Capita Business Services Limited

Capita One Digital Enterprise

One Digital Enterprise is an end-to-end digital platform, enabling organisations to deliver exceptional customer service. One Digital Enterprise incorporates the One Digital Portal, One Digital Forms and Contact Manager and One Digital Smart Apps. These individual components are all available via G-Cloud.

Features

  • Customer registration, secure login and self service sign up facilities
  • Single sign on, integration to back office services and solutions
  • Fully responsive pages across PC, tablet, smartphones and TV
  • Interactive widgets providing customer specific or location based information
  • Comprehensive management information including dashboards and reporting
  • A highly flexible, rapid forms creation and configuration tool
  • Contact management with document upload facility and document viewer
  • Sophisticated workflow, enabling task automation and configuration of business logic
  • Creation of apps and editing of app pages and content
  • Payments; customers can make secure payments for services in seconds

Benefits

  • An organisation-wide digital solution delivering customer services securely
  • Provide 24/7 access to online services; self-service with convenience
  • Remove rekeying errors via powerful integration and workflow
  • Quick return on investment; rapid, simple form and process creation
  • Simple to use; intuitive navigation for both customers and staff
  • Deliver proactive and personalised content using the Promotions Manager
  • Highly flexible platform design; any sector, any business, any department
  • Mobile responsive providing a multi-channel customer experience
  • Reduce customer contact and processing time, improving customer experience
  • Achieve cost and time savings through effective channel shift

Pricing

£20000 per unit per year

Service documents

G-Cloud 10

920017859747154

Capita Business Services Limited

Capita Business Services Ltd

08702407341

engagewithus@capita.co.uk

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to The service is an end-to-end digital platform, enabling exceptional customer service. It incorporates the One Digital Portal, One Digital Forms and Contact Manager and One Digital Smart Apps services. Other offerings include the One Digital Local Welfare Assistance/ Scottish Welfare Fund solution. These components are all available via G-Cloud.
Cloud deployment model Private cloud
Service constraints The public-facing components of the One Digital Enterprise services shall provide at least 99.5% availability during scheduled operating hours, defined as 24 hours a day, 365 days a year, excluding scheduled downtime.

Scheduled downtime covers tasks including, but not limited to, new releases (software upgrades) and server patching. In addition to scheduled downtime, there will be occasions where Capita is required to initiate unscheduled downtime for emergency changes. In exceptional cases when emergency changes are required, we will endeavour, but cannot guarantee, to complete this work outside of normal office hours (09:00 – 17:30 Monday to Friday).
System requirements
  • Establishment of a VPN connection to the Capita SaaS platform
  • The latest version of either IE, Firefox or Chrome browser
  • Internet access for staff requiring access to the SaaS platform
  • Current/minus one major Android or iOS versions (smartphone users)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response times apply Monday–Friday, 08:00-18:00.
High Severity (must be logged by telephone): day-to-day work cannot be continued, or assistance needed to meet business-critical deadlines. We aim to respond within one working hour and, whenever possible, provide a solution/ advise how quickly a solution will be available.
Medium Severity: day-to-day work can be continued, but there is still a requirement for a speedy resolution. We aim to respond within four working hours.
Low Severity: day-to-day work can be continued but the problem is minor. We aim to respond within two working days.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Help Desk requests are logged on a call tracking system and dealt with in priority and severity order. The Help Desk is operated Monday-Friday, 08:00-18:00. Requests are logged online, by email or by telephone.

High Severity: day-to-day work cannot be continued, or assistance needed to meet business-critical deadlines. We aim to respond within one hour.
Resolution: continuous monitoring and customer updating until the fault is resolved, which we aim to be within four hours.

Medium Severity: day-to-day work can be continued, but there is still a requirement for a speedy resolution. We aim to respond within four working hours.
Resolution: whenever possible, a solution will be given or we will advise how quickly a solution will be available, within eight hours.

Low Severity: day-to-day work can be continued and the problem is minor. We aim to respond within two working days.
Resolution: whenever possible, a solution will be given or we will advise how quickly a solution will be available, within five working days.

A technical account manager is available under the standard escalation procedure within our Service Charter.

The cost of on-site support consultancy is detailed in the pricing document.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Onboarding to One Digital Enterprise can be a very swift process and delivered within any reasonable timescale, varying accordingly to project dependencies and deliverables. Once requirements have been analysed and configuration of the relevant components has been completed, on-site training will be delivered, supported by a comprehensive set of user documentation. This documentation is updated in line with each release of the software and is available in PDF format. User acceptance testing (UAT) will be carried out in the One Digital pre-production environment where applicable. Completing UAT will be undertaken by customer employees while feeding back any reported issues and having a regular dialogue with our teams to prioritise such issues and plan for resolutions. The UAT stage will include a nominated contact within Capita for reporting any such issues. Once the UAT stage has been completed within the pre-production environment and the solution has been signed off, deployment to the production environment will commence, along with Go Live activities.
To support the onboarding process, Capita can provide a range of services, including Project Management, Business Analysis, Technical Consultancy and Business/ Training Consultancy.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction The data extraction format may be via standard methods such as CSV, SQL database extract or XML. At the end of the Contract, Capita and the buyer will determine the most appropriate method of data extraction depending upon the buyer’s specific requirements and availability.
End-of-contract process At the end of the Contract, Capita and the buyer will determine the most appropriate method of data extraction depending upon the buyer’s specific requirements and availability. This process will be fully scoped and project managed with Capita’s technical staff. Any cost associated with end of Contract activity will be provided as scoped.

