CycleReady Training Management has been developed for use by cycle training course providers to support delivery of training programmes in accordance with the DfT Bikeability scheme. CycleReady also includes a one-to-one cycling session management module.
CycleReady includes separate interfaces and functionality for schools, instructors, team leaders and scheme administrators.
- Schools. View courses currently requested, currently booked, previously completed.
- Schools. Complete and submit Course Request forms.
- Schools. Register pupils on courses and add any special requirements.
- Schools. Pay for a course.
- Instructors. Record their availability for courses.
- Instructors. Record attendance of pupils on a course.
- Instructors. Update their personal details.
- Scheme Administrators. Add, amend or delete roles, features and users.
- Scheme Administrators. Run statistical and financial reports.
- Scheme Administrators. Manage standard digital resources.
- Allow schools to book courses online at any time
- Improve cyclists' safety by offering more courses and course types
- Improve efficiency through intuitive process-driven interfaces
- Use a self-service approach for Instructor availability management
- Process rules automate governance (course capacity and trainer competence).
- Maximise course attendance by providing SMS and email reminders
- Intuitive interfaces and responsive designs improve customer service
- Manage individuals' needs and support minority language groups
- Share information dynamically across all interested parties (organisers, schools, trainers)
- Track timely completion of course organisation and delivery activities
£1250 per licence per month
- Pricing document
- Skills Framework for the Information Age rate card
- Service definition document
- Terms and conditions
Clarity Information Solutions
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Service constraints||Not applicable.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
An initial response is provided within 15 minutes.
The standard service is available between 08:00 hours and 17:30 hours on Monday to Friday excluding UK public and bank holidays.
24/7 response coverage is also available for an additional fee.
Critical Faults - Technical response within 30 minutes, provide analysis and guidance within 3 hours, provide resolution within 6 hours.
Major Faults - Technical response within 1 hour, provide analysis and guidance within 1 day, provide resolution within 2 days.
Material Faults - Technical response within 3 hours, provide analysis and guidance within 1 day, provide resolution within 5 days.
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||Yes, at an extra cost|
|Web chat support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support accessibility standard||WCAG 2.1 AA or EN 301 549|
|Web chat accessibility testing||Clarity uses a third party web chat service provider that has completed appropriate web chat testing. We have however not been directly involved in this testing.|
|Onsite support||Yes, at extra cost|
Clarity provides a fully managed solution support service, which is underpinned by a Service Level Agreement. The service includes unlimited access to a Help Desk, with guaranteed response and resolution timescales for all support requests.
All costs are included within the monthly subscription and no additional usage or service level fees apply.
Customers are provided with direct access to suitably qualified and experienced technical support personnel through the Help Desk. An Account Manager is also assigned to each customer and given overall responsibility for ensuring services are delivered in accordance with contractual obligations and customer expectations.
|Support available to third parties||Yes|
Onboarding and offboarding
Clarity provides onsite users acceptance testing and training services before go-live. User documentation is provided as part of that service.
We also provide an onsite transition support service, where a system specialist works with new users in their offices during the first few days of system adoption. This approach is used to facilitate a seamless transition to effective use of our online services with minimal business disruption.
|End-of-contract data extraction||Clarity provides a full export of all client-requested data in an agreed common use format, such as csv or xlsx.|
The solution is taken off-line at an agreed time on the contract end date. Clarity provides a full export of all client-requested data in an agreed common use format, such as csv or xlsx, within 10 business days after the contract end date.
Clarity destroys all client data 1 month after contract expiry or at an earlier date, if preferred by the customer.
The customer is notified and confirmation is sought prior to destruction of data.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||All client booking screens are responsive and the interfaces adapt automatically to suit the device being used.|
|Accessibility standards||WCAG 2.1 AA or EN 301 549|
|Accessibility testing||Clarity uses the AChecker test toolkit to check and maintain our WCAG 2.1 compliance (to level AA) on a regular basis.|
|Description of customisation||
Users can select from an extensive range of functional configuration options in order to adapt the solution to support preferred working practices.
Business users (Course Administrators) are invited to participate in requirements clarification workshops, which are used to identify customisation preferences that are configured by Clarity prior to initial go-live. Authorised Course Administrators can subsequently implement changes associated with course parameters directly, using the CycleReady Administration Interface. Course Administrators can also request more technically oriented configuration changes through the Clarity Help Desk.
Configuration options, which may be requested by users before being applied by Clarity, include the URL, the email reminder period and optional use of SMS reminders.
Configuration options, which may be implemented directly by users, include the number of courses displayed on screen and Contact Us details.
Customers can also apply their own corporate branding to the client booking site, utilising a creative design that matches their own corporate website (Clarity is happy to apply customer-specified corporate branding to the CTM solution foc within our hosted environment).
|Independence of resources||
Clarity provides a dedicated installation within our hosting environment for each customer and the associated infrastructure is configured to accommodate substantially greater demand than any individual customer ever anticipates.
Scalability testing is employed to ensure that the solution delivers acceptable performance even during times of high load. Furthermore these tests are used to confirm that the system can handle the projected data volume, transaction frequency, etc. This verifies that the solution is able to meet the growing needs of the customer.
|Service usage metrics||Yes|
|Metrics types||Service performance (e.g. system availability, support requests and response activities), booking statistics (e.g. course types and schools), business user statistics (e.g. numbers of named users performing defined roles over specified time periods) and anomalies (e.g. email bounce-backs).|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a CHECK service provider|
|Protecting data at rest||Physical access control, complying with CSA CCM v3.0|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||
CycleReady includes a management reporting tool that can be used to produce parameter-driven reports encompassing all/any data that is held in the CTM database.
