Capita Business Services Limited

SIMS Primary

SIMS Primary is an internet based Schools Information Management System, providing the ability to use SIMS software from anywhere, securely. The service is fully managed, with support for upgrades and backups.


  • Teacher centric design with easy to use screens.
  • Engaging interactive colourful data displays of key school metrics.
  • ‘Out of the box’ capability for attendance, assessment and conduct.
  • Embedded support for DfE Programme of Study and published schemes.
  • Powerful web based calendar for scheduling all school events.
  • Helpful ‘Homepage’ shows key class, school, diary and calendar detail.
  • User interface that changes according to logged in user role.
  • Embedded communications tool for email and texting parents and stakeholders.
  • Planning tool supports topic based curriculum delivery and assessment.
  • Secure anytime access via internet browser, with automated backup.


  • Teachers use the system without training for key classroom processes.
  • Teachers and SLT use the information displayed to drive interventions.
  • Schools spend less time setting up and designing tracking systems.
  • Schools can easily use the DfE and proprietary assessment schemes.
  • Access school calendar of events, meetings, etc, on any device.
  • Simple, time saving access to key information on system login.
  • Teachers not concerned with menus/ screens they do not need.
  • Simple email, SMS or letter communications from within the system.
  • Set up the system to support how the school teaches.
  • No worry about system maintenance – we do it all.


£3666 per licence

  • Education pricing available

Service documents


G-Cloud 11

Service ID

6 1 2 9 4 0 9 4 7 0 5 9 0 6 5


Capita Business Services Limited

Capita Business Services Ltd


Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
SIMS Primary links with a number of additional modules that can benefit schools day-to-day activity.
Cloud deployment model
Private cloud
Service constraints
The service desk operates Monday to Friday 08:00 – 17:30 (excluding public holidays).
System requirements
User requires an internet browser and internet access.

User support

Email or online ticketing support
Email or online ticketing
Support response times
The service desk operates Monday to Friday 08:00 – 17:30 (excluding public holidays).

P1 – Critical Priority = 20 minutes
P2 – High Priority = 1 hour
P3 – Medium Priority = 8 hours
P4 – Low Priority = 24 hours
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Customer support is delivered through our application support desk which acts as a first point of contact for customer requests and problems.
• A number of useful tools can be found within My Account, which provides, as SIMS customers, access to the latest news, resources, discussions and events.
• If a solution cannot be located, the Authority can log a support incident or enquiry directly with the SIMS service desk. This (and any associated solution) can then be viewed online using our My Account facility, where the Authority can also add notes to the case and review updates from us.
• Knowledgebase article search can be used to obtain an immediate solution to any issue the Authority may have, 24/7.

The Support Desk Analysts can be contacted via email or a dedicated customer web portal called My Account. Target response and resolution times are based on the severity/urgency of the reported fault and are summarised below.

Target response time:
P1 – Critical Priority = 20 minutes
P2 – High Priority = 1 hour
P3 – Medium Priority = 8 hours
P4 – Low Priority = 24 hours

The service desk operates Monday to Friday 08:00 – 17:30 (excluding public holidays).
Support available to third parties

Onboarding and offboarding

Getting started
Schools moving to SIMS will invariably be coming from an existing management information system. The migration process may therefore involve both familiarisation and training with the SIMS system to be able to make best use of both the system itself and more importantly, the data it can hold from the perspective of supporting school improvement and the transfer of valuable data already held in the existing MIS to provide an enhanced starting point for the system’s use.

Capita provides a data conversion service to populate the new system with data from the existing MIS and both the technical services relating to the installation and setting up of the new system and the training and consultancy to get that system up and running. The processes are co-ordinated by a Project Manager to ensure that the journey can be completed smoothly and efficiently.

Customers will need to engage in a requirements gathering exercise, the main inputs to this will be the review of technical prerequisites.

