Oxford Computer Consultants

OCC MarketPlace

OCC MarketPlace provides a resource directory covering organisations supplying adult and children's care and support services. Optional features include eBrokerage; NHS Data Syndication; Ofsted Integration; SEND compliance; Online Financial Assessments: Online Client Financial Statement; Online Needs Assessment for Clients and Carers.


  • Search and Categorisation
  • Electronic Payment for Services
  • User Feedback and Ratings
  • Vacancy Listings
  • Support Planning
  • eBrokerage
  • Online Financial Assessments
  • NHS Data Syndication
  • Online Needs Assessment


  • Electronic Payment for Services
  • User Feedback and Ratings
  • Vacancy Listings
  • Support Planning
  • Integration with back office systems
  • eBrokerage


£32000 per licence

  • Free trial available

Service documents

G-Cloud 10


Oxford Computer Consultants

Reynold Greenlaw

01865 305200


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints None
System requirements
  • Microsoft Windows Server 2012 R2
  • Microsoft SQL Server 2014 SP2
  • Microsoft .Net Framework 4.5.2
  • Microsoft IIS 8.5

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times Office hours support are same day response
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We supply packs of service days from 5 days to 50 days and costing from £5,341 to £40,352 excluding VAT.
We provide a cloud support engineer where necessary.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We run in-house and on-site training events for all of our products. We have created and refined standard training sessions but also often to deliver training tailored to a specific client’s needs. As a result of this, we have highly experienced training staff that have fine-tuned the various techniques and materials we make use of in our training delivery.
Our training sessions are built around a set of core outcomes, decided upon through consultations with our clients, and delivered through a series of well-defined modules.
The trainer makes use of slides to guide the session but spends most of the time demonstrating and guiding activities within the product. Training packs for each attendee consist of printed hand-outs with clear guidance covering the course content, as well as electronic copies of the slides and other training material, ensuring that the client gets the most out of the event and can review everything at their convenience. Each OCC MarketPlace implementation is dependent upon which modules that the Council has chosen to purchase. Courses include: OCC MarketPlace Administration, Data Migration and Brokerage. In addition, we provide full documentation online and in pdf format for OCC MarketPlace and its modules.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Overnight, all data within the OCC MarketPlace database is transformed into a data mart that is suitable to report against. By default, the data mart is accessible through Microsoft SQL Server Reporting Services (SSRS). Individual reports can be defined using Microsoft Report Builder 3.0 by Council staff with the correct privilege. These report definitions can be accessed through the administration pages by Council workers with the correct permissions and access control levels.

Alternatively, we can supply a database dump of the data.
End-of-contract process All data is owned by the client and OCC will supply data extract at no additional cost.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service We present the same functionality to both mobile and desktop users
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing The system is designed to be accessible to as wide a range of users as possible supporting Conformance Level AA. By working closely with the customer’s web teams and their style guides we provide a tailored and responsive browser interface that is available on devices ranging from smart phones to desktops.

In consultation with a visually impaired user, we have been testing and optimising our User Interfaces (UIs) to provide more support for blind and partially sighted users. This includes both direct support for screen readers and improvements to keyboard navigation.
Our testing has focused on the JAWS screen reader, but the solutions we are adopting are general in nature and we expect them to work with other accessibility products.
What users can and can't do using the API The system comes with integration with our Supplier and Contract management database, with the ability to include up to date cost, availability, quality, and outcomes information. We offer an open standard Web Service API to allow interfacing with other data sources, such as existing public health, targeted directories and GP referral systems. The architecture will allow aggregation of data to regional and national directories.

OCC MarketPlace is designed to work with a number of live data sources and to be published in a variety of ways.

Services can be created and maintained in external stand-alone systems databases that populate the OCC MarketPlace; such as SPOCC for housing related support, or ContrOCC for social services. Systems from any number of LAs could contribute. OCC supplies the following elements:
• LA Contracts Database(s)
• Directory and Directory Web Services Layer Modules
• OCC MarketPlace

Service data is transmitted from these systems, in a common format, to a central web service. The web service accepts the standardised service data and caches it in a central directory database, optimised for fast response to common queries. Importantly, safeguarding information is transmitted from contract systems to MarketPlace allowing services to hide in the case of issues.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation TBC


Independence of resources The servers are monitored regularly to ensure that the server is performing within acceptable tolerances and smooth running of the sites on these servers. Monitoring is carried using a third party monitoring utility called Site24x7 (www.site24x7.com) and the infrastructure team are notified of any occasions where the thresholds below are exceeded.
In the event that capacity thresholds are continually exceeded:
• For SaaS services, OCC will alter the configuration to increase capacity as part of standard maintenance.
• In all other circumstances, possible changes are discussed with the customer along with costs.


Service usage metrics Yes
Metrics types We use a combination of system performance tools and logs aswell as Site24x7 to monitor performance and availability
Reporting types Regular reports


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach OCC MarketPlace supports exports through the use of Microsoft SQL Server Reporting Services. In this way power users can define reports that end users can run and export their data in the following formats: PDF, CSV, XML,Word, Excel.
Alternatively, the user or downstream systems can retrieve data in JSON or XML by way of a WebAPI.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • HMTL
  • JSON
  • XML
  • MS Word
  • MS Excel
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Standard service level agreement for hosting solutions is 99.5% availability outside of maintenance windows, 365 days a year, 24/7.
As a minimum systems run at a single geographic location with hardware redundancy but no active replica in place to automatically take the place of a failed platform.

During any calendar month, where there is failure to meet one or more of the agreed Service Levels, a Service Credit may become payable by the Service Provider. Service Credits will only be applicable to IT infrastructure and end user support services as detailed in paragraph 6.2 above. The credits available are as below:
• 2% of the monthly charge if the Availability is less than 99.5% over a calendar month or whatever is specified in the Hosting Agreement Appendix.
• 5% of monthly charge if the Availability is less than 98% average over a calendar month.
• 5% of the monthly charge if the Incident Management SLAs are not met on 10% more of incidents.
Service Credits are agreed with the client and refunded quarterly
Approach to resilience Available on request
Outage reporting OCC monitoring is carried out using a third party monitoring utility called Site24x7 (www.site24x7.com). This provides a public dashboard. API and email alerts that can be made available on request.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Available on request.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 SGS
ISO/IEC 27001 accreditation date Since 30 July 2012
What the ISO/IEC 27001 doesn’t cover All controls are included in our statement of applicability.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We have a board level director responsible for security and hosting is included as part of our ISO27001 scope and therefore is audited as part of this.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach In order to track all activity on the server, if someone logs onto a server in order to make ANY CHANGES on the server or site related configuration (e.g. DNS records), this is recorded in the Change Control Log. The log entries are not hugely detailed but should provide enough information to allow sufficient investigation to be carried out if there is a subsequent site incident.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Available on request.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Available on request.
Incident management type Supplier-defined controls
Incident management approach Available on request.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £32000 per licence
Discount for educational organisations No
Free trial available Yes
Description of free trial We include a fully featured white label MarketPlace site with Hosting and maintenance. We also include onboarding including making sure the LA’s CQC data is migrated.
Branding and custom configuration is not included.
There is a 4 month free trial period.
The above price is for a medium sized LA.


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