Team Netsol Limited

BECS Online Housing Benefit New Claim Application

Part of the BECS suite of online services providing self-service and assisted assessment, that allows for a customer to claim for Housing Benefit, Local Council Tax Support and welfare benefits. Integrated with back office, risk and portal systems to automatically deliver valid updates and reduce workloads.

Features

  • Secure online data capture using any modern browser
  • Intelligent application process ensures correct entitlement is claimed
  • Optimised question process based on customer circumstances
  • Customer self-service, or authenticated assisted use by trusted representatives
  • Automatic generation of supporting documentation and secure transfer to DMS
  • Automatic secure transfer of data to Revenues and Benefits systems
  • Integrates with Risk Based Verification and identity verification systems
  • Integrates with customer portals, CRM accounts and transaction history
  • Integrates with all main local authority EDMS (Document Management) systems
  • Save and return, change your answers, review information before submission

Benefits

  • Reduce contacts for advice on eligibility and entitlement
  • Reduce not-entitled application processing
  • Eradicate paper forms and reduce follow-on correspondence
  • Increase the quality and consistency of data captured from customers
  • Easy to use for non-technical customers and fully accessible
  • Keeps pace with changing legislation and local interpretation of rules
  • Channel shift from subject matter experts to Customer Service
  • Reduce the cost per application of processing complex circumstances
  • Speed up processing and aim for same-day service
  • Improves channel shift and digital transformation

Pricing

£0.01 to £0.10 a unit

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@teamnetsol.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

7 7 7 7 6 1 4 7 4 0 7 7 4 0 0

Contact

Team Netsol Limited Jake Elliott
Telephone: 01618348342
Email: sales@teamnetsol.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
An out-of-hours planned maintenance window is reserved for security patching and infrastructure upgrades once every 7 days. Buyers are notified in advance if a reserved window is to be used and end-users are notified before and during maintenance to minimise disruption.
System requirements
  • Users must have a modern, secure desktop/mobile Web browser
  • Back office integration requires secure reverse proxy or VPN connection
  • Risk scoring requires an active service API from RBV supplier
  • Back office integration requires the appropriate APIs from system suppliers

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response times apply Mon-Fri 9am-5pm excluding UK public holidays:

Critical - 1 hour response
High - 4 hour response
Medium (default) - 8 hour response
Low - 1 day response
Cosmetic - 1 day response

Out-of-hours monitoring of support requests is performed and response times then apply from the next available work day, unless a Critical issue is alerted that requires our business continuity call tree to be activated in which case response will be as soon as feasible.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Team Netsol is committed to providing excellent support for its services. We operate an ITIL-like Kanban issue resolution process that triages issues based upon their scale and impact:

Critical - Service unavailable or many users affected - Resolution within 1 day
High - Parts of service unavailable but still functional - Resolution within 1 week
Medium - Low number of users affected but still functional - Fix available for UAT within 1 month
Low - Minor issue with available workaround - UAT of fix within 3 months
Cosmetic - UAT of fix within 3 months

Customers log issues with our help desk via a dedicated email address or phone and are issued with a ‘Support Ticket’ which is visible to Support engineers.

Outside of standard help desk hours, there is monitoring of support requests and an emergency call tree process in place.

Bug fixes, security patches and issue resolution are included in the annual price. Customer Change Requests are subject to assessment to identify whether there is an associated cost that then needs to be approved by the customer.

We provide technical account management via our Support & Implementation Manager, escalated to our Product Manager and Infrastructure Manager as appropriate.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Installation and implementation are included within the pricing.

The implementation phase is documented and project planned with the buyer. This includes configuration of the system to the buyer's requirements, integration with their back office systems, secure connectivity, local data take-on, customised branding, and localisation of the rulesbase and text content.

A UAT instance of the system is provided to the buyer for further customisation and optimisation prior to deployment to Live production.

Onsite or Web-based training is included, depending on the buyer's preference. Training materials and reference guides are provided to the buyer for reference and wider distribution within their organisation.
Service documentation
Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
  • MS Excel
  • MS Word
End-of-contract data extraction
Data is generally transferred to the buyer's back office systems in real-time or batched within 1 day, depending on preference.

Partially completed data that reaches its data retention lifetime is securely deleted automatically from production systems.

Any partially completed, un-transferred data or generated documents that exist when the contract ends are transferred securely to the buyer in an encrypted compressed archive prior to secure deletion of all buyer data from our servers.
End-of-contract process
When the contract ends, the secure connection to the buyer's back office systems is terminated, and certificates and user accounts revoked. Buyer data is securely deleted within 30 days.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
No functional difference. Responsive design enables the service to be used conveniently on mobile devices.
Service interface
No
API
No
Customisation available
Yes
Description of customisation
BECS services may be customised as follows:

- Styling and branding customised in accordance with corporate guidelines where possible.
- Buyer-specific content may be changed.
- Question-and-answer rulesbase may be modified to match local requirements.
- Council Tax schemes are localisable to the buyer's local scheme.
- Policy schemes are localisable.
- Lookup data from local datasources can be imported
- EDMS document indexing is customisable
- Revenues & Benefits system automation is localisable
- Customer portal integration is customisable
- Supporting evidence requirements are localisable, including by RBV risk score
- Custom management reports can be added
- Administrative user accounts can be self-managed by the Buyer

Buyers localise and customise the services during the implementation phase by working through the agreed implementation plan.

