DutySheet Ltd

DutySheet: Online Volunteer Management

DutySheet is the UK's leading volunteer management system. Accessible via any internet enabled device and with its user friendly design, DutySheet allows volunteers to log & manage their shifts, view upcoming events, communicate with colleagues and supervisors, keep their details up to date.

Features

  • Volunteer Management
  • Event Management
  • Communications via Email, Internal Messaging, SMS, Announcements, Event Feedback
  • Skills Database
  • Document Library
  • Expenses
  • Personal Development Plan (PDP)
  • Personal Development Review (PDR)
  • Working Time Regulation Compliance
  • Remote access

Benefits

  • Increased volunteer retention
  • Accurate reporting on volunteer activities
  • Streamlline volunteer management using proven workflows
  • Self service allows volunteers to keep details up to date
  • Plan and manage volunteer deployment
  • Central repository of all volunteer based data
  • Identify areas of improvement through inteligence
  • Central repository of all volunteer based data
  • Mobilise volunteers with ease and speed
  • Comprehensive support

Pricing

£12.60 to £21.78 per user per year

Service documents

G-Cloud 9

912017742626924

DutySheet Ltd

Bulent Yazici

02035982836

bulent@dutysheet.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints N/A
System requirements
  • Internet connection
  • Web browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times See SLA for info
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Access to our UK Telephone helpdesk. We back our 99.95 uptime guarantee with a robust SLA. Maximize your technology investment;
Support from DutySheet experts to ensure early success;
Wealth of knowledge from UK police forces;
DSSG - DutySheet Steering Group Access.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started User data is imported by DutySheet staff who then train all supervisors on the functionalities of the system.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction When requested in writing, DutySheet can provide a full export of all user data in Excel format.
End-of-contract process Customer system is disabled which blocks access to all users. Data is retained for 12 months unless customer requests otherwise.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Fully responsive mobile app.
Accessibility standards WCAG 2.0 A
Accessibility testing WCAG 2.0 A compliance testing has been done with online tools such as https://achecker.ca
API Yes
What users can and can't do using the API The API is not accessible by end users of the system and is only used for mobile App and other external integration processes with DutySheet.
API documentation Yes
API documentation formats
  • PDF
  • Other
API sandbox or test environment No
Customisation available Yes
Description of customisation Administrators for the organisation have access to tools that allow them to configure most of the settings of the system. They have access to their own help centre section which details how to configure the system.

Scaling

Scaling
Independence of resources Our DRS enabled VMWare infrastructure allows us to dynamically increase resources to our service if there is a large surge of activity. This is automatically handled by Vmware.

Analytics

Analytics
Service usage metrics Yes
Metrics types Authorised users have access to real time usage statistics how many users have logged in to the system along with a live view of number of users currently logged in.
Reporting types Real-time dashboards

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach Sensitive data is encrypted at rest using AES 256 salted hashing.
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach There are built in export tools.
Data export formats Other
Other data export formats Excel
Data import formats Other
Other data import formats Excel

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network We also follow ISO 27001: 2013 Annex A policies and controls 13 for communications security and 14 System Acquisition Development and Maintenance that address data in transit.

Availability and resilience

Availability and resilience
Guaranteed availability Our Commitment:

We understand that any interruption to service is too much. So we've set the bar high because we believe that you should be able to depend on the service you need to run your volunteers. This is why we offer an SLA to organisations that guarantees 99.95% monthly uptime. If you’ve read software SLAs before, you’ll know that they can be pretty confusing. So we made ours simple and transparent.What happens if we fail to hit our target in any given month?

If we don’t meet our 99.95% monthly uptime guarantee, we’ll refund you 5x whatever you paid us for that period of downtime.

If our uptime falls to 99.94% in a given month, that results in about 26 minutes of Downtime. We’ll give you service credits equivalent to 5x your organisations cost for that period of time. Service Credit can’t be exchanged for cash (monetary compensation); it is added as a credit on your account and, as always, we use any credits you have first, before charging you.

Service credits are capped at a maximum of 30 days worth of paid service for your organisation.
Approach to resilience DutySheet runs a MySQL cluster which uses synchronous replication through a two phase commit to guarantee that data is written to multiple nodes upon commitment. Database updates are synchronously replicated between the cluster members to protect against data loss and fast automatic fail over in the event of node failure.
Outage reporting Publicly available status updates on website.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Management interfaces are tied to the company network and/or use two factor authentication.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations
  • Cyber Essentials
  • Police Approved Secure Facilities (PASF)

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards Police Approved Secure Facilities (PASF); --

We are working towards ISO 27001:2013 so follow all the security policies and controls based on our Statement of Applicability. Regular audits are undertaken along with standard improvement practices outlined in the ISO 27001: 2013 standard.
Information security policies and processes We are working towards ISO 27001:2013 so follow all the security policies and controls based on our Statement of Applicability. The ISMS is delivered itself securely in the cloud where all staff and relevant suppliers follow the policies and processes according to their roles. Frequent checks and communication is undertaken with an ISMS communications group that reports into an ISMS Board, chaired by the CISO who is also a senior leader. Regular audits are undertaken along with standard improvement practices outlined in the ISO 27001: 2013 standard.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Our secure development, change management, testing and asset management polices are comprehensively documented as part of our ISO 27001:2013 information security management system including in line with Annex A 8 (assets) and 14 (secure development) of ISO 27002 .
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Our vulnerability management approach is comprehensively documented in our ISO 27001 information security management system and is available on request. We proactively monitor relevant communications services and have alerts sent to staff, who then have processes in place to address and respond to issues based on the severity of the threat. Depending on the nature of the vulnerability discovered and the availability of a fix (e.g. a patch) or other intervention (e.g. staff communication) can be deployed within minutes of being identified, dependent on the vulnerability. It is all evidenced in line with our ISMS.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach In line with GPG 13 and ISO 27001 we identify common patterns of potential attacks using our monitoring systems looking for increased traffic from specific sources, non standard requests, brute force attempts, irregular traffic. We respond with; blocking of source IP addresses, examination of logs on potentially affected servers, evidence of internal propagation, communication with potentially affected clients/customers, RCA, and how to prevent further occurrences via SIRT. Real time monitoring takes place with immediate response for suspicious alerts. Common threats such as brute force attempts, automated FW reconfiguration is in place blocking traffic.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach DutySheet has a comprehensive internal information security incident management policy and its practices follow Annex A 16 for ISO 27001: 2013. Users, staff and other interested parties can report incidents through normal service channels, via whistleblower routes, website communications and direct into customers or the regulators like the ICO.
Our processes are ready for EU GDPR as well to ensure we can report and manage in those formats. We have reporting around incidents, events and weaknesses as well as links into the broader ISMS into the BCP.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £12.60 to £21.78 per user per year
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