Bromcom Computers Plc

Bromcom Cloud MIS for Special schools and academies

The Bromcom MIS Cloud is a secure hosted school Management Information System conforming to all relevant DfE standards. It provides a complete view of pupil and school performance covering attendance, behaviour and assessment including P-scales and individual targets. It gives stakeholders access to the information needed to drive up standards.

Features

  • Meets all DFE statutory requirements
  • Intuitive secure user interfaces purpose designed for each stakeholder group
  • Configurable live dashboards and quick access to headline performance figures
  • Logon at anytime from anywhere including mobile and tablet devices
  • Powerful reporting and analysis with drill down capabilities.
  • Information can be shared across Multi-Academy Trusts and Federations
  • Pupil Progress Tracking, Assessment without Levels / Life without Levels
  • Microsoft Excel and Word integration
  • Integrated Document Management System
  • Secure API for integration

Benefits

  • Reduces the total cost of ownership
  • Improves data ownership and quality
  • Ease of use reduces training needs and eases transition
  • Efficiently and effectively track pupil and school performance
  • Free up time for teachers to teach
  • Ready to use assessment and analysis reference models
  • Support Ofsted inspections and help improve outcome
  • Easy sharing of live information including parents and pupils
  • Integrated database avoids data replication
  • Reduce or eliminates the need for MIS add-ons

Pricing

£1517 per instance per year

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 9

905524145025512

Bromcom Computers Plc

Simon Lewin

020 8290 7171

sales@bromcom.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints The service is subject to planned maintenance, which is scheduled outside of normal UK school operational hours. Users are always given advance noticed of planned maintenance.
System requirements
  • Web browser: Google Chrome, Microsoft Internet Explorer or Apple Safari
  • Microsoft Word (or compatible) for web merge reporting
  • Microsoft Excel if Excel integration required

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Our helpdesk is driven by SLAs which are shared with the customer. The priority of the call determines the response and resolution times.
System Down - Respond within 1 hour - Resolve in 4 hours
Critical - Respond within 2 hours - Resolve in 12 hours
High - Respond within 4 hours - Resolve in 24 hours
Medium - Respond within 8 hours - Resolve in 48 hours
Low - Respond within 16 hours - Resolve in 96 hours
Very Low - Respond within 32 hours - Resolve in 192 hours
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels Costs are in the service pricing document, which shows the standard range of services offered. Each customer has a nominated lead support agent and an account manager. This enables Bromcom to provide a service to our customers, which is second to none in the industry. Typically Bromcom provides the Service Desk services for 1st, 2nd and 3rd lines and these are included in the costs contained in the pricing document. All staff working on Bromcom’s Service Desk are both product and technically trained helpdesk engineers and our aim is to resolve the majority of calls at first contact. Bromcom has a standard SLA to cover support service levels. Bromcom can also adapt the support function if the customer wishes to take on aspects of the support themselves. Multi Academy Trusts, Federation and Local Authorities may wish to take on the 1st line service desk, and sometimes also the 2nd line, for all or parts of the solution. Bromcom can provide specialist training and accreditation services to support third parties with this and can support integration of the respective service desks to ensure efficient escalation channels.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started A Project Manager is appointed to manage the on-boarding process from start to finish in consultation with the school to make transition pain free. Once the school account is created, data migration begins. Bromcom provides a comprehensive data migration service that is the best of its kind to ensure a simple and quick data transfer. The scope of the migration service varies according to the school’s previous MIS, which if SIMS.net or Facility CMIS, is carried out directly from the product's database. A simple self-service option is also available for SIMS.net for further cost saving. Training is provided using one or more of the following methods, on-site, webinar and video based online training. User guides and online help are also provided. Users can attend courses and/or work at their own pace with the online material. The school administrator is guided on which aspects of the service can be configured to their school’s needs, although a fully usable default configuration applicable to the school phase/type is provided. Typically the process of migration and training from account creation to ‘Go Live’ takes between 5 days to two weeks. Bromcom also provides transitional support during the first two weeks after the go-live.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats MP4 (video)
End-of-contract data extraction Customers can export any data at any time using built in functions, and therefore can extract data prior to the contract end.