All customer data, accounts and access will be permanently deleted upon termination of the agreement.
Service documentation
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats
  • ODT.
  • ODS.
  • Excel.
  • CTF.
  • DfE statutory returns.
End-of-contract data extraction
As part of the end-of-contract process, users can request an extract of their data upon formal request. The data is extracted and provided in an agreed timescale and made available in CSV format as standard.
End-of-contract process
At contract end, customer access to the system will cease. A copy of the SQL database used for data storage can be provided upon request. Data will be deleted from the environment and any data backups overwritten. No additional cost is incurred for this. Should the SIMS applications and SQL database need installation onto another, eg, archive, system then an installation fee may be charged. Reports that extract data, eg, into CSV format, can be created and run by the customer until the termination of access as per normal system usage. Should report definition creation other than by the customer be required, a fee may be levied dependent on the scope of the required work.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Aspects of SIMS support iOS/ Android smartphone platforms. SIMS Parent App – a parental engagement solution for schools (additional service subscription) – is one aspect designed as an installable iOS/ Android app in addition to a browser view. The browser view can present 3+ columns of information concurrently while the app presents one column of information concurrently and provides notifications when new information or messages are presented. Both display the same information, enabling communications with parents on all aspects of school life, including for parents with multiple children attending the same school, via a single login.
Service interface
Description of service interface
Through our customer portal, MyAccount, there is the ability to log a ticket and access the knowledge base.
Accessibility standards
None or don’t know
Description of accessibility
The applications provide customisation for accessibility needs at an operating systems or browser level (which include changes to the font size, font and background colour). Accessibility includes font size alteration by standard configuration or browser controls (CTRL and +/-), robustness to use with assistive technologies, such as screen reader, screen magnifier and colour inverting systems that would be essential to anybody needing these methods of access.

There is no flashing or scrolling text within the solution.
Accessibility testing
• We periodically test our products using web compliance tools and use WAI-ARIA Markup to help assistive technologies.
• We ensure that all products capabilities are accessible via the keyboard.
• Our products are designed to be zoomed assisting those with poor eyesight, and physical and cognitive disabilities.
• We ensure that all text meets colour contrast standards.
• To promote consistency and help training and support, we don't provide comprehensive establishment-specific customisation options for labels or colours.
What users can and can't do using the API
Capita recognises the importance of enabling councils and schools to share data, integrate their MIS with other applications and interface with central systems used by the LA. We invest significant resources in maintaining published APIs, a dedicated Partner Management Team and working in partnership with Government bodies to ensure ongoing compliance with the latest statutory returns.

APIs are maintained, published and documented for the entire SIMS suite. The SIMS APIs support direct interoperability with the SIMS database for any third party that wishes to integrate their solutions with the SIMS database. APIs are available as a series of hyperlinked HTML documents that can be requested free of charge by any third party.

Use of the APIs ensures that the data validation rules built into the SIMS applications are not bypassed and support is available from our Partner Management Team to assist third parties in using SIMS APIs to link their solutions with SIMS.

Support for third parties wishing to integrate their solution with SIMS is provided by our SIMS Partner Programme Team, who are focused on supporting the needs of the range of organisations that comprise SIMS Partner Programme.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
While the software code is not customisable by the user, the system is highly configurable by users based on the system permissions assigned to them. For example, a user with Class Teacher access may configure new fields for assessment purposes that will show in their marksheets but not those of colleagues. A user designated as Assessment Manager may design marksheets with common columns for all teachers to use. A user designated as a School Administrator might alter the lookups in certain fields like a conduct type to reflect the school’s conduct policy or even relabel the menu routes in the system to bring it in line with school parlance. A user with System Manager access may limit the fields and functions available to other users. It would also be possible to extend the available functionality, depending on procurement of additional options, such SIMS Parent App.


Independence of resources
The platform is designed to scale with increasing demand. Virtual infrastructure is employed to allow for rapid provision of additional resource where required. The environment is monitored 24/7.
The solution is sized to handle the predicted number of concurrent users and to maintain adequate response times across the full solution.

Synthetic transactions are applied against the solution to determine and log service availability. The service is proactively monitored 24/7 using a suite of real-time facility, network, OS, DB, hardware and application monitoring tools.


Service usage metrics
Metrics types
The MyAccount portal provides dashboards where customers can view open and closed tickets along with other service metrics.
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach
Data is encrypted at rest using Microsoft Transparent Data Encryption (TDE).
Encryption of the database file is performed at the page level. The pages in an encrypted database are encrypted before they are written to disk and decrypted when read into memory.
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
• SIMS Reporting tool allows users to run predefined or create their own reports based on queries and filters drawing on data from across the SIMS data dictionary.
• Microsoft Office applications, including data export to Microsoft Excel for further analysis.
• Data analyses routines built into specific areas of the SIMS suite, for example, in producing analysis of examination results, financial budgeting information and tracking pupil performance.
Data export formats
  • CSV
  • Other
Other data export formats
  • Native application reporting (SIMS Reporting tool).
  • Data analyses routines.
Data import formats
  • CSV
  • Other
Other data import formats
  • Data analyses routines.
  • CTF.
  • Excel spreadsheet (for assessments).
  • CSV (for assessments).

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
We aspire to achieve 99.5% uptime as a target for online system availability but do not provide specific guarantees. This is based on polling at 5-minute intervals.

