Idox Software Limited

Additional SEND local offer channel

Partnering with councils to develop information, advice and guidance platforms for local communities. Over 70 councils have worked with us to develop intuitive and engaging SEND Local Offer websites that bring together information and services available to children and young people with special educational needs or disabilities.

Features

• Advanced Ofsted Feed Manager for Ofsted registered providers
• Local offer module integrates with existing council directories and websites
• Easily recognisable and accessible with tailored look and feel
• Mobile responsive on tablets and smartphones
• Interactive wellbeing for more targeted and personalised information and services
• Easy to update and maintain service information
• Data Sharing and Data Harvesting modules available
• Search Widget for projecting content to partner sites
• Advanced API for integration with other systems
• Disabled Children’s Register option

Benefits

• Be fully compliant with the Special Education Needs (SEN) Reforms
• Promotes a comprehensive Local Offer to the community
• Providers update their listings minimising administration effort
• SLA provides fast track turnaround of support requests
• Streamline the management of your Disabled Children’s Register
• Improves usability for users with advanced search and browse options
• Easily projects your content to partners using the Search Widget
• Easily share your data with neighbouring Local Authorities
• Promotes a comprehensive Local Offer to the community
• SLA provides fast track turnaround of support requests

£10290 per unit

Service documents

• Pricing document (pdf)
• Terms and conditions (pdf)
• Modern Slavery statement (pdf)

Framework

G-Cloud 11

Service ID

629527697749621

Contact

Idox Software Limited

Lucy Holland

0333 011 1200

frameworks@idoxgroup.com

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: Idox Open Objects Datastore Platform
• Cloud deployment model: Hybrid cloud
• Service constraints: No
• System requirements:
  • None - The Solution is provided as a SaaS solution
  • No hardware dependencies

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: According to our published SLA (Service Definition)
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: According to our published SLA (Service Definition)
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onboarding on-site training and support services.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Training video clips for core functions
• End-of-contract data extraction: As structured CSV
• End-of-contract process: Data is provided to customer

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: Yes
• Description of service interface: The service users interface interface using a web browser.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Screen reader's have been tested with presences.
• API: Yes
• What users can and can't do using the API: Can: Extract all data on demand, and iterate to extract specific data records or sets of records.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Service can be customised to adopt any banding with local configuration options and controls via web admin GUI.

Scaling

• Independence of resources: High redundancy and load balancing and scalable bandwidth on demand.

Analytics

• Service usage metrics: Yes
• Metrics types: Usage statistics and database reporting
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Via the admin user console
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 98% availability per 30 day period
• Approach to resilience: We provide a highly redundant, load balanced environment with scalable bandwidth on demand.
• Outage reporting: Outages are reported via the Idox Service Desk.

Identity and authentication

• User authentication needed: No
• Access restrictions in management interfaces and support channels: Public web is open access. The service provides open access web browsing, secure access for administrator access and professional. Management access is permitted only from internal networks, themselves requiring two factor authentication to access. Access control lists restrict access.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Username or password
  • Other
• Description of management access authentication: Authentication is via centrally controlled accounts where possible.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International Ltd
• ISO/IEC 27001 accreditation date: 18/06/2016
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Idox Software Ltd has an ISO 27001-accredited information security management policy that applies to the business functions within the scope of the Information Security Management System and covers the information, information systems, networks, physical environment and people supporting these business functions. Internal audit and information security awareness training is conducted to ensure policies are followed. Risks raised through internal and external audits are reviewed at management meetings by the information security manager, the appropriate head of business and a board representative.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Changes requests are raised, risk assessed and then deployed to a test system/environment as applicable. It will then be passed to production following a successful sign-off by QA.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We monitor a variety of sources for new software vulnerabilities and vulnerability reports, and software vendors for patches and new releases. Major releases of public facing applications undergo internally and/or externally conducted penetration testing. New vulnerabilities are risk assessed and deployed to the environment accordingly.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: A variety of IDS systems monitor activity and raise alerts accordingly. All systems are monitored for unusual activity above this. Security personnel are alerted 24x7 for any concerning activity. Any potential compromised raised in line with our security incident reporting procedure.
• Incident management type: Supplier-defined controls
• Incident management approach: Security incident reporting process summary: incidents or suspected incidents are raised to internal service desk and reviewed by information security manager. They are allocated a risk reference, entered into the information security risk log and tracked until closure. In the case of major incidents a major incident report will be produced.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £10290 per unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document (pdf)
• Terms and conditions (pdf)
• Modern Slavery statement (pdf)