Using the service

Using the service
Web browser interface Yes
Supported browsers Internet Explorer 11
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The platform provides a fully mobile-responsive user interface which renders appropriately to the screen size of the device being used, whether this is a mobile phone, tablet or desktop. We recognise that mobile browsing is now becoming the dominant method for accessing the web and our platform supports this fully. This responsive behaviour is built into the platform and happens automatically. No special configuration or styling is required. HTML5 and the Bootstrap framework are utilised to enable this device-agnostic user interface. The One Digital Smart Apps service is providing a mobile app solution.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing Accessibility is considered at every stage of design and development of the One Digital platform. Our solution meets the current requirements of the WCAG 2.0 guidance to AA standard and we regularly test all the One Digital components to ensure this standard is maintained as new features are added to the solution. We believe our platform is accessible to those with differing needs and it supports assistive technologies, such as screen readers used by those with sight problems.

One Digital meets the requirements for compliance to the following standards:
- WCAG 2.0 guidance to AA standard
- British Standard 8878:2010 – Web Accessibility – Code of Practice
- ISO 9241 Ergonomics of Human-System Interaction.
API Yes
What users can and can't do using the API One Digital Enterprise supports several different integration scenarios, depending on the unique business needs of the Customer. Each component of One Digital Enterprise has a range of web services which allow integration from and to both Capita services and third party solutions.

For exact details regarding the API capability associated with the components of One Digital Enterprise, please refer to the following individual G-Cloud entries:
- One Digital Portal
- One Digital Forms and Contact Manager
- One Digital Smart Apps
- One Digital Local Welfare Assistance/ Scottish Welfare Fund.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation For exact details regarding the customisation capability associated with the components of One Digital Enterprise, please refer to the following individual G-Cloud entries:
- One Digital Portal
- One Digital Forms and Contact Manager
- One Digital Smart Apps
- One Digital Local Welfare Assistance/ Scottish Welfare Fund.

For example, wording within the One Digital Portal can be customised by non-technical employees with appropriate access, through updating text files.

This also incorporates a custom style sheet that can be altered to apply custom styles to the portal deployment.

One Digital Forms allows themes to be created and configured, allowing customisation of the colour scheme (buttons, text colour, font size, etc) and logos. Further customisation includes adding or amending introductory text and form hints, updating existing questions, adding new questions and updating qualifying criteria. Where relevant, all such updates are made within the boundaries necessary for a successful submission and for back office integration.

One Digital Smart Apps includes a Management Console controlled by administration users. This can be used to change the content of the app by adding text, pages, links, images, etc and this will update in real-time when users who have the app downloaded refresh the app content.

Scaling

Scaling
Independence of resources Within our hosted environment we have deployed HA Proxy load balancers to provide horizontal scalability across our multi-tenanted services. This allows us to add capacity as new customers come onboard very easily. In addition, we have the option to allocate dedicated resources for individual implementations where necessary. Active monitoring of the servers/ services is also in place to alert us to any possible contention and modify the load balancing rules as necessary.
One Digital Apps is an Azure cloud service managed by Microsoft and we will scale the service elastically on-demand to ensure a consistent customer experience.

Analytics

Analytics
Service usage metrics Yes
Metrics types Analytics are provided in the form of a Reporting Module, accessible to non-technical users. These reports detail platform usage in terms of registered users and linked services or transactions completed. Reports on the successful completion and drop-out rates of forms are also provided.
Software such as GovMetric (and Google Analytics in respect of Portal) can be incorporated into the response page following form submission, providing details regarding user interactions.
Metrics detailing One Digital Smart App downloads can be provided to the buyer on request. Smart App data can be analysed through integration with Google Analytics.
Reporting types Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach Physical access control, complying with CSA CCM v3.0, relates to the One Digital Smart App only. Also, regarding the One Digital Smart App, sensitive data fields are encrypted in the SQL Azure database.
Persistent personal data is stored via vendor defined secure storage (eg, iOS Keychain).
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach The One Digital Enterprise service provides components allowing extracts of data and reports in one or more of these formats: CSV, XML, PDF, MS Excel and MS Word.

Reporting, both predefined and ad hoc, can also be provided using MS SSRS and exported in the same formats.

During the deployment, customer specific requirements associated with data import/ export will be identified and configured accordingly.

For more details please refer to the following individual G-Cloud entries:
- One Digital Portal
- One Digital Forms and Contact Manager
- One Digital Smart Apps
- One Digital Local Welfare Assistance/ Scottish Welfare Fund.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • PDF
  • MS Excel
  • MS Word
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • PDF
  • MS Excel

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network Regarding the One Digital Smart Apps service, the network is contained within the Azure platform and data flow security is internally managed by Microsoft to industry leading security standards.