We recognise that downtime may vary in extent of functionality affected, and the causes may vary in nature, as well as in extent of customer effect. Should an issue arise we undertake to respond to reported incidents in line with our support charter, where ‘Response’ means initial Capita contact regarding your incident via email/telephone during UK business hours, 8:00-17:30 Monday to Friday (excluding Public Holidays).

Response targets are:

• P1 - Critical Priority = <30 minutes (Entire system failure.)
• P2 - High Priority = 2 hours (System/key module failure. A malfunction causing impact on ability to operate significant key business processes or production. No workaround or manual process available.)
• P3 - Medium Priority = 4 hours (An issue that causes a significant impact to business, but a workaround or manual process is available.)
• P4 - Low Priority = 1 business day (System usage assistance or guidance is required on service/system/ hardware/software queries that are not the consequence of a failure)

We do not provide specific guarantees on levels of availability.
Approach to resilience
Windows Azure runs in geographically distributed Microsoft facilities, sharing space and utilities with other Microsoft Online Services. Each facility is physically constructed, managed and designed to run 24/7/365 and employs various measures to help protect operations from power failure, physical intrusion, environmental threats and network outages. These datacentres comply with industry standards (such as ISO 27001) for physical security and availability. They are managed, monitored and administered by Microsoft operations personnel.

Consisting of multiple servers, the solutions have been grouped into role types and placed within ‘Availability Sets’ located within an ‘Affinity Group’. The Affinity Group ensures that servers are located in the same area within the Windows Azure Datacentre to optimise performance while the Availability Set splits roles across multiple host servers to minimise the risk of service outage.

Highly Available Hardware – Placing the servers into availability sets guarantees that the servers are spread across multiple racks within the Windows Azure Datacentre. Each server is then hosted on a different physical host, utilising separate power feeds and connected via different switches.

In the event of an individual server failure, load balancers route traffic automatically to other functioning servers within the environment.
Outage reporting
Any service interruption notifications are published to the My Account portal, with email notification functionality. In the event of a critical system failure, the service desk will liaise with all necessary parties to resolve the problem and keep all customers informed of the situation.

Identity and authentication

User authentication needed
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Access is limited to a known subset of Capita engineers. Access is secured by VPN with unique and individual username and password protected accounts. Unused interfaces and consoles are locked down as part of the security hardening process.
Access restriction testing frequency
At least once a year
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
The British Assessment Bureau
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
We are certified for the following activities: design, develop and host, produce, support and deliver associated services.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Capita is committed to maintaining the highest risk management standards and ensuring compliance with legal and regulatory requirements. To this end, Capita has developed a policy portfolio, which includes a Cyber & Information Security Policy and associated standards, which must be adopted as the minimum requirements. Implementing a programme of internal information security audits provides assurances that the level of conformance with the Capita baseline Cyber & Information Security requirements are being continually assessed and any identified areas of non-conformance are being addressed by appropriate corrective actions/ risk management framework.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Changes to the Capita deployed application, IT infrastructure and data services are considered and logged into the Change Management Register so they can be tracked through the Change Management process.

Change Records must give sufficient information to indicate why the change is required, what services/ customers will be affected, what comprises the change, how a completed change will be tested and how it can be rolled back.

Change Records must include a timetable for completion and indicate whether there will be a noticeable service impact.

Team Leaders within the Live Services and Support Desk Teams provide approval for changes.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Capita has defined a set of rigorous security standards and practices derived from the most recent OWASP Top 10 Web Application Vulnerabilities and SANS Top 25 Software Errors.
Capita conducts vulnerability scanning, evaluates identified risks and develops mitigation plans to remove the vulnerability using a third party commercial tool.
Vulnerability management is a critical role in keeping the environments secure. Capita manages patching in the estate prudently and methodically, looking at each vendor patch qualification, impact to the environment, mitigating controls in place for the issue the patch is addressing and any additional risks introduced by the patch.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Capita proactively monitors the Service 24/7 using a suite of real-time facility, network, OS, DB, hardware and application monitoring tools.
In the event of any security incident, and after containment, a root cause analysis and remediation plan will be put into place. Throughout, Capita shall provide customers timely updates and information. Capita would be transparent, working with customers as to progress, what has occurred and steps being taken to address.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Capita Incident Response Plan includes identification, containment/ eradication, root cause analysis and the implementation of any mitigating controls to prevent recurrence. Capita would be transparent, working with customers as to progress, what has occurred and steps being taken to address. Capita maintains an escalation procedure to notify appropriate Capita management employees and customer contacts in the event of a security incident.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£3666 per licence
Discount for educational organisations
Free trial available

Service documents

Return to top ↑