MESMA LIMITED

insightQ quality assurance and improvement software

insightQ is a management tool for coordinating, overseeing and reporting of quality assurance and improvement activities. It is used by education providers, government and regulatory bodies to 1) reduce complexity/ administration 2) improve quality of delivery. insightQ is a suite of interconnecting products covering a quality assurance and improvement cycle.

Features

• A suite of interconnecting products to underpin quality assurance processes
• A space to capture all quality assurance and improvement activities
• Hierarchical structure allows for multiple departments and organisations to collaborate
• Allows multiple departments and organisations to share data
• A sophisticated permissions structure to ensure security of information

Benefits

• Reduces the administration burden of managing quality assurance processes
• Reduces the complexity of overseeing multiple inputs and outputs
• Encourages a culture of self evaluation and improvement
• Engages staff to identify issues and improve practice
• Ensures decisions and priorities are based on real-time data

£552.00 a unit a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at louise@mesma.go.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

533723840069436

Contact

Louise Doyle
08456588370
louise@mesma.go.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Any planned maintenance is carried out during the maintenance window of [06.00 pm to 06.00 am UK time and Saturdays, Sundays and UK bank holidays. The client shall receive at least 7 days' notice of any scheduled down-time.
• System requirements:
  • Modern browser (i.e. Chrome, Microsoft Edge)
  • Internet Explorer 10 or above

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: SLA will be 12 working hours however, 90% of tickets are responded to within 4 hours.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: We use a well known third party software to provide our webchat facility. ; ; Here are some of the features that make the Messenger accessible: ; ; Screen reader support: the Messenger is accessible via screen readers; ; Keyboard navigation: Every component of the Messenger can be accessed using a keyboard without requiring a mouse or trackpad.; ; Colour contrast: all text in the web Messenger is clearly visible when using colours with enough contrast. ; ; To read more go to https://www.intercom.com/help/en/articles/2530813-is-the-intercom-messenger-accessible
• Onsite support: Yes, at extra cost
• Support levels: We provide training initial orientation for clients and a range of bespoke training webinars and workshops can be purchased at an additional cost.; ; We do not offer a technical account manager or a cloud support engineer.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: An initial orientation virtual one-to-one webinar supports clients to access the online help centre, making it easy for all users to learn how to use the software. ; ; Users have access to customer experience executives to support them through online chat, as well as having open access to a library of articles, videos, and product tours. ; ; We also offer a paid-for setup service that is tailored to meet the client's needs.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats:
  • Word
  • Excel
• End-of-contract data extraction: Users can export their self assessment reports, quality action plans, observation and enquiry records via Word and Excel files at any point during the contract. As further products are added to the range, such as learner/ employer surveys, the same principles of ease of extraction will apply.; ; They are able to download these at no extra cost. If the client requires a data extract, this can be provided at an additional cost.
• End-of-contract process: There are no charges over and above the standard pricing when a contract terminates. If a client has specific data extraction requirements that are not met by the standard downloads a price will be provided.; Where a client ends their contract but still requires us to host their data, we can provide this service at an additional fee. The fee will be based on the amount of data storage required.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• API: No
• Customisation available: Yes
• Description of customisation: As standard:; *Create own quality assurance templates; *Edit quality standard framework; *Disable email reminders or resetting frequency; *Some further local preferences such as editing column headings in the quality improvement plan, adding additional radio buttons to the self assessment, and enabling or disabling password protocols.; ; As a paid for service:; White label interface; Bespoke customisation is possible on case by case basis. This is agreed as part of a contracting process and costed accordingly.; ; The majority of customisation on the interface is restricted to superuser administrators.

