.
Incident reports will be passed to relevant customers if there has been an impact to their environment or data.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£3364 per unit per year|
|Discount for educational organisations||No|
|Free trial available||No|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|