MESMA LIMITED

insightQ quality assurance and improvement software

insightQ is a management tool for coordinating, overseeing and reporting of quality assurance and improvement activities. It is used by education providers, government and regulatory bodies to 1) reduce complexity/ administration 2) improve quality of delivery. insightQ is a suite of interconnecting products covering a quality assurance and improvement cycle.

Features

  • A suite of interconnecting products to underpin quality assurance processes
  • A space to capture all quality assurance and improvement activities
  • Hierarchical structure allows for multiple departments and organisations to collaborate
  • Allows multiple departments and organisations to share data
  • A sophisticated permissions structure to ensure security of information

Benefits

  • Reduces the administration burden of managing quality assurance processes
  • Reduces the complexity of overseeing multiple inputs and outputs
  • Encourages a culture of self evaluation and improvement
  • Engages staff to identify issues and improve practice
  • Ensures decisions and priorities are based on real-time data

Pricing

£552.00 a unit a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at louise@mesma.go.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

5 3 3 7 2 3 8 4 0 0 6 9 4 3 6

Contact

MESMA LIMITED Louise Doyle
Telephone: 08456588370
Email: louise@mesma.go.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Any planned maintenance is carried out during the maintenance window of [06.00 pm to 06.00 am UK time and Saturdays, Sundays and UK bank holidays. The client shall receive at least 7 days' notice of any scheduled down-time.
System requirements
  • Modern browser (i.e. Chrome, Microsoft Edge)
  • Internet Explorer 10 or above

User support

Email or online ticketing support
Email or online ticketing
Support response times
SLA will be 12 working hours however, 90% of tickets are responded to within 4 hours.
User can manage status and priority of support tickets
No
Phone support
No
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
We use a well known third party software to provide our webchat facility.

Here are some of the features that make the Messenger accessible:

Screen reader support: the Messenger is accessible via screen readers

Keyboard navigation: Every component of the Messenger can be accessed using a keyboard without requiring a mouse or trackpad.

Colour contrast: all text in the web Messenger is clearly visible when using colours with enough contrast.

To read more go to https://www.intercom.com/help/en/articles/2530813-is-the-intercom-messenger-accessible
Onsite support
Yes, at extra cost
Support levels
We provide training initial orientation for clients and a range of bespoke training webinars and workshops can be purchased at an additional cost.

We do not offer a technical account manager or a cloud support engineer.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
An initial orientation virtual one-to-one webinar supports clients to access the online help centre, making it easy for all users to learn how to use the software.

Users have access to customer experience executives to support them through online chat, as well as having open access to a library of articles, videos, and product tours.

We also offer a paid-for setup service that is tailored to meet the client's needs.
Service documentation
Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
  • Word
  • Excel
End-of-contract data extraction
Users can export their self assessment reports, quality action plans, observation and enquiry records via Word and Excel files at any point during the contract. As further products are added to the range, such as learner/ employer surveys, the same principles of ease of extraction will apply.

They are able to download these at no extra cost. If the client requires a data extract, this can be provided at an additional cost.
End-of-contract process
There are no charges over and above the standard pricing when a contract terminates. If a client has specific data extraction requirements that are not met by the standard downloads a price will be provided.
Where a client ends their contract but still requires us to host their data, we can provide this service at an additional fee. The fee will be based on the amount of data storage required.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install
No
Designed for use on mobile devices
No
Service interface
No
API
No
Customisation available
Yes
Description of customisation
As standard:
*Create own quality assurance templates
*Edit quality standard framework
*Disable email reminders or resetting frequency
*Some further local preferences such as editing column headings in the quality improvement plan, adding additional radio buttons to the self assessment, and enabling or disabling password protocols.

As a paid for service:
White label interface
Bespoke customisation is possible on case by case basis. This is agreed as part of a contracting process and costed accordingly.

The majority of customisation on the interface is restricted to superuser administrators.

Scaling

Independence of resources
*We have a development team who monitor systems, they identify any emerging performance issues and take action to ensure it does not escalate.

*We use an agile software development approach using Microsoft Azure Dev Ops services. We use Azure Blob Storage enabling us to scale quickly should we need to.

