Cloud Service for One Education helps your teams work more efficiently, so you can invest your time and resources on improving the lives of children and families. Provides a clear picture of a child or family’s circumstances, giving you the information you need to intervene early and improve outcomes.
- Capita One Education provided as a complete software-as-a-service
- Availability, Capacity, Security and Performance managed by Capita One
- All Software updates, technology refreshes, patches and continuous improvements
- Monitoring of school attendance, attainment and achievement
- One Education is single comprehensive record of children and families
- Online portals for parents
- Wide range of functionality as standard and as options
- Flexible pricing models available
- Supports effective administration of services
- Azure underpins the Service building upon Microsoft accreditations
- Migration to Cloud service (onboarding)
- One price for complete service giving budget certainty
- Immunity from technology changes
- Can focus on improving lives of children and families
- Supports safeguarding of children across your Authority
- Allows delivery of targeted support.
- 24*7 Service availability
- Can monitor the performance and outcomes for vulnerable children
- Supports efficient team working with time-saving solutions
- Supports early intervention and improved outcomes in your Authority
£13737 per instance per month
Capita Business Services Limited
Capita Business Services Ltd
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||Capita One Education forms part of the Capita One portfolio of software services delivering comprehensive solutions across the Public Sector and Housing Association marketplace.|
|Cloud deployment model||Private cloud|
|Service constraints||One Education will provide at least 99.0% availability during supported office hours, defined as 08:00 – 18:00 Monday to Friday, excluding English public holidays and scheduled downtime. Scheduled downtime covers tasks including, but not limited to, new releases (software upgrades) and server patching. In cases of unscheduled downtime for emergency changes, we will endeavour, but cannot guarantee, to complete work outside normal office hours (09:00 – 17:30 Monday to Friday).|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
The majority of communication from us will be in the form of updates added to My Account. For P2 or higher priority incidents, we will aim to call you in the first instance. We aim to make our initial response to cases based on their priority:
Response times are based on working hours – 08.00 – 17.30 Mon – Thurs 08.00 – 17.00 Fri.
High Severity (must be logged by telephone) : response within one working hour (30 minutes for critical issues).
Medium Severity: Response within four working hours.
Low Severity: Response within two working days.
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Support requests can be logged with the Capita One Service Desk by telephone or online using our My Account facility. Access to the My Account system is available 24/7/365. Access to the knowledge base can successfully assist you with resolving an issue without the need to log a call.
Response times are priority based and our aim is to meet and exceed the response times outlined in the Capita One Support Charter 2018 and to deliver excellent customer service.
P1 incident response is by telephone within 1 hour (30 mins for critical issues) and lower priority responses are typically under 8 hours. Additionally, the Hosted solution includes all application version upgrades including hot fix, service pack and major version changes. Ownership of problems is from initial problem determination through to resolution of the issue and restoration of service.
The standard level of support is included with the monthly service charge.
|Support available to third parties||Yes|
Onboarding and offboarding
Capita recognises that transition of a service to and from a new solution presents potential business risks. To reduce risk, a Technical Project Manager will help you assess your business needs and provide an overall solution design before onboarding takes place.
This process will provide a transition plan for setting up the services, reducing risk, ensure clarity of tasking and maximising uptime. Capita will work to support the applications and database installation.
For end users of the service there are options for on-site training, online training (often via webinars) and extensive online user documentation.
|End-of-contract data extraction||
The off-boarding process is intended to provide a complete set of data back to the Customer and the eventual closing down of the hosted infrastructure. The One data will be transferred in standard Oracle Database format and standard SQL server database format following secure file transfer protocol within 14 days of the termination of this hosting agreement.
The process to prepare the data is essentially the same as that of the onboarding process where all of the data and associate files will be provided to the Customer. Infrastructure components will not be provided as part of the process.
|End-of-contract process||At the end of the Contract, following the off-boarding of data, the infrastructure managed by Capita will be decommissioned and all data held within the One product will be securely deleted. If applicable any non-shared hardware will be securely disposed of. The extract and removal of data and decommissioning form the basis of the Exit Plan included in the services. Additional services can be provided at additional cost.|
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||No|
|Accessibility standards||None or don’t know|
|Description of accessibility||Users can make use of desktop based accessibility features e.g. magnifier.|
|Accessibility testing||None - We do not currently test using assistive technologies or with assistive technology users.|
|What users can and can't do using the API||
The Hosted service itself does not have a web interface. As such, there are no automation tools that work with our service.
The One products available to the end users do have an API Service which is read-only. This API covers the following modules/ areas:
Students, Bases, Involvements, CSS, SEN, Attendance, Exclusions, Attainment.
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||
The service itself may be customised in various ways by the inclusion of optional services and software.
The Capita One Education software itself can be customised by authorised users to adapt the operation of the software to the specific needs of an individual local authority.
|Independence of resources||The technical solution provides for application software that is not multi-tenanted; each customer has their own dedicated application instances and isolated databases, meaning that other instances will not have a negative impact on your implementation. Shared services and resources are also part of the system, but automated systems and the ability to scale out resources within minutes protect performance and availability.|
|Service usage metrics||Yes|
These can include
• Infrastructure metrics eg, CPU, disk, memory, number of instances.
• Backup reporting.
• Security/ Threat reporting.
• Patching reporting.
• Custom reporting agreed with individual customers.