After go-live, customisation is handled as part of normal support or as a Change Request, depending on the nature and scale of the customisation.

All customisation is performed by Team Netsol's staff on behalf of the buyer and is released to production systems once UAT has been performed by the buyer and approval given to proceed.

Scaling

Independence of resources
The system is vertically and horizontally scaled with ample capacity for a significant increase in use by individual or all customers, well above the peak processing periods normally experienced.

Several shared system components, e.g. storage, databases, etc. are configured for high availability and sized with future demand in mind.

Each system instance is re-sizeable and isolated from the resources of other instances.

Monitoring and alerting facilitates pre-emptive action by support staff when an instance's available resources fall below the acceptable threshold.

Resource availability is reviewed weekly during Infrastructure Team meetings and planned accordingly.

Analytics

Service usage metrics
Yes
Metrics types
A secure online dashboard is provided with a range of reports, generated daily.

Metrics reported include new session starts, completed assessments, submissions and abandoned sessions. 44 individual data points are collected.

Metrics are reported on daily, weekly, monthly, annual and all-to-date timeframes.

Standard reports include splits by assessment type, application type, channel, assisting organisation, staff member, application completion status.

The metrics and report types are fully documented and custom reports may be ordered at extra charge.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
End-users may export their data in PDF or HTML format using the in-built facilities in the system. Requests under the DPA 2018 for migration of data in other formats will be handled in accordance with, and within the timescales described by, the law.

Authorised buyer staff with the appropriate permissions may use the system's administrative features to export individual records of data in PDF or HTML format. Management information is also available to them for export in PDF, CSV and Excel formats.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • XML
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
We are assured to Cyber Essentials Plus and implement data pseudonymisation and strong encryption of data and filesystems.

Network access is restricted by client device digital certificates and we implement daily revokation of user privileges requiring our authorised technical staff to seek daily approval to access infrastructure resources.

We operate an ISO 27001 compliant ISMS and have strict Data Protection, Confidentiality, and Information Classification and Handling policies in place.

Availability and resilience

Guaranteed availability
SLA for service availability is 99.9% and for packet delivery is 99%.

Service Level Credit is calculated as: (Annual Price x Outage Minutes) x SLA% / (365 x 24 x 60)

Service Level Credits must be requested within 5 days of an outage and are subject to a monthly maximum.
Approach to resilience
Team Netsol's services are designed to be resilient. Further details are available to interested buyers on request.
Outage reporting
Email, SMS and private Twitter alerts are sent to Team Netsol engineers for any sub-optimal events or incidents.

Outage reporting to customers is performed by email by our support staff to designated contacts once an event is confirmed by our engineers as an outage or another significant incident that affects customers.

Identity and authentication

User authentication needed
No
Access restrictions in management interfaces and support channels
End-users, e.g. citizens, are not required to authenticate with the data capture services, but may authenticate via the system or a buyer-supplied customer portal in order to retrieve previously saved information.

Authorised buyer staff may access administrative features via a secure interface which requires authentication. Access to administrative interfaces is restricted by IP address where required by the buyer.

Authentication complies with NCSC guidelines and is protected against brute-force, dictionary and replay attacks. User activity is logged for audit purposes.

Only designated buyer contacts may request support and administrative password resets are never performed via email or to unknown callers.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • Cyber Essentials Plus
  • ISO 27001 accreditation in progress

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Team Netsol's Information Security Management System is compliant with ISO 27001.

Team Netsol is currently working with its CREST-approved security advisors to finalise its ISO 27001 accreditation in 2019.

Team Netsol is Cyber Essentials Plus accredited across all its operations and services, certificate no. 9878133970059378

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Team Netsol's policies and procedures are compliant with ISO 27001 standards and are available for inspection on request.

Team Netsol implements a risk management approach to security and any system changes are assessed for risks, known threats and vulnerabilities.

We implement a Secure Development Policy which includes OWASP guidelines, SOLID and DRY principles for code development.

We have firm change management procedures and use Scrum for new development and Kanban for ongoing support and implementation, supported by industry-standard tools for issue tracking, configuration management and deployment.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Team Netsol's policies and procedures are detailed in our ISO 27001 compliant ISMS.

All security patches are deployed within 14 days of notification, in accordance with Cyber Essentials Plus guidelines.

Threat management is operated via a mix of automated facilities from our infrastructure vendors, our own research of security bulletins and weekly review of CVE databases.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Team Netsol's protective monitoring approach is described in its ISMS policies and procedures which may be inspected on request.

Potential compromises are assessed as a critical priority and any actual breach will be reported in line with the Data Protection Act 2018 and the Information Commissioner's Office guidelines.

Incidents are responded to within the timescales determined by our ISMS based on their scale and impact.
Incident management type
Supplier-defined controls
Incident management approach
Team Netsol's incident management processes are described in its ISMS policies and procedures which are compliant with ISO 27001 standards and may be inspected upon request.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£0.01 to £0.10 a unit
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@teamnetsol.com. Tell them what format you need. It will help if you say what assistive technology you use.