Suitably authorised users can produce these reports and then save them to a convenient common-use format (csv, xlsx or pdf).
Clarity is also happy to provide user-requested data exports free of charge as part of the managed solution support service that we provide.
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||XLSX|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||
Availability and resilience
We provide our customers with both a Service Level Agreement and a Business Continuity Management Plan, which sets out the arrangements that we use to maintain exceptionally high availability. As an indication of our commitment to robust availability management, the system availability achieved across the entire FastForm customer base for 2017 was 99.88%.
Our SLA provides a commitment to maintaining a monthly rolling average of at least 99% availability and we will provide customers with service credits if we ever fail to achieve this target.
|Approach to resilience||
Our UK-based data centres are certified to ISO 27001 and access is strictly limited to security-cleared personnel, controlled by extensive CCTV monitoring and state-of-the-art access control systems.
CCTV covers all areas of the data centres and corporate offices.
Highly experienced security guards are on duty 24x7x365.
Role based access control requiring swipe-cards is used to manage access through multiple secure areas, ensuring absolutely no access to buildings and rooms by unauthorised personnel.
A copy of the Certificate of Registration to ISO 27001 can be provided on request.
Comprehensive ISO 27001-compliant security arrangements are used to protect data at rest and data in transit and further information can be provided on request.
The ISO 27001 certification also covers equipment disposal and physical resilience and availability management within the data centres.
CycleReady includes a management dashboard, which alerts authorised business users dynamically when there are outages. Email alerts are also sent to designated customer contacts.
Availability and outage statistics are included in monthly management reports, which are issued to customers.
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||
Business users are added by a nominated System Administrator and they are assigned to pre-defined roles within CycleReady, including System Administrator, Course Administrator and Call Taker.
An email is sent to each new business user with a system generated password after a new account has been created. The role allocated to the user determines which system functions are available to them.
Business Users are given a different URL from clients, which they use to log on with the password from the email and access features associated with their role. Logged in business users are able to change their password.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users receive audit information on a regular basis|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Who accredited the PCI DSS certification||Self certification (Attestation of Compliance)|
|PCI DSS accreditation date||24th April, 2018|
|What the PCI DSS doesn’t cover||The scope is restricted to card-not-present merchants, All cardholder data functions are fully outsourced to payment gateway providers, who hold full PCI DSS certification.|
|Other security certifications||Yes|
|Any other security certifications||Cyber Essentials|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||
Clarity has gained extensive experience delivering high integrity information management solutions, which are used to store sensitive data, including records classified as SECRET, to numerous high-profile organisations throughout the UK public sector. Consequently, a robust approach to information governance and security management is fundamental to our business and our management structure, staff selection and personal development procedures reflect this core requirement.
In particular, we have established Security Operating Procedures (SYOPS) and most of our staff have undergone MOD, government and police security vetting procedures and have obtained clearance to work on confidential systems.
|Information security policies and processes||
Clarity has established Security Operating Procedures (SYOPS) that define acceptable forms of use that apply to Clarity personnel whenever they access live customer environments.
SYOPS apply to all personnel who access live environments. While these procedures clearly apply to staff that provide routine support and maintenance services, they are equally applicable to any individuals who are required to access live environments for any reason.
The Operations Director is responsible for authorising individuals before they can access a live environment and for defining the permissible form/s of access and the purpose. The Operations Director maintains a register that identifies all such authorisations.
We utilise a systematic, risk-based approach to information security management, based on ISO 27001 requirements and guidelines. We identify system usage profiles and associated threats, vulnerabilities and risks. We also conduct impact assessments and assign security classifications in order to identify impact levels and risk tolerance, which influences the controls used to manage risks. Independent penetration testing is also used to increase information assurance.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Software configuration management procedures are used to identify and control the use of software items, thus enabling traceability and replication. Configuration management is used to ensure all FastForm components can be combined in a consistent and repeatable manner. Our configuration management procedures include methods for:
- Unique identification and version control for all products and components.
- Receiving and acting on observations and for recording and controlling changes arising.
- Defining the means by which a product may be built or re-built.
- Controlling replication and distribution of products.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
We utilise a systematic, risk-based approach to information security management, which is based on ISO 27001 requirements and guidelines.
We initially identify system usage profiles, then identify associated threats, vulnerabilities and risks. We also conduct impact assessments and assign security classifications, which in turn allow us to identify impact levels and risk tolerance, which feed into the controls used to manage the identified risks. We have also used independent penetration testing to increase information assurance.
Our patch deployment speed depends on perceived threat levels, but we have the capacity to deploy critical patches within 2 days.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
All users must be authenticated in order to access system functionality. This cannot be bypassed and any malicious attempts to access FastForm are recorded in the FastForm audit logs.
Should a security breach occur, Clarity shall follow ICO guidelines in order to:
Identify how the breach occurred
Take immediate steps to stop or minimise further data loss, destruction or unauthorised disclosure
Assess and record the risk
Notify affected individuals and any relevant regulator (ICO)
Establish what security measures were in place when the breach occurred
Assess whether technical or organisational measures could be implemented to prevent the breach happening again
|Incident management type||Supplier-defined controls|
|Incident management approach||
Our Service Level Agreement defines an incident management process, which is enacted any time a Support Request is classified as an incident.
Users can report incidents by either phoning the Clarity Help Desk, emailing the Help Desk or raising a request through an online Support Portal.
Customers are initially advised on the progression and resolution of incidents through phone calls and emails. Customer agreement that an incident has been resolved is always documented (typically by email). Incidents are reported formally through monthly management reports, which identify the cause, the effect and actions taken to resolve the incident and prevent recurrence.
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£1250 per licence per month|
|Discount for educational organisations||No|
|Free trial available||No|