One Plus One

Virtual Support Platform

Virtual Support Platform is a virtual content space to support our clients' users remotely 24/7.
The platform allows users to upload content, publish comments on posts and book a live chat.
We offer usage analysis and walled garden privacy feature, that warrants no visibility across the net if required.

Features

  • Remote access 24/7
  • Direct upload of content via CMS
  • Customisable look
  • End-to-End Encrypted live chat feature
  • Personalised user journey through content
  • Comments on posts feature
  • Usage data
  • Walled garden privacy
  • Survey builder
  • Supplier expertise and support

Benefits

  • Users access platform and features from anywhere
  • Users can upload own content in own time via CMS
  • Platform can be customised with client branding and logo
  • Secure and confidential chat
  • Access to content from where it was last left off
  • Users can join public conversation
  • Clients gain insights into user engagement and demographics
  • Service only available to those with a unique url address
  • Clients create and publish own surveys
  • Flexibility and tailoring of solutions

Pricing

£10,000 to £60,000 a licence a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at verity.glasgow@oneplusone.org.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

1 7 2 8 3 5 3 3 2 4 6 8 2 7 6

Contact

One Plus One Verity Glasgow
Telephone: 020 3096 7871
Email: verity.glasgow@oneplusone.org.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
No constraints
System requirements
Latest browsers

User support

Email or online ticketing support
Email or online ticketing
Support response times
Mon-Fri: 9 am to 5 pm - within 2 hours
Sat-Sun: - within 4 hours
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
No
Support levels
An assigned technical manager to offer support throughout contract duration.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Each project starts with a kick-off meeting where service requirements are established and confirmed.
Online training provided to all new clients.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Users would request their data to be extracted upon the contract ending. As the provider we would agree in advance how long data would be kept in accordance with GDPR. We would notify users of this timeframe, and ask that they make data extraction requests within that timeframe.
End-of-contract process
At the end of the contract, we would discuss handover of data at the user's request. This would be at no extra charge. If the user required some additional analysis work, then this may be an additional cost, depending on the level of analysis required.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The platform is mobile optimised for accurate display of content and engagement on mobile.
Service interface
No
API
No
Customisation available
Yes
Description of customisation
Depending on the agreements made when forming a contract, users may be able to have some white-labelling (use of their own brand), a customised url, and an isolated environment. Certain features may also be added or removed.

All of this is subject to the agreements of the contract, but these customisation options are all possible.

Scaling

Independence of resources
We regularly monitor the speed of site/page loading times, and ensure that the system is not being over demanded. In an unlikely event of the system being over stretched, we would immediately seek a solution to expand our server system within AWS.

Analytics

Service usage metrics
Yes
Metrics types
Service metrics are provided from Google Analytics.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Users are able to export data in two ways. 1) They would have certain administrative access to a bespoke CMS that would allow them to export 'reports' which would contain data. 2) Any data required that is not contained in reports can be requested separately.
Data export formats
CSV
Data import formats
Other
Other data import formats
  • Checkbox submissions via the interface
  • Radio submissions via the interface
  • Slider scale submissions via the interface

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Service available upon entering into a formal agreement.
Refunds are proportionate to usage, should the guaranteed levels of availability not be met.
Approach to resilience
Available on request.
Outage reporting
A public dashboard via AWS. E-mail alerts from AWS and API providers.

Identity and authentication

User authentication needed
No
Access restrictions in management interfaces and support channels
All admin users are subject once again to a super admin user. So a member of the organisation can always control the number of admins that are active. Admins do not have the ability to unseat or add new admins, and therefore admin user management is being used to restrict unwanted access and risk.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
CSA CCM version 3.0
Information security policies and processes
Our security policy dictates that only those who require access to controls (either at an admin level or server level) are given controls to our system. No more than required. Our super admin works internally within the organisation who carries ultimate control and responsibility, and any development work is carried out by an allocated employee who is contracted with an NDA.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We review and refactor components on a regular basis, as a means to making the product leaner and more secure wherever possible. Updates to components controlled elsewhere (such as APIs) are checked regularly, and update notifications are set up for the on-hand developer who looks after maintenance.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We assess potential threats by investigating individual components on a regular basis as part of an ongoing audit. This takes place monthly. As a large part of the system is bespoke, we already mitigate some of the issues that more well-known systems face. As such, we're more familiar with weaknesses. We also therefore have the ability to deploy patches and fixes very quickly, as we're not reliant on information being passed from other parties.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We identify compromises during a regular monthly audit of our system and the components that make up the system. Regular audits help us identify if we find out that something is over-engineered and we can simplify in order to reduce elements that could be compromised, and reveal areas for improvement. The final way is realising that part of the service is not functioning as expected, We respond very quickly, because we have ownership over the entire coding environment.
Incident management type
Supplier-defined controls
Incident management approach
Our approach is for users to report incidents by emailing our organisation, or making a call to allocated members of the organisation.

Incident reports are drafted bespoke, outlining what was reported, what we did to respond, and why we did it. This report would be standard for any such incident, dated and approved by a member of the team.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£10,000 to £60,000 a licence a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
A free trial version available for 1 calendar month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at verity.glasgow@oneplusone.org.uk. Tell them what format you need. It will help if you say what assistive technology you use.