APOGEE CORPORATION LIMITED

Apogee Cloud Print

A Cloud based print service designed for organisations such as local government, central government and healthcare, who want to simplify their print infrastructure and migrate complex on premise IT print infrastructure to a Software as a Service cloud print solution.

Features

  • Secure Print / Copy / Scan
  • Multi MFD vendor with embedded software
  • Single driver support across all MFD vendors
  • Supports all OS including iOS and Android devices (BYOD)
  • File size compression to minimize network bandwidth
  • Multi domain authentication with SSO (single sign-on)
  • Multi domain integration
  • Serverless Cloud Service
  • Cloud service hosted in UK
  • Single WEB UI administration

Benefits

  • Fully managed print cloud service
  • Eliminate on premise servers and dedicated HW
  • Single driver technology, eliminating driver management
  • Elastic scaling from small installations to Enterprise size organizations
  • Multi MFD vendor support
  • Single Admin user interface
  • No VPN or private network required
  • Subscription model available
  • Ability to support print policies
  • Multi authentication - support LDAP, Azure and OKTA auth.

Pricing

£300 a device

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at simon.jones@apogeecorp.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

2 0 2 8 7 7 7 0 0 8 9 8 6 3 1

Contact

APOGEE CORPORATION LIMITED Simon Jones
Telephone: 0345 300 9955
Email: simon.jones@apogeecorp.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
This can be an extension to "DO APOGEE HAS OTHER SERVICES THAT THIS WORKS WITH ?"
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
In some cases, a gateway is required for secure communication with Printers/MFD's
System requirements
  • Cloud to printer communication (Internet, LAN, WLAN)
  • End user connection to service (Internet, LAN, WLAN)
  • PC Client with Windows 7,8 or 10
  • Mac Client with MacOS 10.5 or later
  • IOS version 8.0 or later for mobile support
  • Android 5.1 or later for mobile support

User support

Email or online ticketing support
Email or online ticketing
Support response times
We have a range of response times based on defined categorisation of requirements. We operate from 8.30am and to 5.30pm, Monday to Friday. Out of hours and/or weekend support can be arranged where required.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Onsite support
Support levels
We provide first, second and third level help desk product support via our Managed Service Operations Centre. Where required, field service is available and part of the service contract. Costs are variable and reflect the product options chosen.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Apogee provides a full managed service including scoping, installation, onsite training and post installation support.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Our platform allows users to download direct from their portal in multiple formats such as excel, csv or PDF. A comprehensive API is also available.
End-of-contract process
As a software-as-a-service arrangement, the software will become inactive at the end of the contract period. Customers will have the choice to extend their maintenance should they wish.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
To be answered
Service interface
Yes
Description of service interface
The cloud service has a Web based administration interface and is accessed via most common Web browsers.
Accessibility standards
None or don’t know
Description of accessibility
Users with the correct permissions have the ability to manage other users and printers via a simple Web based administrative interface. There is also the ability to provide print reporting usage from the administrative interface. Users of the service can be authenticated through the customers existing authentication service for SSO.
Accessibility testing
None however can accommodate this should a user case example arise.
API
Yes
What users can and can't do using the API
The API can be used to access other external systems and for normal operation like (import, export, add, edit, delete data of users/print-jobs) via the API. In addition the API can be used for deployment and initial configuration for large scale installations.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The solution is a secure multi-tenancy platform where tenants can include their corporate logo and CA certificate. This can be done via a simple image and certificate upload.

Scaling

Independence of resources
The Cloud service is fully elastic and controlled by automation, warning and alerts. All activities are monitored by the Cloud service provider and action is taken immediately on any activity or alert. The user can follow the cloud service availability on the Service providers online status and history portal.

Analytics

Service usage metrics
Yes
Metrics types
Reports can be generated for print, copy and scan usage.

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
EVERYONEPrint

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Data can be extracted into CSV, PDF and XLSX format via the application portal. In addition configuration data can be exported through the API interface.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • XLS
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The UK Datacentre that hosts the IT infrastructure for the service guarantees 99.999% up time, with 100% network and server up time SLA. Due to the architecture flexibility and connection to other services that are outside our control (Azure and Okta authentication, MFD/Printers and other local dependencies making a guarantee on solution level cannot be done. Please be assured that High Availability is built in the hosting infrastructure and application architecture that typically will deliver above 99.95% availability from a software service perspective.
Approach to resilience
The Service is designed with high availability in mind. This includes a large scale redundant setup including multiple load balancing servers and clustered databases. More detailed information can be offered upon request.
Outage reporting
Public notification and service portal where users can subscribe and receive email notification on any planned or unplanned service interruption.

Identity and authentication

User authentication needed
Yes
User authentication
  • Username or password
  • Other
Other user authentication
Users are authenticated through the users existing authentication service. This includes Local LDAP, Azure authentication and OKTA services. In addition the solution supports Single Sign on for Microsoft Azure/ADFS Oauth2 authentication types.
Access restrictions in management interfaces and support channels
Access controls are strictly enforced and provisioned as a function of user role or through rigorous just-in-time access requests.
Access restriction testing frequency
At least once a year
Management access authentication
  • Username or password
  • Other
Description of management access authentication
Users are authenticated through the users existing authentication service. This includes Local LDAP, Azure authentication and OKTA services. In addition the solution supports Single Sign on for Microsoft Azure/ADFS Oauth2 authentication types.

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
SGS United Kingdom Ltd.
ISO/IEC 27001 accreditation date
21/04/2020
What the ISO/IEC 27001 doesn’t cover
None
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
Worldpay
PCI DSS accreditation date
27/11/2019
What the PCI DSS doesn’t cover
Attestation to compliance occurs at a point in time. This may not cover future compliance due to the changing nature of network and application infrastructures, future vulnerabilities or advances in hacking techniques or subsequent failure to act in accordance with applicable PCI DSS requirements. This provision does not affect or impact in any way the obligations of APOGEE CORPORATION LIMITED under any Merchant Terms and Condition in place.
Other security certifications
Yes
Any other security certifications
  • Cyber Essentials
  • Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
ISO27001 and GDPR

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Change configuration is been tracked by YouTrack to create, authorize, monitor and implement changes within secure software development lifecycle. The change advisory council reviews the potential security impacts of the changes before approval.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Our solution developers use OWASP vulnerability assessment and threat modelling, we also use specific NIST and Microsoft SDLC guidance documents for selected areas. Our Cloud service is patched on a monthly cycle.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Actual, suspected, or potential breaches will be reported immediately to Data Protection Officer (DPO) and shall notify the implicated end-customer within 72 hours. Depending on the size and seriousness of a data breach, we may conduct an investigation into the circumstances surrounding the breach. Investigations may include an on-site examination of systems and procedures and could lead to a recommendation to inform data subjects about a security breach incident if end-customer has not already done so.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
An incident management framework has been established and communicated with defined processes, roles and responsibilities for the detection, escalation and response of incidents. Incident management teams perform 24x7 monitoring, including documentation, classification, escalation and coordination of incidents per documented procedures.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
Health and Social Care Network (HSCN)

Pricing

Price
£300 a device
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at simon.jones@apogeecorp.com. Tell them what format you need. It will help if you say what assistive technology you use.