Simpson Associates Information Services Limited

Student Analytics for Education

Simpson Associates Student Analytics for Education, uses descriptive and predictive analytics to give tutors and administrators a way to measure and monitor student performance.
It aggregates multiple types of student data, such as; attendance, VLE and social factors and uses machine learning to monitor for indications of risk.

Features

  • Aggregate multiple types of student data from disperate sources
  • Uses machine learning to monitor for indications of risk.
  • Single view of the Student
  • Dashboarding and Report

Benefits

  • Early indication of students at risk
  • Single view of a Student
  • Increased retention

Pricing

£50000 per unit

  • Education pricing available

Service documents

Framework

G-Cloud 11

Service ID

7 9 2 3 3 1 7 6 8 3 8 1 2 8 5

Contact

Simpson Associates Information Services Limited

Nick Evans

01904 234 510

gcloud@simpson-associates.co.uk

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Can integrate with Microsoft CRM Dynamics
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
No.
System requirements
Application is a hosted web application

User support

Email or online ticketing support
Email or online ticketing
Support response times
2 hours during weekdays
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Our help desk is available from 9:00am to 5:30pm, weekends and bank holidays excluded. • Calls may be logged 24 hours a day and 7 days a week on our help desk portal. The response time will start from the start of the next working day. • Calls must be logged by the customer in one of the following ways: - Email, Telephone or Web Portal • The call first response time will be no longer than two hours and often much quicker. • Support calls will be prioritised as follows: o Priority 1 – the system is unusable with no work around. o Priority 2 – the system is unusable with an agreed work around or a critical error2 without a work around. o Priority 3 – all other issues • Incidents will be resolved in the following time-scales: o Priority 1 incidents we will endeavour to provide a fix or work around within 2 working days. o Priority 2 incidents we will endeavour to provide a fix or work around within 2 working days. o Priority 3 incidents we will endeavour to fix or find a work around within 5 working days.
Support available to third parties
No

Onboarding and offboarding

Getting started
Full product documentation with in application guides
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
All data will be supplied in a csv file format as a simple data extract
End-of-contract process
All end of contract services will be described in an exit plan and form part of the costs of service.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Dashboards available on mobile devices
Service interface
No
API
No
Customisation available
Yes
Description of customisation
Bespoke configuration of data sources and machine learning models

Scaling

Independence of resources
Separately allocated resources

Analytics

Service usage metrics
Yes
Metrics types
Usage of the platform
Reporting types
Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Download in CSV or PDF formats
Data export formats
  • CSV
  • Other
Other data export formats
PDF
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
See Microsoft's Online Service Terms at http://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=13655
Approach to resilience
Please see https://www.microsoft.com/en-us/cloud-platform/global-datacenters and https://www.microsoft.com/en-us/TrustCenter/
Outage reporting
Please see https://azure.microsoft.com/en-us/status/ and https://portal.azure.com/#blade/HubsExtension/ServicesHealthBlade

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
"Azure-AD can designate separate administrators to serve different functions. These administrators will have access to features in the Azure portal and, depending on their role, will be able to create or edit users, assign administrative roles to others, reset user passwords, manage user-licenses, and manage domains, among other things. A user who is assigned an admin role will have the same permissions across all of the cloud services that your organization has subscribed to, regardless of whether you assign the role in the Office365 portal, or in the Azure classic-portal, or by using the Azure-AD module for Windows PowerShell.

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-assign-admin-roles"
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
No audit information available
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
We are working towards ISO27001 information security certification and operate a system that reflects these standards.
Information security policies and processes
Our information policy information ensures that data exchanged with other organisations is protected against unauthorised access and disclosure and complies with all regulations.

This applies to all forms of communications and information exchange including voice conversations in person or by telephone, video and email communications, Instant messaging etc.

Suitable security measures such as (egress filtering on firewalls) is implemented to minimise the risk of transmission of malicious code.

Employees should not compromise or disadvantage Simpson Associates or bypass other controls through types of communication, for example by email defamation, harassment, impersonation, forwarding of chain letters, making unauthorised purchases or contractual agreements etc.
Suitable cryptographic techniques are used to protect the confidentiality, integrity and authenticity of information this is outlined in the Cryptographic Controls Policy.

Employees must comply with retention and disposal requirements for all business correspondences in accordance with relevant policies and procedures.

Enforcement will be managed through audit and spot checking by the support team.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Changes to the service must be raised in writing via a standard Change Request Form.
Each Project Change Request is added to the Change Request Log
Each Change will be review and agreed with the client.
Vulnerability management type
Undisclosed
Vulnerability management approach
Vulnerability management is managed though our support desk who collaborate with their customer peers. Changes will be managed through the change management processes which dictate the speed by which patches are applied.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Upon receipt of a security-relevant event, an alert is triggered. A support analyst then determines whether the event represents suspicious activity and is therefore deemed a legitimate threat or not, and, if so notifies the relevant personnel, irrespective of the time of day.

Any compromise or suspected compromise will be reported to the security team to asses the appropriate response and subject to change management processes. Threat nature will determine response time.
Incident management type
Supplier-defined controls
Incident management approach
Application Support is provided on a 9x5.30 weekday basis as part of the solution.

An ITIL-based Incident Management process is followed by the Support Desk in order to manage individual incidents. Update and Escalation timings are in line with the Incident Priority.

Reports can be made via email, service desk portal or phone. All incidents are tracked via an online ticketing systems available on a 24x7x7 basis for customers to track and report on incidents logged.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£50000 per unit
Discount for educational organisations
Yes
Free trial available
No

Service documents

Return to top ↑