At the end of the contract, the school’s SQL database is offered in its entirety to the User. The data will be placed on an encrypted backup set held on a portable medium [DVD or similar] and then made available for User collection from the data centre, subject to the normal data centre visit arrangement that requires at least 24 hours’ prior notice. The password will be supplied separately. Subject to the size of the User’s data, the database may alternatively be offered for download via a secure FTP site.
End-of-contract process Customers can export any data at any time and therefore can export data manually prior to contract termination. Also, the school will be offered free of additional charge, a copy of their school’s SQL database, which will be placed on an encrypted backup set held on a portable medium [DVD or similar] and made available for Customer collection from the (UK) data centre, subject to making arrangement for collection with the data centre, which adheres to strict security procedures. Smaller databases may alternatively be offered for secure download via a SFTP site. The school account is decommissioned on expiry of the contract and no further access is available. The MIS data including any saved documents will be securely deleted from the cloud service no later than 30 days following the expiry of the contract or sooner at the Customer’s request. Data backups taken before the contract expiry will continue to hold a copy of the school’s data until 30 days have passed, at which point a data backup copy will no longer be available. Should a database restoration be requested after contract termination (only possible within the 30 day limit), an additional charge will be made to cover costs.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10+
  • Microsoft Edge
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Certain web pages can render differently to take account of the screen size and having a touch interface or a keyboard.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing Bromcom test the solution with web accessibility evaluation tools Powermapper and FAE Functional Accessibility Evaluator. The solution is compatible with the range of accessibility tools (magnify, zoom, high contrast, text to speech) as well as functioning with third party accessibility tools such as JAWS™ and Naturally Speaking by Dragon.
API Yes
What users can and can't do using the API Bromcom’s API is a secure web service that supports automatic data transfer with third party systems. This is a free to use option (for read access) with a free support programme for any third party wishing to integrate with the Bromcom MIS. The API scope covers all data items and is subject to access permission. Only successfully authenticated connections can retrieve data. These connection accounts are set up and administered by the buyer (school), permitting them to retain control over their data. All data transfers are encrypted using HTTPS connections. Read only access is standard. Users wishing to write back data should contact Bromcom for details.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Buyers (schools) can adjust the menu of options used, add the school logo, set the rules for user authentication, adjust report templates and where used, assessment tracking schemes and behaviour/reward schemes. Usable defaults are provided. These are adjusted by the administrator level user(s) of the buyer (school).

Users can further customise their dashboard, search tools, quick menu, favourite shortcuts and selections.

Customisation is carried out using the supplied service web pages to suitably authenticated users.

Scaling

Scaling
Independence of resources The service is designed to provide the stated services under all normal load conditions, including peak loading. Various load monitors are running 24/7 to log service loading and alerts provide service administration and management staff with weekly notice of performance and immediate notice of any exceptions outside of defined boundaries. The service capacity is increased in steps according to the customer number increase, although additional dynamic resource allocation is being built to provide further on demand allocation. Load balancing is used to distribute the load.

Analytics

Analytics
Service usage metrics Yes
Metrics types We provide users with the following metrics.

Via our support site you can get the following information:
Service uptime status,
Number calls raised, opened, and closed.

We can supply reports that provide you with the following information:
% of calls responded to within the SLA,
% of calls resolved within the SLA,
A call break-down by product and priority.

Automated reports can also be setup and e-mailed; an example being calls raised this week and outstanding calls.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Aside from school MIS specific exports such as census and examination entries, the Bromcom MIS provides functionality to export data at the core of the service. All the provided reports utilise a standard toolbar that enables users to export any report. In addition, the included ad-hoc report designer also uses the standard toolbar and therefore enables users to select any data items from the system to export. A number of other facilities built into the system provide export data functions. An Excel add-in also enables live data to be securely and efficiently extracted from the MIS.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • Excel 97-2003
  • Excel Worksheet
  • Powerpoint Presentation
  • RTF
  • Web Archive
  • Word Document
  • XPS Document
  • TIFF file
  • XML
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • EDI

