Tribal Education Limited

Engage by Tribal

Tribal Engage allows you to manage the student experience. Designed for the cloud, with flexibility to work with current student information systems. Connect key institution stakeholders with students throughout the whole academic lifecycle. Continuous insight allows for timely interventions - improving retention and outcomes.

Features

• True cloud mobile app
• Complete personalisation
• Student support all in one place
• Early intervention and prevention
• Connect, communicate and collaborate with students
• Real time, relevant communication
• Fully integrated with student information systems
• Open APIs connect to enterprise systems
• Fully scalable to meet changing needs
• Switch modules on and off as you need

Benefits

• Available anytime/anywhere, to ease student access to the whole institution
• Students see a personalised view of their day, at-a-glance
• Queries logged in one place, from enquiry to graduation
• Spot and solve student problems quicker to improve their experience
• Combine communication/collaboration with private, monitored and measured systems
• Staff and students can communicate 1-2-1/in groups in real time
• Integration allows for rapid deployment, adoption and advocacy
• Save/reinvest budget by only paying for what you use
• Avoid lost revenue by cutting drop-out rates
• Modular approach means you can evolve at your own pace

£7,500 an instance a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at technology.bids@tribalgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

627011825348925

Contact

Tribal Bids Team
0330 016 4000
technology.bids@tribalgroup.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Engage can integrate with our ebs, Maytas, SID and SITS products
• Cloud deployment model: Public cloud
• Service constraints: Engage is a fully cloud-based solution with no local hardware requirements
• System requirements: N/a

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our response times to queries and incidents is based upon the severity of the incident in question. Critical faults (P1) are responded to within an hour. Major faults (P2) are responded to within two working hours. Important faults (P3) are responded to within four working hours. Minor faults (P4) are responded to within eight working hours. Our working hours are Monday-Friday 0900 to 1700 - therefore there would not be a response on weekends. Customers can provide us with an impact and urgency rating for any issues they raise which we use to help triage and assign priority.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: All services offered will be supported by a Service Level Agreement suitable to the customer and the service ordered. There are three levels of service available; Essential, Enhanced and Enterprise and depending on the level of service required this will include a Service Delivery manager, Technical Project Coordinator and assigned Cloud Consultant. If additional out of hours or onsite support is required then this option is available at additional cost.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: At project onset we offer a series of introductory sessions for both staff and students, which extends to training on the staff side to utilise the systems and apps. We can also offer more technical onboarding session in terms of API management should this be required. Documentation for the system is also available.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
• End-of-contract data extraction: The underlying database containing all customer data would be provided to a customer-accessible destination prior to the contract ending, in a format of their choosing.
• End-of-contract process: We would work with the customer to define an exit plan which would involve extraction of data and completion of any outstanding services. The exact nature and cost of this exit plan will vary from customer to customer depending on their requirements.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Engage is a mobile service which integrates with existing web-based student management systems
• Service interface: Yes
• Description of service interface: The Engage platform has a mobile app and web interface. The mobile app is available to download via iOS and Android stores and the web interface supports Chrome, Firefox, Edge and Safari browsers. Both the mobile and web user interface and user experience is designed to be familiar to other common social and learning network applications helping to drive adoption by users and institutions. ; ; The mobile app and web interface can be branded for institutions and the software has and will continue to be built with the use of API’s.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: The web portal aims to be compatible with WCAG AA accessibility standards. The institution can customise the portal to ensure any styling that is used is accessible as well as using the programmed solutions. We test with a range of screen readers which all work within our web portal. In order to make our web screens perceivable we aim to provide text alternatives for any non-text content so that it can be changed to fit the user’s requirements. We aim to make all of our web functionality available from a keyboard so that it is operable by any user. To make our web content understandable we aim to make web pages operate in predictable ways by ensuring that common features work in the same way across the software. We try to help users to both avoid and correct any mistakes on the web pages by providing help text and useful error messaging.
• API: Yes
• What users can and can't do using the API: The Tribal Edge ecosystem is a service-first system, allowing users to access and input data from their chosen systems as well as Tribal's technology.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Buyers can customise the modules and functionality within those modules. The system can be customised and branded to suit corporate look and feel.

