tillr

Leisure Contract Monitoring

A customisable online tool for councils to manage leisure contract monitoring activities including inspections, benchmarking, automated task allocation, resolution monitoring, management reporting and condition surveys. A single source of truth for the performance of one of the council's largest contracts, ensuring value for money as per the procurement framework guidelines.

Features

• Real-time reporting
• Remote access
• Mobile usage
• Automated task allocation
• Role based access control
• Offline capability
• Bespoke form templates
• In line attachments
• Custom modules
• Third-party contractor licensed access

Benefits

• Distributed team collaboration
• Multiple facility monitoring
• Real-time email alerts, notifications and reminders on tasks
• Interactive task reports and analytics
• Access anytime, anywhere on any mobile device
• Unlimited file uploads and storage
• Unlimited user licences
• Admin controlled user permissions
• Customisable homepage content and dashboards
• Automatic generation of tasks based on contract SLAs

£0 to £1,500 a unit a year

• Free trial available

Service documents

• Pricing document (pdf)
• Service definition document (pdf)
• Terms and conditions (pdf)

Framework

G-Cloud 12

Service ID

529272295286172

Contact

tillr

Paul Romer-Ormiston

020 7993 5858

gcloud@tillr.io

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Not available via Internet Explorer 10 or below
• System requirements: If using Internet Explorer, must be version 11 or above

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 24 hours during UK office hours; Monday to Friday; 09:00-17:30
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Dedicated account manager
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onsite training delivered by a dedicated account manager. Video tutorials available. Online demonstrations of existing accounts.
• Service documentation: No
• End-of-contract data extraction: We will provide the buyer with a copy of their data in CSV format on request
• End-of-contract process: Access to the buyer's account will be suspended 24 hours after the contract expiration date. The buyer's data will be held for 30 days after contract expiration date and is available on request at no extra cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: No
• API: No
• Customisation available: Yes
• Description of customisation: Bespoke compliance modules. Bespoke homepage content. Bespoke form templates. Bespoke report templates/dashboards. Automated business rules and workflow. Notification and task reminder preferences. Role-based access controls. All customisation is done by the supplier.

Scaling

• Independence of resources: Tillr uses an elastic provisioning in a Microsoft Azure environment, meaning our architecture expands and collapses to match demand. The Progressive Web App is also developed to be extremely lightweight, meaning that despite demand on the servers, there will be no visible or measurable impact on latency against normal usage periods.

Analytics

• Service usage metrics: Yes
• Metrics types: User activity reporting templates available on request
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Via download buttons in all report templates
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Pdf
  • Xlsx
• Data import formats: Other
• Other data import formats: Not possible

Data-in-transit protection

• Data protection between buyer and supplier networks: Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network: Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: 99.999% uptime, as per Microsoft Azure public cloud service agreement
• Approach to resilience: Available on request as per Microsoft Azure public cloud service agreement
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Role-based access control. Adminstrator privileges.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials
• Information security policies and processes: As per Cyber Essentials best practice guidelines

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Available on request
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: As per Cyber Essentials best practice guidelines
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: As per Cyber Essentials best practice guidelines
• Incident management type: Supplier-defined controls
• Incident management approach: As per Cyber Essentials best practice guidelines

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £0 to £1,500 a unit a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Full access 30-days

Service documents

• Pricing document (pdf)
• Service definition document (pdf)
• Terms and conditions (pdf)