Public Consulting Group

Social Care Information Portal

The portal is a stand alone information and advice and directory solution ideally suited to authorities that limited budget and are not ready to invest in a full e-Marketplace solution.

Features

  • Content managed portal for information and guidance
  • Directories of services
  • Powerful, results as you type search engine
  • Specific support for Adults social care categories
  • Specific support for Families and SEND Local Offer
  • Responsive, supports all devices
  • Data feeds form any source including OFSTED & CQC

Benefits

  • An affordable entry package into Adult Social Care online
  • Easily extended to incorporate modules such as eMarketplace

Pricing

£500 per unit per month

Service documents

G-Cloud 9

538732149395287

Public Consulting Group

Claire Hewitt

03300 582 690

tenders@publicconsultinggroup.co.uk

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Can be an extension to the Directory or eMarketplace
Cloud deployment model Private cloud
Service constraints Not applicable
System requirements
  • Application is hosted on the PCG Cloud
  • Users require a browser (see browser list below)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times PCG will respond to support requests during working hours: Monday to Friday - 9am - 5.30pm (excluding Public Holidays).

PCG operate a tiered response, according to the severity of the issue being reported: Severity 1 - 15 minutes, Severity 2 - 30 minutes, all other issues - 60 minutes.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Support services are agreed with clients on a case by case basis, dependent on requirements. All clients are provided with a named Account Manager and Support Manager who will manage the commercial relationship and support on behalf of the customer.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started PCG will provider onsite training, online training, online system documentation and electronic copies of training documentation for unlimited reproduction.

Some support contracts provide full user support, in addition to technical support.
Service documentation Yes
Documentation formats
  • ODF
  • PDF
  • Other
Other documentation formats MS Word
End-of-contract data extraction Many elements of data can be exported from the system directly in CSV/XLS/PDF format. PCG can also provide a CSV/XLS/PDF of any other client data held by PCG on the solution.
End-of-contract process As standard, PCG will include an exit meeting, one day's handover and decommission and destroy client data. We would be happy to tailor this process, according to requirements and would quote accordingly.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The service is built using responsive technologies that will work across all popular devices. The service will therefore automatically display differently on mobile devices using appropriate reformatting and functionality.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing All PCG products have been tested with users of assistive technology. PCG employ a dedicated accessibility tester, who is disabled and a user of assistive technology.
API No
Customisation available Yes
Description of customisation Almost all elements of our service can be customised, including features, service levels and support arrangements. Please contact us to clarify your requirements, after which we will issue a quotation for the service specified.

Scaling

Scaling
Independence of resources The PCG cloud make use of resource management within the virtualisation platform to allocate dedicated resource to each virtual resource within the cloud. These resource are actively monitored by the PCG technical team and managed to ensure smooth demand management.

Analytics

Analytics
Service usage metrics Yes
Metrics types Service metrics are provided through a combination of anonymous user data from Google Analytics and application/server generated information, such as uptime and transaction value.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Many data elements can be exported directly from the system in CSV/XSLX/PDF format against the particular function on the system. In addition, bespoke export feeds can be created and provided via e-mail/ftp/sftp or other secure mechanism, as required by the client.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • XSL/XSLX
  • PDF
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • XLS/XLSX

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 99.95% availability is standard, SLAs are tailored to each customer and appropriate service credits are issued based on the SLA targets meeting availability.
Approach to resilience Datacentre resilience information is available on request
Outage reporting Our service is monitored 24x7 by an automated monitoring service, which generates SMS and email alerts to our Service Support team. Customers can opt into service alerts, on request.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Management interfaces are typically only accessible internally by PCG within our network. Where clients need access to the management interface directly, it will typically require a secure IP restricted access and other security measures agreed with the client (e.g. certificates or VPN). Access to the interface is by secure username and strong encrypted password or via integration with 3rd party identity solutions e.g. ADFS/ForgeRock/WS02. The support tools are restricted based on agreed personnel who can raise support tickets and have a secure username and password to access.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 QMS International plc
ISO/IEC 27001 accreditation date 11/10/2004
What the ISO/IEC 27001 doesn’t cover Our ISO27001 certificate refers to any development and hosting work carried out in our Maidenhead office. Our Wigan office abides by the same processes, and will be accredited in 2017.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes PCG have a dedicated corporate Information Security team and a CISO responsible for monitoring and managing security across the organisation. Within each business unit, a dedicated security expert provides local management and control. PCG implement mandatory annual training via eLearning tools to ensure staff are ware of all key security policies. A range of tools including SCCM are used to monitor and audit all devices on the network (both local office and hosting infrastructure). As part of our standards compliance, security controls are audited by a number of external auditors and clients on a regular basis.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach The purpose the PCG change control process is that any requested changes are understood and that their impact is recognised by all of the parties affected by the change.

The main Components of the change control process are:
• Documented channel through which a change is requested
• Change impact analysis
• Change Advisory Board (CAB) to assess change and recommend action
• Prioritisation and scheduling of the change, relative to other changes
• The development / implementation of the change, including testing,
• Updating of records to incorporate the change
• Management reporting (throughout)
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach All threats are reviewed by the corporate security team and reviewed with the business unit security experts. This will also include review and advice with the vendor, if appropriate. Information on threats from 3rd party services PCG subscribes with, vendor notification and other public sources. Patches are deployed on a severity basis as soon as relevant testing is complete or in line with vendor recommendations. Critical patches will be deployed immediately where a known active exploit is identified.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach PCG have a number of hardware and 3rd party solutions that monitor both the internal and external elements of the network and advise on possible threats. Audit logs are maintained at hardware and software level for internal analysis and by 3rd party services, which actively advise on potential issues. All potential threats are reviewed by the corporate security team and reviewed with the business unit security experts. This will also include review and advice with the vendor, if appropriate. Patches are deployed on a severity basis as soon as relevant testing is complete or in line with vendor recommendations.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach PCG operate an ITIL based incident management process with documented procedures for common incidents. Users can report incidents through our online customer service portal. They can also monitor the status of the incident through the portal and receive e-mail/SMS updates. Incident reports are provided through the portal as part of closing each incident.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £500 per unit per month
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Terms and conditions document View uploaded document
Return to top ↑