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability We aim to provide customers with 99.99% availability between core schools hours, 8am to 5pm and 98% at off peak times. These figures do not include downtime for planned maintenance and upgrades. Customers are informed 5 days in advance of any planned work. In the event of a serious service failure we provide service credits.
Approach to resilience Hosted at a TIA-942 Tier 2 datacentre. Details of this information are available on request.
Outage reporting We provide a service status dashboard, which is available through our support site along with e-mail notifications to customers.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
Other user authentication This can be configured to request in addition to password, random characters from a user entered memorable word. Password and random character rules are defined by the school's MIS administrator. IP and time restrictions can also be associated to user accounts.
Access restrictions in management interfaces and support channels Only successfully authenticated users have access to management interfaces and online support channels. Telephone support channels also require the successful completion of a verbal authentication procedure before support will be given.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 ISOQAR
ISO/IEC 27001 accreditation date 24/06/2016
What the ISO/IEC 27001 doesn’t cover Nothing. It applies to the whole datacentre
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification URM (Ultima Risk Management)
PCI DSS accreditation date 22/08/2016
What the PCI DSS doesn’t cover Our PCI DSS scope is the support domain which is where all support to clients is conducted and all client information is held and accessed. This domain has extremely stringent security controls applied to it.
Other security accreditations Yes
Any other security accreditations Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation No
Security governance approach Security governance falls under the control of Bromcom’s senior management and operations team with oversight by Bromcom’s Quality Manager (re ISO 9001). Led by Bromcom’s Managing Director, governance is aligned with the overall goals and priorities of the organisation. Individuals throughout the organisation who could have a role in security decisions are identified and advice updated as required to ensure individuals are empowered and accountable for their decisions and consequences.
Information security policies and processes Data Security Policy,
Personal Data Security Policy,
Safe guarding Policy,
Data Protection Policy,
Business Continuity Management,
Computer and e-mail acceptable use policy,
Internet acceptable use policy,
Password protection policy,
Clean desk policy,
Physical security practices policy (e.g. building).

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Policies are in place to regulate the creation, testing, implementation and retirement of each component of the service. Beta environments are used in which tests are carried out on the internal performance of new components and their interaction with the main service.
Multiple stakeholders are involved in the change process as users generate requests and they are considered from the perspective of utility, feasibility and security. The purpose, scope and responsible engineer of each change is logged, so an audit trail is available. After beta testing a separate risk analysis is conducted to consider any unforeseen impact on the service.
Vulnerability management type Supplier-defined controls
Vulnerability management approach To maintain a secure network patches are reviewed within four hours of release then classified as emergency, critical, non-critical or non-applicable. Emergency patches are deployed within eight hours, while other applicable patches are applied within five days. The IT Manager undertakes a continuing process of vulnerability monitoring, identifying threats through daily scans of the network for known attacks and vulnerabilities and review of external sites, including ncsc.gov.uk and those of all vendors whose software operates within the network. All networked devices have current anti-virus software and vulnerability through human action/error is minimised by data security training for all staff.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Security at the border of the network is maintained through account locking at the third unsuccessful login attempt and the (optional) restriction of acceptable IP addresses for roles or users. Users with appropriate access can schedule an activity log to be generated to identify unusual patterns of access or activity. When data breaches are identified a defined process is followed and the incident is tagged as a breach for purposes of audit so that system integrity can be restored as quickly as possible. Data Breach Incidents are of critical priority and are resolved within three days.
Incident management type Supplier-defined controls
Incident management approach All incidents are logged and strictly dealt with following pre-defined processes. Faults are identified, quickly isolated and a potential work around determined. If no workaround is possible, or the incident is deemed to have too great an impact on system operation then the recovery phase of the Change management processes returns the system to its prior state within SLA timeframes. In the event that a work around is available, this will be distributed to all system users and work on a permanent solution will be undertaken via Problem Management. Customers have online access to review the status of their incidents.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £1517 per instance per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Limited access trial accounts are available following service demonstration and a review of requirements with the school. Trial accounts are on a shared sample database and usually limited to one week of access, on a first come, first serve basis.

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