Phoenix Software Ltd

The SIERA Hub for Education

Simpson Associates SIERA Hub for Education is a student engagement and analytics solution for education. The solution uses descriptive and predictive analytics to give tutors and administrators a way to measure and monitor student engagement and performance, aggregates multiple types of student data, such as; attendance, VLE and social factors.


  • Aggregate multiple types of student data from disperate sources
  • Uses machine learning to monitor for indications of risk.
  • Single view of the Student
  • Dashboarding and Report


  • Early indication of students at risk
  • Single view of a Student
  • Increased retention


£50000 to £200000 per unit

  • Education pricing available

Service documents


G-Cloud 11

Service ID

6 1 5 6 1 1 4 4 0 7 1 1 3 1 7


Phoenix Software Ltd

Jonny Scott

01904 562200

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Can integrate with Microsoft CRM Dynamics
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints NO
System requirements Application is a hosted web application

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 2 Hours (during weekdays)
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Our help desk is available from 9:00am to 5:30pm, weekends and bank holidays excluded. • Calls may be logged 24 hours a day and 7 days a week on our help desk portal. The response time will start from the start of the next working day. • Calls must be logged by the customer in one of the following ways: - Email, Telephone or Web Portal • The call first response time will be no longer than two hours and often much quicker. • Support calls will be prioritised as follows: o Priority 1 – the system is unusable with no work around. o Priority 2 – the system is unusable with an agreed work around or a critical error2 without a work around. o Priority 3 – all other issues • Incidents will be resolved in the following time-scales: o Priority 1 incidents we will endeavour to provide a fix or work around within 2 working days. o Priority 2 incidents we will endeavour to provide a fix or work around within 2 working days. o Priority 3 incidents we will endeavour to fix or find a work around within 5 working days.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Full product documentation with in application guides
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction All data will be supplied in a csv file format as a simple data extract
End-of-contract process All end of contract services will be described in an exit plan and form part of the costs of service.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Dashboards available on mobile devices
Service interface No
Customisation available Yes
Description of customisation Bespoke configuration of data sources and machine learning models


Independence of resources Separately allocated resources


Service usage metrics Yes
Metrics types Usage of the platform
Reporting types Regular reports


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Download in CSV or PDF formats
Data export formats
  • CSV
  • Other
Other data export formats PDF
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability See Microsoft's Online Service Terms at
Approach to resilience Please see and
Outage reporting Please see and

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels "Azure-AD can designate separate administrators to serve different functions. These administrators will have access to features in the Azure portal and, depending on their role, will be able to create or edit users, assign administrative roles to others, reset user passwords, manage user-licenses, and manage domains, among other things. A user who is assigned an admin role will have the same permissions across all of the cloud services that your organization has subscribed to, regardless of whether you assign the role in the Office365 portal, or in the Azure classic-portal, or by using the Azure-AD module for Windows PowerShell."
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information No audit information available
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for Between 6 months and 12 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards We are working towards ISO27001 information security certification and operate a system that reflects these standards.
Information security policies and processes Our information policy information ensures that data exchanged with other organisations is protected against unauthorised access and disclosure and complies with all regulations. This applies to all forms of communications and information exchange including voice conversations in person or by telephone, video and email communications, Instant messaging etc. Suitable security measures such as (egress filtering on firewalls) is implemented to minimise the risk of transmission of malicious code. Employees should not compromise or disadvantage Simpson Associates or bypass other controls through types of communication, for example by email defamation, harassment, impersonation, forwarding of chain letters, making unauthorised purchases or contractual agreements etc. Suitable cryptographic techniques are used to protect the confidentiality, integrity and authenticity of information this is outlined in the Cryptographic Controls Policy. Employees must comply with retention and disposal requirements for all business correspondences in accordance with relevant policies and procedures. Enforcement will be managed through audit and spot checking by the support team.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Changes to the service must be raised in writing via a standard Change Request Form. Each Project Change Request is added to the Change Request Log Each Change will be review and agreed with the client.
Vulnerability management type Undisclosed
Vulnerability management approach Vulnerability management is managed though our support desk who collaborate with their customer peers. Changes will be managed through the change management processes which dictate the speed by which patches are applied.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Upon receipt of a security-relevant event, an alert is triggered. A support analyst then determines whether the event represents suspicious activity and is therefore deemed a legitimate threat or not, and, if so notifies the relevant personnel, irrespective of the time of day. Any compromise or suspected compromise will be reported to the security team to asses the appropriate response and subject to change management processes. Threat nature will determine response time.
Incident management type Supplier-defined controls
Incident management approach Application Support is provided on a 9x5.30 weekday basis as part of the solution. An ITIL-based Incident Management process is followed by the Support Desk in order to manage individual incidents. Update and Escalation timings are in line with the Incident Priority. Reports can be made via email, service desk portal or phone. All incidents are tracked via an online ticketing systems available on a 24x7x7 basis for customers to track and report on incidents logged.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £50000 to £200000 per unit
Discount for educational organisations Yes
Free trial available No

Service documents

Return to top ↑