Capita Property & Infrastructure Ltd

Capita AgiliSuite

AgiliSuite is a unique piece of cloud software from Capita which combines any combination from a range of connected software modules, each with its own features.

At its core is a user-configurable workflow engine that optimises business efficiency, enabling repetitive, error-prone, and time-consuming tasks, to be tackled quickly and precisely

Features

  • Configurable data forms
  • Configurable process workflows
  • Interrogate and record data using GIS tools
  • Integrated ‘remote worker’ mobile app
  • Integrated reporting module
  • Automate workflow alerts and notifications
  • User-specific dashboards and task access
  • Integrate data from multiple sources and export in multiple formats
  • Flexible user access control system
  • New modules can be bolted-on at any time

Benefits

  • Helps to eliminate human error from existing manual processes
  • Automation and scheduling brings efficiency to repetitive manual tasks
  • Replaces manual processes with configurable workflows
  • Suitable for a range of business process optimisation applications
  • Immensely configurable without further development
  • Web-based user interface is IT-agnostic
  • Azure hosting brings scalability, resilience, security, and compliance
  • Intuitive and configurable user interface can negate training
  • Applicable to a huge range of business applications
  • Mobile app for remote workers updates the system in real-time

Pricing

£300 to £320 a user a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ztecbd@capita.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

9 9 2 8 7 0 0 2 1 2 9 7 4 1 2

Contact

Capita Property & Infrastructure Ltd Julie Prowse
Telephone: 07584 263042
Email: ztecbd@capita.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
Planned maintenance activities will be undertaken on periodic basis in consultation with users.
System requirements
Internet Browsers: Internet Explorer (V8 +), Chrome, Firefox, Safari

User support

Email or online ticketing support
Email or online ticketing
Support response times
Questions can be sent via email or the online portal to the support team 24 hours a day, 7 days a week and will be responded to during core hours which are:

09:00 - 17:00 Monday to Friday (excluding English Bank Holidays).

24*7*365 telephone support is available at additional cost.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Each client is assigned a dedicated technical account manager who will remain with you throughout your contract.

Our standard support levels are as follows:

Priority 1 (Business Critical): Initial solution within 4 working hours,
Priority 2 (High): Initial solution within 1 working day,
Priority 3 (Medium): Solution within 2 working days (unless agreed otherwise),
Priority 4 (Low): Solution within 5 working days (unless agreed otherwise),
Request for service: Response within 48 hours by email / telephone.

Bespoke support levels are available to meet with your requirements including a 24*7*365 service at additional cost. A quotation can be provided based upon your specific requirements.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Once your system is stood-up, we can hold your hand to configure it, based on your requirements and the modules you require.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
As standard users are able to download data in XLS file format at the end of their contract. Alternatively they may contact the support team if an alternative format is required.
End-of-contract process
One month prior to the end of your contract, designated users will be notified that the period of access will be coming to an end. You will be advised to carry out an export of all your data prior to the end of the contract period. Upon the contract termination date all logins will be deactivated.

Data can be provided to you in XLS file format as standard. Costs may apply if you require data to be provided in other formats.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Dedicated mobile app for remote workers
Service interface
No
API
Yes
What users can and can't do using the API
Available as an additional module - contact us for details
API documentation
No
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
System Administrators are able to customise most of the system.

Scaling

Independence of resources
The underlying architecture of AgiliSuite has been specifically designed with scalability at the forefront. As part of the onboarding process we undertake a review of the number of users who will be using the system and assess this against the performance of the solution. If required we can quickly and easily scale up or scale out to cater for the demand of the solution.

In addition, our infrastructure monitoring tools is constantly checking the performance of our services and alerts the support team if undue demand is placed on it therefore enabling us to take corrective action.