Scaling

• Independence of resources: Our Tribal cloud customers would be running their applications on dedicated virtual servers (including presentation and database tiers) with reserved resources (cpu/ram/disk) which are available only to them. This ensures that other customers demands on the system do not affect the provision and performance of the application, avoiding so called ‘noisy neighbour’ issues.

Analytics

• Service usage metrics: Yes
• Metrics types: Tribal Cloud incorporates an application to provide alerts to relevant teams when issues arise or thresholds are exceeded. It is a SaaS-based automated IT performance platform. As it is SaaS-based no processing is done on the monitored node, consequently, it has a minimal performance overhead.; It can monitor any Tribal Cloud service as part of our managed service
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Database instances will be encrypted including snapshots at rest using an industry standard. Once the data is encrypted, authentication of access and decryption of the data is handled transparently with a minimal impact on performance. Physical access is managed by AWS/Microsoft as appropriate as it is a public cloud offering.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: The users can export their data using the available APIs. Users are also able to request an export of their data from our support teams.
• Data export formats: Other
• Other data export formats:
  • JSON
  • SQL
• Data import formats: Other
• Other data import formats:
  • JSON
  • SQL
  • Xml

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We offer a minimum 99.5% availability, assured by contractual commitments. Exact SLAs will vary from client to client and their desired uptime.
• Approach to resilience: Our service offers the cost and efficiency advantages that virtualisation brings along with centralised management and control, built in redundancy features like clustering, and a unified set of orchestration tools. The environment is backed by both our 100% Network Uptime Guarantee and our One-Hour Hardware Replacement Guarantee, supported by hundreds of Microsoft Certified experts to create a customised Virtualisation environment base.
• Outage reporting: Service outages are reported through both our support portal and direct contact from the appropriate service delivery manager who is assigned to the client. The method of communication will be agreed with the specific client, but could include email alerts, direct phone calls etc.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access in management interface and support channels is managed on a Role Based Access Control system (RBAC) as with the rest of the system. In this way you can control which areas of the system and support users have access to.
• Access restriction testing frequency: Less than once a year
• Management access authentication:
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Lloyd's Register LRQA
• ISO/IEC 27001 accreditation date: 02/05/2017
• What the ISO/IEC 27001 doesn’t cover: N/A - our ISO accreditation covers all of our business activities.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: Yes
• Any other security certifications: ISO9001:2008

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Tribal has been an ISO27001 certified organisation since 2009 and all of our development and delivery services will be delivered from locations which are specifically ISO27001 certified. The accreditation process included a review of Tribal’s Information Security Management System (ISMS) and our overall policy for handling data including how it is collected, held and maintained.; We have local security forums for all of our offices, which feed into our central Information Security Governance forum which reports to the board. We have permanent Quality and Security Managers who form part of this board.; As well as our regular certification revalidation process (carried out by external evaluators) we regularly test our systems and processes with a series of internal audits to ensure that policies and processes are being followed.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: For our software solutions, Tribal has a structured Change Control process for managing requests for change and enhancements. All Requests for Changes (RFCs) are raised via the Service Desk and go through internal vetting by the respective support team before gaining authorisation from Tribal. Regular Change Advisory Boards meet to review Emergency and non-standard changes. Details of all changes are provided to the Service Manager to review and will obtain final approval from the Contracting Body before proceeding. The Contracting Body will be involved in the change Process at each stage and included in any post implementation review as required.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: As part of our ISO27001 processes we have a risk/vulnerability assessment procedure which will be undertaken on any new customer site and service.; Patches will be deployed depending on the severity of the problem and the level of testing required.; Information about potential threats is found based upon initial and recurring risks assessments, internal procedures and known threats highlighted by both the industry and users.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our managed service includes the proactive monitoring of all services to identify potential compromises.; Based upon the nature of the compromise we would then respond to the agreed SLA.; The speed of the response will be determined by the severity of the incident.
• Incident management type: Supplier-defined controls
• Incident management approach: Our ISO27001 processes include a defined Incident Management process. All personnel are responsible for reporting incidents to the Information Governance Committee (IGC) or Security Forum representatives as quickly as possible. We have a formal Incident Report Form which staff use for recording the details of the incidents.; Security weaknesses will be recorded on a spreadsheet for tracking purposes. Any person can identify weaknesses, which will be managed by the Quality team in conjunction with the Security Forums and IGC as appropriate.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £7,500 an instance a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at technology.bids@tribalgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.