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Other data at rest protection approach||All data is stored encrypted at rest. Access to customer data is restricted based on business need by role-based access control, multifactor authentication, minimising standing access to production data, and other controls.|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||Users may export data in standard Oracle Database format and standard SQL server database formats and via use of the relevant database or reporting toolsets.|
|Data export formats||Other|
|Other data export formats||Determined by the relevant database technology and associated reporting toolsets.|
|Data import formats||Other|
|Other data import formats||Data imports are via supplier facilities supporting multiple formats|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
|Other protection within supplier network||The hosting platforms are designed to be compliant with the UK Government cloud security principles and are tested annually for defects against this standard. We use TLS1.2 or above for encrypted traffic and IPsec compliant VPNs with SHA256 bit encryption.|
Availability and resilience
Capita One Education shall provide at least 99.0% availability during supported office hours, defined as 08:00 – 18:00 Monday to Friday, excluding English public holidays and scheduled downtime.
Scheduled downtime covers tasks including, but not limited to, new releases (software upgrades) and server patching. In cases of unscheduled downtime for emergency changes, we will endeavour, but cannot guarantee, to complete work outside normal office hours (09:00 – 17:30 Monday to Friday).
The standard service does not include payment of refunds for availability below target levels, although a service credit regime may be added to the service. Any pricing adjustments necessary would be determined by the precise service level and service measurement requirements.
|Approach to resilience||
Capita One Education is provided from a world-class private cloud platform with proven reliability and resilience at the core of the platform.
The Capita One Education service makes active use of high availability, resilience and disaster recovery features, across multiple UK regions, and availability zones.
Additional information is available upon request.
|Outage reporting||Service outages are communicated in differing ways dependent on the magnitude of the service outage. For a multi customer service outage, email communications will be sent out to all customers advising the status of outage with regular updates on progress as well as a status message being provided on the Home Page of the online ticketing system. A service outage that affects a single customer will be communicated both by email and by telephone. Historical outage reporting is provided as part of the quarterly service review pack as well as being available at an individual Customer level via the online ticketing system which offers an on-demand view of this.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||
Access to the System Administration functionality (where administrative functions are managed, including user maintenance and system configuration) is controlled by username and password.
Access to the My Account Portal is controlled by username and password. New customers with responsibility for contacting the Support Desk are encouraged to register on the Support Portal. If Customers contact us by telephone or email, their details are matched to an existing registration. If none exists, they are either asked to register or, if appropriate, the details of their call are linked to a colleague who is registered.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Cloud service hosting certified by BSI.|
|ISO/IEC 27001 accreditation date||Microsoft recertification date: 20/06/2017; Expiry: 19/06/2020.|
|What the ISO/IEC 27001 doesn’t cover||N/A|
|ISO 28000:2007 certification||No|
|CSA STAR certification||Yes|
|CSA STAR accreditation date||Microsoft dates: 20/06/2017 expires 19/06/2020.|
|CSA STAR certification level||Level 3: CSA STAR Certification|
|What the CSA STAR doesn’t cover||N/A|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||Other|
|Other security governance standards||
Our cloud service provider complies with many standards including CSA CCM v3.0, ISO/IEC 27018, ISO/IEC27001, UK Cyber Essentials PLUS.
Capita has a significant number of Information Security Policies and Standards that cover ISO 27001 clauses and controls.
Further details on the comprehensive compliance offerings are available upon request.
|Information security policies and processes||
As part of Capita Business Services, we work to policies and standards that are aligned with ISO27001, these are agreed and signed off by the Group CEO and cascaded to the businesses via an internal intranet site and email communication. In addition, each year when staff complete their annual training they agree to comply with both Group and Business Unit Level policies.
Information Security staff as well as Capita Audit complete announced and unannounced checks to ensure that the policies and standards are being followed. Any non-conformities are reviewed and dealt with appropriately.
Information Security is dealt with at all levels of the business including at the Business Unit, Divisional Unit and Capita Group.
The maintained ISMS Management Policies include:
• Acceptable Use Policy
• Access Control Policy
• Access Control Policy
• Compliance Policy
• Data and Asset Management Policy
• Information Security Management Policy
• Mobile Working Policy
• Personnel Policy
• Physical Security Policy
• Risk Management Policy
• Systems Acquisition Development and Maintenance Security Policy.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Capita maintains the assets which make up the solution using ITIL v3 incident, problem and change management processes which align to the ISO27001 standard. No configuration items are added or changed without the appropriate review and backout planning to ensure that the risks and impact are appropriately managed prior to delivery of the change into live.|
|Vulnerability management type||Undisclosed|
|Vulnerability management approach||Capita has a significant number of Information Security Policies and Standards that cover ISO 27001 clauses and controls to triage vulnerabilities. Capita will monitor security alerts from various sources such as Secunia, NIST or Gov Cert UK and will assess the patches that are released by operating systems’ suppliers, and software vendors. All patches are graded Critical, Recommended or Low. The grade of the patch will determine the timescale in which a patch will be installed. Critical patches will be installed at the next available opportunity. Automated vulnerability and threat detection services will also be employed.|
|Protective monitoring type||Undisclosed|
|Protective monitoring approach||
Incident Response methodology:
•Monitoring, control, communication
Nominated stakeholders will perform communication and data gathering with users.
•Ensure the privacy of those affected
•Report and document potential breaches of confidentiality to Governance and Compliance.
•Ensure integrity of data is maintained throughout the lifecycle
•Maintain a full inventory of the data tracking additions and amendments
•Encrypt and store data securely.
•Ticket with event description made for correspondence and reporting purposes.
•An Incident Manager will own an event through its lifecycle
•ISO27001 standards for accountability are reviewed for the lifecycle at each stage.
|Incident management type||Supplier-defined controls|
|Incident management approach||
We have a defined, approved and tested Incident Management process; the process has a list of example incidents that are designed to cover a wide range of scenarios. All staff are made aware of the incident reporting process and randomly tested for effectiveness.
Incident reports will be passed to relevant customers if there has been an impact to their environment or data.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£13737 per instance per month|
|Discount for educational organisations||No|
|Free trial available||No|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Terms and conditions document||View uploaded document|