Scaling

• Independence of resources: *We have a development team who monitor systems, they identify any emerging performance issues and take action to ensure it does not escalate.; ; *We use an agile software development approach using Microsoft Azure Dev Ops services. We use Azure Blob Storage enabling us to scale quickly should we need to.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: We use a third-party supplier to store our data. Microsoft Azure Storage and Azure Cosmos DB encrypt data at rest by default.
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Users login into the system. Reports are immediately downloaded export in either Word of Excel format.; ; Data extracts can be pushed into other external systems. This is an additional cost to the client.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats: JSON
• Data import formats: Other
• Other data import formats:
  • Jpeg
  • Png

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The service is designed to operate 24/7 but optimised for core hours. Core hours are defined as [9.00 am to 5.00 pm local UK time, Monday to Friday].; ; For public-facing portals, the service shall provide at least 99% availability 24 hours a day, 7 days per week, 365 days per year, excluding planned maintenance.; *Planned maintenance carried out during the maintenance window of [06.00 pm to 06.00 am UK time and Saturdays, Sundays and UK bank holidays and the client shall receive at least 7 days’ notice of any scheduled down-time; and; *We will, as part of the Services and at no additional cost to the Client, provide the Client with the Supplier’s standard Client support services during Normal Business Hours [9.00 am to 5.00 pm local UK time, Monday to Friday]. We reserve the right to amend the Support Services Policy from time to time.; *New releases (software upgrades) and server patching. Not all maintenance will require downtime.; *The standard service does not include payment of refunds for availability below target levels
• Approach to resilience: We use an independent Cloud Service Providers (CSPs), Microsoft Azure and Production and CosmosDB. The CSPs operate with independent power and networking supplied to their data centres. Microsoft have the data stored in two different locations and in the event of a significant disaster the service will automatically roll over to the second server. We have the ability to increase server resources to respond to high demand.
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: *Each user has a defined set of permissions which is administered by the client.; ; *Each user is given a unique username and password. The client has the functionality to enforce the following password protocol.; ; a) Are at least 7 characters in length; b) contain characters from at least three of the following:; - Numbers;; - Upper case letters;; - Lower case letters; and; - Special characters (e.g. *!^*);; ; *All users can only access data that they have permission for. The client has full control over this permissions feature.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Our cloud service provider Microsoft Azure is certified for the ISO/IEC 27701 privacy standard. Mesma are also certified to the UK Cyber Essentials certificate.
• Information security policies and processes: Our information security policy contains requirements relating to Data protection compliance, Asset control, Information handling, Human resources security, physical and environmental security, access control, Use of computers and mobile devices, network management, software management and outsourcing third party and a business continuity and disaster recover plan. The policy requirements are audited an annual basis. This audit consists of sampling activities to identify if and where policies may not be being followed so that corrective action can be taken.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Change management process is a 5 stage process of Agile development, 1) Specification, 2) Develop 3) Test 4) Quality Assurance Check 5) Release. Quality checks and testing are carried out independently from the development team. ; ; No change can be both developed and approved by a single person.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We use a third party software - Microsoft Azure to host our Software service. Microsoft Azure own their own security practices for data protection. Any incident is investigated and patches are deployed as soon as the development has PASSED the change management processes. In addition, on an annual basis we engage an independent organisation to carry out a penetration test of the Software. We also maintain the Cyber Essentials certificate which is renewed annually.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Protective monitoring is achieved through a combination of systems including our users logging errors via our customer support service or web server error logs. Logs are monitored daily. ; ; All incidents will be investigated and be given the highest priority. Investigations will be co-ordinated by a Director and will commence as soon as the incident is first reported. Where the incidents relate to users (such as availability, confidentiality of service and data) the support team are informed and kept updated on the incident risk and impact.; ; Investigation stages are 1)Acknowledge 2) investigate 3) Report 4)Action controls 5) Follow-up review.
• Incident management type: Supplier-defined controls
• Incident management approach: We define incident reporting process in our Information Security Policy. ; Users can report any IS incident by email to hello@mesma.co.uk or online chat. ; ; Information to help users and employers report a security incident quickly is provided in our help centre http://help.mesma.co.uk/en/articles/4266919-q-what-do-i-do-if-i-think-my-data-has-been-compromised; ; A record of the incident will be recorded on the Security Breach Register.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £552.00 a unit a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: A free starter version of the self assessment and document storage products is available for a single organisational user. It does not include other products in the insightQ range. There is no time limit restriction for how long they can retain the product.
• Link to free trial: https://mesma.co.uk/insightq-for-free/

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at louise@mesma.go.uk. Tell them what format you need. It will help if you say what assistive technology you use.