SBS Online is budget management and monitoring software for the education sector. It forecasts accurate salaries, reports on multiple scenarios and allows monthly payroll and budget monitoring.
The software is suitable for all types of schools including maintained, academies, MATs, federations and independents.
- Unlimited budget scenarios for any 1-5 year period.
- Reports in CFR, GAG and custom/governor-friendly formats.
- Real-time, comprehensive staffing, budget and KPI reports.
- Automated monthly payroll reconciliation and salary monitoring.
- Monthly budget monitoring with projected year-end forecast.
- Multi-school module for consolidated reporting and monitoring.
- Student contract module to forecast income.
- Accurate staffing cost calculations including NI and pension.
- Efficient reporting of ring-fenced income and expenditure.
- Project 5 year income using LA-specific funding formulae.
- Save time through automated processes.
- Save money with increased budgeting accuracy.
- Make informed and immediate decisions.
- Demonstrate compliance during audit processes.
- Eradicate errors with built-in failsafe checking.
- Achieve peace of mind with reliable data.
- Engage stakeholders, including budget holders, governors and SLT.
- Access any time from any device.
- Receive hassle-free, automated updates.
- Benefit from unlimited, fully-accredited support.
£199 to £999 per unit per year
- Education pricing available
- Free trial available
School Business Services
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
SBS Online is accessible 24/7, 365 days per year. Planned maintenance kept to a minimum and performed outside of normal office working hours, which are 8:00am - 5:30pm, Monday - Friday.
Service desk is available from 8:00am - 5:30pm, Monday - Friday.
There are no constraints or requirements of end users to implement software upgrades.
|System requirements||Access to a web browser.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Average response time < 20 minutes during normal working office hours (08:00 - 17:00).|
|User can manage status and priority of support tickets||No|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Migration of existing budget to SBS Online (£69).
Implementation care plan - first 3 months with assigned account manager (free of charge).
Technical account management support for duration of contract (free of charge).
Service desk support - contactable by phone or email (free of charge).
Onsite consultancy (£550 per day).
Remote consultancy (£85 per hour).
|Support available to third parties||Yes|
Onboarding and offboarding
When schools sign-up they are issued with 'data-collection templates,' allowing us to migrate their existing budget onto our platform. Each school will be assigned an implementation care plan account manager, who will be there to support with every step of the implementation process.
Once we have received the schools' financial data we create their planner. We will issue the users with a URL and log-in credentials to access their planner. We will provide onsite training on copies of the schools' own data.
After the initial onsite training day, we routinely follow-up with account management calls for the remainder of the 3 month conversion care plan. There is also online help in the system, which can be downloaded as a full user guide, or alternatively viewed as concise in-screen instructions relevant to each page through the 'i-help' feature. Furthermore there is the service desk, which is available Monday - Friday 8:00am - 5:00pm.
|End-of-contract data extraction||SBS Online makes it possible for the user to extract any part of their own data at any time. This is since nearly every screen in the system is able to be exported into PDF and Excel formats. However when it comes to the point of contract end, the SBS Online team will be available to assist with any part of this process in returning all the data to the user.|
At the end of contract, users will either get the option to renew their licence or cease using SBS Online. Our terms and conditions require a 3 month termination notice.
Should the school decide to terminate the agreement SBS Online commit to ensuring that all data belonging to the school is destroyed. However, we will house the data for up to one year following the end of a contract should it be requested. This is included within the licence cost.
After the contract expiry, should the school wish to access their old data there may be an administrative fee applicable.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||No major differences. Some chart formats may differ.|
|Accessibility standards||None or don’t know|
|Description of accessibility||
Upon releasing certain new functionality we will produce a video detailing benefits and how to utilise it.
SBS Online has 3 different themes to cater for users with differing visual preferences.
SBS Online has a number of in-screen prompts to the user to suggest unrequired actions.
The menus and forms are all navigable via keyboard and mouse, and there is almost no non-text content.
|Accessibility testing||Some pages tested with a screen reader.|
|What users can and can't do using the API||
We have the API infrastructure in place to build integration with other school administration systems. We are currently live for PS Financials, with plans in place for Capita SIMS, ScholarPack and Sage.
The API is installed alongside existing software packages, either locally or in the cloud. In most cases this will be performed by SBS. To make changes in either SBS Online or an integrated system, the user specifies the data to exchange and then executes it in real time.
