ROL Solutions Ltd

CaseTracker - Case Management

Case Tracker - Case Management has been created in partnership with local government for the public sector to enable the effective management of a range of case types including Complaints, Compliments, Comments, Adult or Children's Social Care, FOI & EIR requests, SAR's and Members/MP Enquiries and more.

Features

  • A range of case types, Corporate/Adults/Children's Complaints, FOI/EIR, SAR, Members
  • Workflow enabling automated and manual case allocation across multiple staff
  • A multi-channel customer access solution
  • Flexible design allowing local customisation (timing, processes)
  • Provides single view of a case across all required stages
  • SSO User Authentication
  • Inclusive document management system enabling effective case resolution
  • Secure message centre for two-way communication
  • Handles cases across multiple services to coordinate a single response
  • Collates details on root cause, themes, outcomes or lessons learnt

Benefits

  • Establishes a consistent method of capturing and handling cases
  • Provides a single view of a case across all stages
  • Helps meet statutory requirements within a robust and auditable process
  • Handles cases across multiple services to coordinate a single response
  • Creates a repository of information to support the council resolution
  • Enables analysis of root cause, themes, outcome; assisting service transformation
  • Provides analysis to assist the organisation to develop best practice
  • Improve customer experience by identifying service failures
  • Removes waste and frees up resources
  • Reduces handling and resolution time

Pricing

£12,000 to £65,000 an instance a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nic.streatfeild@rol.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

5 7 9 3 3 6 1 5 3 7 7 8 1 0 3

Contact

ROL Solutions Ltd Nic Streatfeild
Telephone: 07973730005
Email: nic.streatfeild@rol.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
No, the service is available 24 hrs a day, 7 days per week.
System requirements
Latest browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
9 to 5 (UK time), Monday to Friday
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Onsite support
Support levels
Standard level of support is 0830 to 1730 and is inclusive in annual support fees.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Once your order is confirmed, we will schedule a kick-off meeting as soon as possible. Following this meeting you can expect to be completely up and running within 6 - 8 weeks, subject to resource availability.
We will provide an experienced project manager who will work with a nominated contact from your end.

Our project manager will help you to:
- Confirm the components needed to meet to your requirements
- Agree the Service Lists, Root causes, Themes, Outcomes etc.
- Agree any additional flexible options
- Set up customer input templates
- Set up staging and workflows to match local processes
- Agree and execute a project plan.

We offer full training sessions to our new clients including onsite train the trainer sessions.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
At the end of the contract the user can download via the in-built extract function all data as required. This can be downloaded as a CSV file. Should the user require any assistance with this functionality, then this would be provided by CaseTracker at no additional charge.
End-of-contract process
At the end of your contract, the data collection and reporting systems can be turned off at no cost should you choose not to renew.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Our web-based systems are built following responsive design principles to ensure that pages render in a way that is suitable for the device. While different device types may display the systems differently, the functionally they provide will be equivalent.
Service interface
Yes
Description of service interface
The citizen-facing interface enables citizens to raise new case via an online form.

The organisation interface enables users to manage cases through multiple stages for multiple case types.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
The citizen interface has been tested using a combination of automatic tools and manual expert verification. We work closely with leading accessibility consultants to ensure that all citizens have the same level of access to the system.
API
Yes
What users can and can't do using the API
The API enables the secure submission & extraction of data into the Case Tracker system.

You can:
Access all customer and case data;
Access an OData interface for external MI systems;
Submit data from 3rd party feeds or capture tools.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The following features are customisable by users:
Case types and workflows
- Enables case type specific workflows each with defined timescales, case notifications for admin/case owners, retention schedules.
Front-end
- Our flexible forms come with a standard configuration which can be enhanced with additional fields, bespoke text and organisational specific branding.
Communication templates
- Internal communication templates can be predefined, with notifications including the relevant fields per case type.
- For external communications, templates can be branded as per the organisation, include relevant fields per case type, allow for pre-defined text and with outgoing e-mail addresses masked to appear as if coming from the organisation directly.
Flexible case categorisation
- This includes services, themes, learning outcomes, root causes, LGO responses, District/Borough/ward and many more.

Scaling

Independence of resources
All traffic to our systems is load-balanced by multiple servers across multiple geographically disparate data centres within the EEA / UK (defined by agreement at onboarding). Our back-end services make use of serverless technologies which allow us to scale according to demand. System utilisation resources are constantly monitored and adjusted to the needs.

Analytics

Service usage metrics
Yes
Metrics types
Service metrics can be provided on a regular basis through agent dashboards. Realtime data is available through the API and OData interfaces.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
All subscriber data can be exported via multiple methods:
API;
OData;
CSV extract;
Data export formats
  • CSV
  • Other
Other data export formats
  • JSON
  • OData schema
  • PDF
  • ZIP
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • PDF
  • Word
  • JPEG
  • PNG
  • Video

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Reasonable endeavours will be made to ensure the CaseTracker Service Platform is available for access by the Subscribing Client to meet an annual average uptime target of at least 99.9%.
Approach to resilience
All services are replicated over multiple-geographically disbursed locations with all traffic load balanced between. Faulty systems within our platform are automatically removed and replaced to ensure full resilience.
Outage reporting
Service outage reports are communicated by our service desk via email and telephone as appropriate.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
There are named contacts for all subscribers who can contact and arrange service changes.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
QMS UK LTD
ISO/IEC 27001 accreditation date
17/10/2016
What the ISO/IEC 27001 doesn’t cover
ISO 27001 applies to all aspects of the company's service provision.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
The company is accredited under ISO27001. The company's Managing Director directly oversees the ISMS through regular operations meetings with direct reports.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
The Change Control process is designed to capture and manage the various requests for changes, upgrades and development of the Service Platform.

Subscriber requests for changes and updates will be reviewed by the company using an issue management system.

Any agreed changes then go through a process of configuration and testing prior to being deployed to the live environment.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
All CaseTracker servers are monitored using the Amazon AWS Inspector service, which reviews all servers against potential security issues and vulnerabilities, as set out in 'Common Vulnerabilities and Exposures' and 'Security Best Practices' defined by the AWS Inspector Core Rules Sets. All found issues and vulnerabilities are reviewed on a weekly basis by the senior technical team and dealt with according to the relative risk.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
All external traffic to our platforms are automatically monitored and protected by our cloud provider, Amazon AWS, who comply with various standards relevant to the security of its services including ISAE 3402.

Any traffic getting through to our systems is then protected using elastic load balancers and web application firewalls which actively protect against DDoS attacks and the OWASP Top Ten Security Risks.

Our engineering team also monitors for usage anomalies with automated alerts triggered in the case of abnormal trends / brute force. Any potential issues are investigated immediately with further analysis of the relevant server and service logs.
Incident management type
Supplier-defined controls
Incident management approach
Our processes are inline with the NCSC 10 Steps to Cyber Security / Incident Management to ensure that all incidents are raised, managed, resolved and reviewed in a timely manner. The key steps are: Identify, Protect, Detect, Response & Recover. Customer-originating incidents should be reported to the service desk. The incident will then be managed according to the above. Whether customer- or internally-generated, the service desk will share an incident report with nominated contacts at affected customers, detailing the level and scope of the attack, the mitigation and recovery.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£12,000 to £65,000 an instance a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nic.streatfeild@rol.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.