Availability and resilience

Availability and resilience
Guaranteed availability The public facing elements of One Digital Enterprise shall provide at least 99.5% availability during scheduled operating hours, defined as 24 hours a day, 365 days a year, excluding scheduled downtime.

The internal-facing elements shall provide at least 99.0% availability during supported office hours, which is defined as 08:00 – 18:00 Monday to Friday, excluding English public holidays and scheduled downtime.

The scheduled downtime will cover tasks including, but not limited to, new releases (software upgrades) and server patching. In addition to the scheduled downtime, there will be occasions where Capita is required to initiate unscheduled downtime for emergency changes. In exceptional cases when emergency changes are required, we will endeavour, but cannot guarantee, to complete this work outside of the core normal office hours (09:00 – 17:30 Monday to Friday).
Approach to resilience We protect the service with a geographically separated disaster recovery data centre, which maintains a replication of both the solution and data, and which would be invoked in the case of a disaster.
Further detailed information on our resilience procedures and processes is available on request.
Outage reporting The solution is a SaaS based offering and as such the monitoring of system availability, resource utilisation and the like are performed as part of the managed service by Capita. These real-time processes are not normally made available to the end user. All incident management type events and activities are recorded within our CRM and accessed via the Customer Portal.

In respect of One Digital Smart Apps, email alerts for planned periods of outage are issued to customers at least two weeks in advance. In the event of an unplanned outage, email alerts will be sent detailing the issue and the progress of a resolution.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Other
Other user authentication One Digital Portal allows citizens to authenticate to relevant online services in real-time through direct integration to the back-office systems. This out-of-the-box functionality works in conjunction with the One Revenues, Benefits and Housing solutions, whereby citizen records are associated with Portal profiles through answering questions pertinent to data held. This process is configurable enabling the level of authentication required to be varied appropriately.

Alternatively, citizens can be authenticated by sending a PIN to their registered address.

In addition, some One Digital Smart Apps incorporate a one-time access code, otherwise no authentication is required where non-personal data is presented.
Access restrictions in management interfaces and support channels Access to the management interfaces of the One Digital Enterprise components is managed by username and password.

Access to the Capita support portal is controlled by username and password. All new customers with responsibility for contacting the support desk are encouraged to register on the support portal. If customers contact us by telephone or email, their details are first matched to an existing registration. If none exists, they are either asked to register or, if appropriate, the details of their call are linked to a colleague who is registered.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 British Assessment Bureau
ISO/IEC 27001 accreditation date 15/12/2014
What the ISO/IEC 27001 doesn’t cover Our ISO27001 Certification Scope only covers the hosted environment as offered on GCloud.

It does not cover the Advantage Digital Smart App service, which is hosted in the Microsoft cloud in SQL Azure and Cloud Services.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Part of Capita Business Services, we work to policies and standards that are aligned with ISO27001, these are agreed and signed off by the Group CEO and cascaded to the businesses via an internal intranet site and email communication. In addition, each year when staff complete their annual training they agree to comply with both Group and Business Unit Level policies.
Information Security staff as well as Capita Audit complete announced and unannounced checks to ensure that the policies and standards are being followed. Any non-conformities are reviewed and dealt with appropriately.
Information Security is dealt with at all levels of the business including at the Business Unit, Divisional Unit and Capita Group.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach As part of the ISO27001 Accredited ISMS we have a defined and documented change control process. At the core of this change control process is an assessment on all areas of the system including security. If the risk to security is deemed to be high, it is assessed by Information Security. All Change requests are stored on a CRM system and, as part of our 27001 audit schedule, are randomly checked to ensure accurate record-keeping is maintained and the process followed.
Vulnerability management type Supplier-defined controls
Vulnerability management approach An AVS tool runs regularly, with results fed into the threat assessment and management program. Patching is scheduled, with failures identified by the AVS. Out of cycle patches are risk assessed and scheduled. Capita subscribes to threat sources including CISP and ISF. Other public/private websites are reviewed for threat information.

The Smart Apps service is hosted in Microsoft’s cloud in SQL Azure. Microsoft maintains platform configuration, patching and updates (database, OS and network). Security Health Monitoring is configured across our Azure estate. The Management Console is a third party RAD platform, p-tested annually. App patches are subject to store approval.
Protective monitoring type Supplier-defined controls
Protective monitoring approach The platform uses a system that was designed to comply with GPG13. Events are categorised and events that have been flagged for review are reviewed daily. In addition, the information is stored with controlled access for investigations.

For the Smart App service, Security Health Monitoring in Azure will flag significant issues in the platform configuration. Additionally, logging within the solution identifies several unusual behaviours, such as repeated failed security credentials or access from outside of certain geographic locations. All security issues are reported to an external security manager to assess the risk and review/ support the resolution.
Incident management type Supplier-defined controls
Incident management approach We have a defined, approved and tested Incident Management process, it forms part of our ISO27001 accredited ISMS. The process has a list of example incidents that are designed to cover a wide range of scenarios. All staff are made aware of the incident reporting process and randomly tested for effectiveness.
Incident reports will be passed to relevant customers if there has been an impact to their environment or data.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £20000 per unit per year
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