There are no limitations beyond the standard functionality of the API itself.
|API documentation formats||HTML|
|API sandbox or test environment||Yes|
|Description of customisation||
Users can decide to purchase a full budget migration with training or they can purchase the software licence alone.
Users can assign staff varying access levels.
Each user can adopt different themes.
Users can create customised reporting structures.
Reports are customisable through import of School logo.
Schools can apply custom pay scales.
Larger organisations, such as Local Government or Trusts can also customise the level of functionality made available to the smaller sites within their care.
|Independence of resources||
Within realistic parameters, SBS Online can handle approximately 750 requests per second. Given the normal usage pattern of the software, which usually has an individual user make only 1 to 3 requests per minute, the number of concurrent users is easily in the tens of thousands.
If we were to experience traffic as high as 750 requests per second, additional servers would automatically be provisioned to balance the load and ensure the speed and responsiveness of the system.
|Service usage metrics||Yes|
|Metrics types||We can, on request, provide usage statistics by school and user. We can also provide school and user level service desk statistics to highlight any potential training requirements.|
|Reporting types||Reports on request|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||In-house|
|Protecting data at rest||
|Other data at rest protection approach||AWS data centers are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors.|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||
Users can export their data from the majority of screens in the system.
Users get the option to export their data into either PDF or Excel formats.
|Data export formats||
|Other data export formats||
|Data import formats||CSV|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
SBS Online is available for use 24/7, 365 days a year. Planned maintenance is communicated to all customers well in advance and is always performed outside of normal working hours. Downtime for planned maintenance rarely exceeds 10 minutes.
SBS Online offers an up-time guarantee of 97.5%.
In 4 and a half years SBS Online has been down (unplanned) for a total of 12 minutes.
If at any point users feel aggrieved at poor levels of performance and availability we will discuss each case on merit.
|Approach to resilience||Our Amazon Web Service datacentre provides Internet-scale, world-class infrastructure which is DDoS-resilient by design and is supported by DDoS mitigation systems that can automatically detect and filter excess traffic.|
We have implemented a number of automated checks to highlight any outages. Once identified these are reported via email alerts. These alerts are sent to the lead developer and product manager.
At this point there are a series of measures employed to ensure swift resolution and minimal impact to the user base.
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||Access in management interfaces and support channels is by a combination of Username / Password and IP address whitelisting (restricting access to our Head Office).|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||The British Assessment Bureau|
|ISO/IEC 27001 accreditation date||23/10/2015|
|What the ISO/IEC 27001 doesn’t cover||N/a|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
SBS Online is fully compliant with the Data Protection Act. All staff members undergo a thorough data screening and induction process where there is a strong onus on data security.
SBS Online and its member’s promote good practice, and hold an IS27001 accreditation for our data security.
All new and improved data security processes are agreed during operational meetings then cascaded to staff via team meetings. All changes to existing policies and creation of new policies are documented within the company HR system. These policies are made available to staff and request confirmation that they have been reviewed. HR ensure that staff remain compliant in keeping up to date with company policies.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||All components of the service are tracked in a Version Control System. During development, a series of automated integration and unit security tests are continuously run, as well as manual testing. Before each release, a final set of automated tests are run, and a full manual regression test is performed.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
The development team are signed up to automated feeds of CVE vulnerabilities for all relevant software components. Any serious vulnerabilities are taken on a case-by-case basis and if necessary are acted upon as soon as is practicable (usually within 12 hours).
Servers are automatically patched with non-critical security updates on a weekly basis.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Several automated alerts are in place to identify problems such as excessive error reports, large amounts of traffic, and suspicious network activity. Our procedures treats any potential compromise as an 'all hands on deck' situation, and immediate investigation will begin.
At a provider level, AWS utilizes a wide variety of automated monitoring systems to provide a high level of service performance and availability. These tools monitor server and network usage, port scanning activities, application usage, and unauthorized intrusion attempts. Systems within AWS are extensively instrumented to monitor key operational metrics.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
Our incident management process is based on the ISO27001 standard (for which we are accredited).
All incidents are reported and logged, and a root-cause analysis is undertaken. Any corrective action resulting from this is undertaken as soon as is practicable, and if there is a possibility of user data being compromised, affected users will be notified by email.
Note that to date we have not suffered any incidents of this nature.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£199 to £999 per unit per year|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||We offer a full day where a member of the team will come onsite and offer a full interactive workshop where users can interrogate the system and seek on-the-spot guidance around the software.|
|Pricing document||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|