Analytics

Service usage metrics
No

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Other
Other data at rest protection approach
We use a third-party supplier to store our data. Microsoft Azure Storage and Azure Cosmos DB encrypt data at rest by default.
Data sanitisation process
No
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Users login into the system. Reports are immediately downloaded export in either Word of Excel format.

Data extracts can be pushed into other external systems. This is an additional cost to the client.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
JSON
Data import formats
Other
Other data import formats
  • Jpeg
  • Png

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The service is designed to operate 24/7 but optimised for core hours. Core hours are defined as [9.00 am to 5.00 pm local UK time, Monday to Friday].

For public-facing portals, the service shall provide at least 99% availability 24 hours a day, 7 days per week, 365 days per year, excluding planned maintenance.
*Planned maintenance carried out during the maintenance window of [06.00 pm to 06.00 am UK time and Saturdays, Sundays and UK bank holidays and the client shall receive at least 7 days’ notice of any scheduled down-time; and
*We will, as part of the Services and at no additional cost to the Client, provide the Client with the Supplier’s standard Client support services during Normal Business Hours [9.00 am to 5.00 pm local UK time, Monday to Friday]. We reserve the right to amend the Support Services Policy from time to time.
*New releases (software upgrades) and server patching. Not all maintenance will require downtime.
*The standard service does not include payment of refunds for availability below target levels
Approach to resilience
We use an independent Cloud Service Providers (CSPs), Microsoft Azure and Production and CosmosDB. The CSPs operate with independent power and networking supplied to their data centres. Microsoft have the data stored in two different locations and in the event of a significant disaster the service will automatically roll over to the second server. We have the ability to increase server resources to respond to high demand.
Outage reporting
Email alerts

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
*Each user has a defined set of permissions which is administered by the client.

*Each user is given a unique username and password. The client has the functionality to enforce the following password protocol.

a) Are at least 7 characters in length
b) contain characters from at least three of the following:
- Numbers;
- Upper case letters;
- Lower case letters; and
- Special characters (e.g. *!^*);

*All users can only access data that they have permission for. The client has full control over this permissions feature.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Our cloud service provider Microsoft Azure is certified for the ISO/IEC 27701 privacy standard. Mesma are also certified to the UK Cyber Essentials certificate.
Information security policies and processes
Our information security policy contains requirements relating to Data protection compliance, Asset control, Information handling, Human resources security, physical and environmental security, access control, Use of computers and mobile devices, network management, software management and outsourcing third party and a business continuity and disaster recover plan. The policy requirements are audited an annual basis. This audit consists of sampling activities to identify if and where policies may not be being followed so that corrective action can be taken.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Change management process is a 5 stage process of Agile development, 1) Specification, 2) Develop 3) Test 4) Quality Assurance Check 5) Release. Quality checks and testing are carried out independently from the development team.

No change can be both developed and approved by a single person.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We use a third party software - Microsoft Azure to host our Software service. Microsoft Azure own their own security practices for data protection. Any incident is investigated and patches are deployed as soon as the development has PASSED the change management processes. In addition, on an annual basis we engage an independent organisation to carry out a penetration test of the Software. We also maintain the Cyber Essentials certificate which is renewed annually.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Protective monitoring is achieved through a combination of systems including our users logging errors via our customer support service or web server error logs. Logs are monitored daily.

All incidents will be investigated and be given the highest priority. Investigations will be co-ordinated by a Director and will commence as soon as the incident is first reported. Where the incidents relate to users (such as availability, confidentiality of service and data) the support team are informed and kept updated on the incident risk and impact.

Investigation stages are 1)Acknowledge 2) investigate 3) Report 4)Action controls 5) Follow-up review.
Incident management type
Supplier-defined controls
Incident management approach
We define incident reporting process in our Information Security Policy.
Users can report any IS incident by email to hello@mesma.co.uk or online chat.

Information to help users and employers report a security incident quickly is provided in our help centre http://help.mesma.co.uk/en/articles/4266919-q-what-do-i-do-if-i-think-my-data-has-been-compromised

A record of the incident will be recorded on the Security Breach Register.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£552.00 a unit a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
A free starter version of the self assessment and document storage products is available for a single organisational user. It does not include other products in the insightQ range. There is no time limit restriction for how long they can retain the product.
Link to free trial
https://mesma.co.uk/insightq-for-free/

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at louise@mesma.go.uk. Tell them what format you need. It will help if you say what assistive technology you use.