Analytics

Service usage metrics
Yes
Metrics types
Monthly or Quarterly reports can be provided upon request summarising the following:

Number of Support Incidents by Priority
Average Response times
Maintenance undertaken during the period
Overview of upcoming planned maintenance
Availability of Service
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
Less than once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
As standard users are able to download data in XLS file format at the end of their contract. Alternatively they may contact the support team if an alternative form is required.
Data export formats
CSV
Data import formats
  • CSV
  • Other
Other data import formats
  • TXT based files
  • ZIP

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We aim to ensure our solution has 99% expected availability based upon the following formula:

Percentage Uptime = Actual Availability / Expected Availability

Where: Expected Availability = Hours in Month - Scheduled Downtime

Our standard Service Level Agreements are outlined in the Terms and Conditions document.
Approach to resilience
The resilient design of our Azure cloud is confidential and is available upon request as commercial-in-confidence.
Outage reporting
Service outages are reported to super users of the system via email notifications, telephone (if required) and a notification is displayed on the homepage of the system if possible.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
All users are granted a unique login to the application with appropriate permissions assigned ensuring they only access the tools and data they require.

Users are provided with unique case numbers of any incidents reported to the support team and they are asked to quote this number in future communications. When reporting incidents, user are asked to provide contact details which are compared against an approved user list for authentication purposes.

In the creation of new user accounts and permissions, super users are asked to provide authorisation for any new users for security reasons.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
LRQA
ISO/IEC 27001 accreditation date
16/01/2020
What the ISO/IEC 27001 doesn’t cover
Nothing
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
31/12/2016
CSA STAR certification level
Level 5: CSA STAR Continuous Monitoring
What the CSA STAR doesn’t cover
None
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Essentials Plus
Information security policies and processes
In an ever changing climate of technological advancement and development it is important that data and systems are managed, hosted and secured in the most robust manner whilst enabling
clients and users access to their information. As a company that hosts and manages large volumes of sensitive data Capita holds information security of the utmost importance.

To ensure robust security for our clients Capita has implemented and enforce a number of policies and procedures outlined below, which currently govern our services. It should be noted that we also implement a policy of continual review and improvement to robustly respond to changes and requirements.

Our policies and procedures cover:

- Acceptable Use
- Cloud Security
- Data Management
- IT Security
- Network Security
- Physical Security
- Supply Chain Security
- Threat and Incident Management

Each procedure forms part of our Information Security Management System and undergoes robust internal audits as well as external assessments with LRQA on a six monthly basis.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Robust change control processes are in place with all changes going through two levels of approval. The first being a technical review, which includes a security assessment, and the second from a business perspective so we can understand the impact upon users. All changes are logged on our change management system, assigned a unique reference with all risks identified along with a back out plan.

Where appropriate we liaise with users to plan any necessary changes and ensure full audit trails are in place.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Our automatic monitoring tools consistently check and notify our support team of any potential threats to our services. This is supported by our dedicated Security teams whose responsibility it is to identify, assess and notify us of any threats via the various forums and groups they are part of.

If a software application patch is required then this is deployed as a matter of urgency, following consultation with our clients.

Automatic Operating System patching tools are in place, running on a regular cycle. The tool downloads, analyses, notifies and installs any necessary patches on test and live environments.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We run up-to-date intrusion detection applications which alert us to any network traffic anomalies. Stringent firewall rules are in place along with Solar Winds alerting therefore, enabling us to quickly identify any potential compromises.

In the event a potential compromise is identified we undertake detailed review of the traffic log covering the perimeter of the network and if any potential issues are identified an immediate action plan is put in place to specifically address the issue.

Our dedicated 2nd line support team are responsible for monitoring security and respond immediately to any potential threats.
Incident management type
Supplier-defined controls
Incident management approach
In line with our Information Security Management System we have certified processes in place regarding incident management. The process begins with the reporting of an Incident via telephone, email or online form.

These mediums provide the greatest flexibility to users and ensures incidents can be reported when other communication methods may be unavailable. The Helpdesk team provide the single point of contact for all incidents and manage, track and liaise with the user and 2nd / 3rd Line teams as necessary during the life cycle of the Incident.

Incident reports can be provided on a monthly/quarterly basis or on request.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£300 to £320 a user a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ztecbd@capita.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.