Groupcall Limited

Assembly Analytics

Assembly Analytics makes data analysis and aggregation quick, simple and efficient. It enables staff in a Multi Academy Trust (MAT) to bring together data from multiple sources for comparative overviews of delivery or in-depth drill downs on group or individual student and staff performance


  • Aggregated data from multiple schools and multiple data sources
  • Dashboards covering demographics, public examinations, internal assessment, operations, finance etc.
  • Benchmarking and contextualisation using public data
  • Intuitive data visualisation
  • Easy, cloud-based access to school data
  • Works across a range of MIS and other partner systems
  • Available on any device


  • Data can come from a range of partners
  • Consistent view of data, regardless of the source system
  • All key performance measures are included, no additional solutions needed
  • Data extracted regularly and automatically
  • Supporting school improvement by sharing good practice
  • Can access data from anywhere on any device


£400 per licence per year

  • Education pricing available

Service documents

G-Cloud 11


Groupcall Limited

Jagrajj Atwal

0208 506 6100

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints None known
System requirements Supported browser required

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Initial response usually within one hour during normal UK business hours
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Full support is included in the costs. A dedicated account manager is provided who can escalate any issues as required.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Support and training is built into the implementation plan for each customer
Service documentation Yes
Documentation formats
  • HTML
  • Other
Other documentation formats Full online help 'microsite'
End-of-contract data extraction Data is made available to customers at the end of the service contract
End-of-contract process Customer data is made available to the customer prior to their licence being deactivated at no additional cost

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Full access on all devices. Optional mobile app available
Service interface No
Customisation available No


Independence of resources Service is provided via Amazon Web Services with full elastic cloud functionality enabling peaks of usage to be handled smoothly


Service usage metrics Yes
Metrics types Number of active users
Reports accessed
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach • Encryption of all physical media
• Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users can extract their data at any time during live service into a number of formats
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • SQL
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 99.99% under AWS
No refunds in place
Approach to resilience We use AWS Dublin data centres with their associated resilience and elastic cloud services. Further information on the AWS resilience can be found on their website.
Outage reporting Email alerts are sent to affected customers

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Admin user roles are set by the customer who can access additional data and set up users. We nominate specific customer contacts for support access whom we accept cases from.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date Original certification gained in August 2018
What the ISO/IEC 27001 doesn’t cover Assembly processes and services
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Cyber Essentials
  • Our DPO holds formal GDPR and CIS certifications

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We have a full Information Security Management System in line with our ISO 27001 certification. We are externally audited annually to ensure our policies and processes are robust and continue to meet the ISO 27001 standards.
Our CEO and Senior Management Team fully endorse the security policies and processes and ensure that all staff receive regular and relevant training around these and their overall data protection responsibilities.
Staff contracts and handbooks reinforce the policies and disciplinary procedures are in place for any breaches of these

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All service components are tracked throughout their lifetime and monitored for any issues by senior technical staff. Whenever changes are required these are dealt through change management processes and are documented, tested and approved before being posted to the live environment. All configuration and code changes are tested in our staging environment prior to go-live
Vulnerability management type Supplier-defined controls
Vulnerability management approach We perform regular monitoring and assessment of potential vulnerabilities to ensure swift identification of potential issues to allow for speedy resolutions. Regular penetration and internal testing is undertaken across all services.
Patches are deployed in line with guidance and are kept up to date at all times.
We subscribe to a wide range of data sources in order to ensure we are kept informed of potential threats and can implement appropriate security measures around these.
Protective monitoring type Undisclosed
Protective monitoring approach Any identified potential compromise is treated as the highest priority and if necessary services are disrupted to protect customer data until full investigation is made. In our ISO 27001 logs we record both confirmed incidents and also investigated incidents that were identified to be false alarms.
Incident management type Supplier-defined controls
Incident management approach We have predefined processes for common information security events including data security queries from customers and actions resulting from customer misconfiguration of information in our software. Users report incidents via our service desk and where incidents are determined to be valid then a report is logged on our incident management log. Any actions taken, whether resulting in a confirmation of an issue or not, are reported back to the customer and we review processes after any incident to ensure we can guard against or manage the risk moving forwards.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £400 per licence per year
Discount for educational organisations Yes
Free trial available No

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