WESTWOOD FORSTER LIMITED

Gifted Grants

Gifted Grants is a uniquely flexible no-code cloud grants management solution, securely accessible on any device. A slick and intuitive UI fronts a powerful end-to-end grant management platform with built-in workflow engine to automate, measure and report. Rapid deployment, full customisability, online forms, portals for beneficiaries to manage their applications.

Features

  • Modern, intuitive and clear User Interface customisable to your preferences.
  • Create online application forms that feed directly into Gifted Grants.
  • Securely accessible using any browser on any device.
  • Manage external assessments and committee meetings all within your system.
  • Give applicants their own area to create/manage/track applications.
  • Notifications to remind users (internal/external) when actions are required.
  • ‘Marketplace’ single click allows users to take ownership of tasks.
  • Supports purchase orders, invoicing, bacs file and credit note processing.
  • Automatic data flow into your finance/other systems.
  • Automatic invoice to purchase order matching.

Benefits

  • Live estimation of completion times for each application.
  • Fully customisable. Fits processes, terminology, and identity of your organisation.
  • Agility. Diverse form engine for engagement, guidance, and efficiency.
  • Automation built into workflows to greatly reduce manual intervention.
  • Measure your effectiveness and bottlenecks in workflows with SLA settings.
  • User-defined charts and graphs to cut through the noise.
  • Dynamic dashboards for efficiency and clarity in every process.
  • Intelligent ‘Self-Service’. Beneficiaries can manage their own applications/progress.
  • Third parties can manage/assess applications and committee meetings directly.
  • Clear, simple view of each applicant and all communications.

Pricing

£75 a user a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at opalmer@westwood-forster.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

5 5 3 5 5 6 6 9 4 6 9 1 5 7 9

Contact

WESTWOOD FORSTER LIMITED Owen Palmer
Telephone: 02031894100
Email: opalmer@westwood-forster.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
None.
System requirements
  • Access is permitted through current supported browsers
  • Permitted via browsers on any device that is OEM supported

User support

Email or online ticketing support
Email or online ticketing
Support response times
We provide telephone, email support services business hours of 09:00 to 17:00 Monday to Friday, such business hours exclude public holidays as standard. Emergencies outside of this restriction by an emergency number.
Service Level Agreement with reimbursement as standard.

Prognosis times (response times are before prognosis);
(a) critical: 2 Business Hours;

(b) serious: 8 Business Hours;

(c) moderate: 2 Business Day; and

(d) minor: 5 Business Days.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
No
Support levels
One Support Service Level Agreement is offered.
Cost is 20% of licence fee and
Technical support is offered as part of the standard package where it relates to the Application.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We offer a number of services based on the client’s requirements and the implementation shape. We can provide structured training sessions which will guide the attendees through the process; for some users, more interactive session is preferred which will cover more items quickly. To support these sessions, we offer online documentation which the client can copy and tailor.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Export their data from the system (held primarily in data tables called Datagroups). csv format.

Create the table of the fields required, and export.
End-of-contract process
While the Service Provider continues to host the client’s data, the licence and hosting fees remain payable. Support fees are not payable as support assistance will not be provided as standard past the termination date. It is the responsibility of the client to schedule and export their data from the system (held primarily in Datagroups). Any assistance requested and provided by the Service Provider will be at the prevailing daily Service rate.

To remain compliant with the General Data Protection Regulation (GDPR), within 30 days past the conclusion of the final data export/extraction by the client of their data, the Service Provider must delete the client’s system contact data and any other data held that allows for the reconstruction and identification of that deleted contact data. Additionally the hosting tenant and user accounts from within the Application Service will be deleted: No fees are payable by the client after this date.

Where the client has opted to host the Application on their own Azure cloud system, the Application Provider will uninstall app services from that environment: No fees are payable by the client after this action.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Screen design is defined/modified by the Customer to accommodate this as Application will be visible to current browsers on any device.
Service interface
No
API
No
Customisation available
Yes
Description of customisation
Gifted Grants (the application that is relevant to this service) has been built using our proprietary GiftedMatrix Toolkit reflecting our expertise in Grants Management specifically for this Agreement. However, with the GiftedMatrix Toolkit, Gifted Grants can be expanded upon within another Agreement; where you the customer can add features and build around the Grants application to accommodate any other processes your organisation needs control over. These include but are not limited to;
Volunteering,
Enquiry Management,
Helpline,
Project Management,
Events Management,
Partnerships,
Complaints Management,
Compliance.

Scaling

Independence of resources
By default the Service Provider manages an Azure environment in which the Application sits, there are two major elements to the hosting environment. Web Apps and Azure SQL services. The Web Apps have built in monitoring that automatically boosts resources on demand, and reduces it back to the base level once the demand has ended. Azure SQL services are set to notify us if resource allocation is running out, we then allocate more resources to meet the demand.

Analytics

Service usage metrics
Yes
Metrics types
The Service Provider can provide a copy of resource usage graphs from the Azure platform.
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
Less than once a year
Penetration testing approach
In-house
Protecting data at rest
Other
Other data at rest protection approach
The data is hosted solely on the Microsoft Azure platform. This includes Mandatory Security Training and Background Checks. Penetration testing, intrusion detection, DDoS, Audits & logging. State of the art data center, physical security, Secure Network. Security Incident response, Shared Responsibility
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Create the table of the fields required, and export.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
No data is held in our network, all the data is held in the cloud within the Azure platform by Microsoft. As we have no physical network and therefore no network to protect in this manner, it is worth stating however that all machines used for work purposes are run under non-admin accounts, with Windows Firewall and Windows defender Anti-Virus running. In addition all the cloud services we use, such as Visual Studio online, Google Apps for Business and Zoho Service Desk, are with reputable companies who employ such defences.

Availability and resilience

Guaranteed availability
The Application is hosted within the Azure platform, as part of the Azure platform Gifted Grants runs on systems with built in resilience. All services are backed up by triple redundancy measures and Microsoft provides an SLA structure that kicks in at 99.99% availability of the platform.

the Provider shall pay a service credit to the Customer where the Service Provider is unable to resolve issues arising within the following time periods

(a) critical: 6 Business Hours; and

(b) serious: 12 Business Hours;

The amount of the service credit shall be:-
(a) critical;

after 6 Business Hours but less than 10 Business Hours, 10% of one twelfth of the Annual Support Fee

after 10 Business Hours but less than 18 Business Hours, 30% of one twelfth of the Annual Support Fee

after 18 Business Hours, 50% of one twelfth of the Annual Support Fee

(b) serious;

after 12 Business Hours but less than 18 Business Hours, 10% of one twelfth of the Annual Support Fee

after 18 Business Hours but less than 24 Business Hours, 30% of one twelfth of the Annual Support Fee

after 24 Business Hours, 50% of one twelfth of the Annual Support Fee
Approach to resilience
All customer data is hosted and accessed on the Microsoft Azure platform, one aspect of this is the Traffic Manager process.
Microsoft Azure Traffic Manager allows the control the distribution of user traffic for service endpoints in different data centers. Service endpoints supported by Traffic Manager include Azure VMs, Web Apps, and Cloud services. Traffic Manager uses the Domain Name System (DNS) to direct client requests to the most appropriate endpoint based on a traffic-routing method and the health of the endpoints.

Traffic Manager provides a range of traffic-routing methods to suit different application needs, endpoint health monitoring, and automatic failover. Traffic Manager is resilient to failure, including the failure of an entire Azure region.
Outage reporting
The Azure service infrastructure offers API and Public dashboard to advertise service outages, and the dashboard provides an RSS feed that one can (as we have) subscribed to so we get email notifications of Azure service outages.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication
Users’ access to the Gifted Grants and the ASP Infrastructure (Azure platform) shall be controlled by means of an Identity Server to authorise and authenticate users. Therein the heavy-duty security management is taken care of by use of OAuth 2.0 and OpenId Connect.
Access restrictions in management interfaces and support channels
Users’ access to the Gifted Grants and the ASP Infrastructure (Azure platform) shall be controlled by means of an Identity Server to authorise and authenticate users. Therein the heavy-duty security management is taken care of by use of OAuth 2.0 and OpenId Connect. 'Role' based access is granted thereafter in a 'waterfall' manner by designed scope.

For example: Only a Administrator can give another authenticated (non-admin) user Administrator rights. Only an Administrator can state what can be seen and when by another authenticated user.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Description of management access authentication
Users’ access to the Gifted Grants and the ASP Infrastructure (Azure platform) shall be controlled by means of an Identity Server to authorise and authenticate users. Therein the heavy-duty security management is taken care of by use of OAuth 2.0 and OpenId Connect.

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • Cyber Security Essentials
  • Cyber Security Plus

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Cyber Security Plus
Cyber Security Essentials
Information security policies and processes
There are a number, however not one document but a number or policies taken together:
Data Protection policy:
Password Policy:
Remote Access Policy:
Removable Media Policy:

And others as they apply. Which includes GDPR.

Reporting in via internal IT support through to board level and third parties (as per GDPR) where appropriate.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
The data is hosted and accessed solely on the Microsoft Azure platform. This includes Mandatory Security Training and Background Checks. Penetration testing, intrusion detection, DDoS, Audits & logging. State of the art data center, physical security, Secure Network. Security Incident response, Shared Responsibility
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
The data is hosted and accessed solely on the Microsoft Azure platform. This includes Mandatory Security Training and Background Checks. Penetration testing, intrusion detection, DDoS, Audits & logging. State of the art data center, physical security, Secure Network. Security Incident response, Shared Responsibility
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
The data is hosted and accessed solely on the Microsoft Azure platform. This includes Mandatory Security Training and Background Checks. Penetration testing, intrusion detection, DDoS, Audits & logging. State of the art data center, physical security, Secure Network. Security Incident response, Shared Responsibility
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
The data is hosted and accessed solely on the Microsoft Azure platform. This includes Mandatory Security Training and Background Checks. Penetration testing, intrusion detection, DDoS, Audits & logging. State of the art data center, physical security, Secure Network. Security Incident response, Shared Responsibility

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£75 a user a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at opalmer@westwood-forster.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.