The Invotra Platform is a world-class and proven open-source technology platform that supports the Invotra Product application layer. The stack utilises a wide range of applications such as SE Linux, Drupal, Solr, Apache, Memcache, MariaDB, and Nagios to provide the perfect delivery environment all built on a secure cloud infrastructure.
- Search Engine
- Drupal Content Management System (CMS)
- Information Architecture
- Import / Export via APIs
- Provides clients with the ability to extend Invotra functionality
- Publish intranet content for multiple devices
- Develop bespoke intranet applications in Invotra
- Develop bespoke people directory apps in Invotra
- Develop bespoke social apps in Invotra
- Supports Agile delivery
- Integrate into world-class open source technology stack
- Build once, deliver responsively to multiple devices
- Use connectors for Google Analytics, Active Directory, Salesforce and others
- Take advantage of analytics capabilities to measure KPIs
£4000 per instance per month
The Invotra Cloud Hosting Service only supports the Invotra Cloud Software Services and Products.
View the Invotra Cloud Software Services in the Digital Marketplace to learn more.
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Depending on the mutually agreed priority level of the query, emails are answered very quickly, usually within the working day.
The UK Helpdesk is available for the UK Public Sector customers between 0700-1900 Monday-Friday, excluding Bank Holidays and national holidays.
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||Web chat|
|Web chat support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support accessibility standard||WCAG 2.0 AA or EN 301 549 9: Web|
|Web chat accessibility testing||Use webchat with users with sight issues.|
|Onsite support||Yes, at extra cost|
At Invotra, service is everything. We take great pride in the ways in which we deliver a superlative service to our customers.
Invotra Cloud Hosting customers will have a Technical Account Manager who will provide regular reviews of the customers service and PaaS performance.
See our Invotra Cloud Hosting Service Definition Document for full details of our support levels offered.
|Support available to third parties||Yes|
Onboarding and offboarding
Invotra is locally based and travels extensively throughout the UK to meet its many UK Government customers.
Through regular face-to-face meetings, Invotra supports new customers with discovery, stakeholder engagement and training of intranet and digital workplace administrators.
Invotra then supports the project management teams responsible for delivery. This extends to teams responsible for security and architecture, content and people data migration and integration into live service management teams.
Throughout onboarding, Invotra provides detailed documentation for product descriptions, APIs and training.
End user education is available as well.
|End-of-contract data extraction||Users can extract their data via the APIs at any point in time in the Service. If requested, Invotra will provide a zip file of this data at the end of the contract.|
|End-of-contract process||Any documentation or support required by a sufficiently competent developer will be provided to ensure a smooth off-boarding process.|
Using the service
|Web browser interface||Yes|
|Using the web interface||Manual access to the Invotra web interface is available. All other access through REST APIs.|
|Web interface accessibility standard||WCAG 2.0 AA or EN 301 549|
|Web interface accessibility testing||
Invotra has conducted interface testing of its intranet and digital workplace applications with DWP end users in Preston, Blackpool & York, as well as DfT end users in London.
Invotra has incorporated accessibility experience in everything we do. For instance, form elements such as checkboxes are now standardised. We've implemented ARIA, and fixed native HTML and now use the author best practice guide, as a result of our engagement with UK Government customers.
|What users can and can't do using the API||
Service users are manually set up, and use APIs to update and change all content relating to people, content or taxonomies.
All calls are bound by the established permission system.
|API automation tools||Ansible|
|API documentation formats||Open API (also known as Swagger)|
|Command line interface||No|
|Independence of resources||The platform is designed and scaled with excess capacity up to 50% above anticipated requirements of all customers. This is monitored and adjusted appropriately.|
|Infrastructure or application metrics||Yes|
|Reporting types||Regular reports|
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||‘IT Health Check’ performed by a CHECK service provider|
|Protecting data at rest||Physical access control, complying with CSA CCM v3.0|
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Backup and recovery
|Backup and recovery||Yes|
|What’s backed up||Virtual machines|
|Backup controls||Mutually agreed as part of the Service design.|
|Datacentre setup||Multiple datacentres|
|Scheduling backups||Supplier controls the whole backup schedule|
|Backup recovery||Users contact the support team|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||
Availability and resilience
99% uptime is guaranteed by Invotra for both Invotra Platinum and Invotra Gold. 98% uptime is guaranteed for Invotra Silver.
In the event of a failure to meet the specified service levels a service credit can be applied for by the customer. The details of the service credits available are detailed in Invotra's Terms & Conditions.
|Approach to resilience||Both high and low level designs are available to appropriately security cleared individuals upon request.|
|Outage reporting||Email alerts|
Identity and authentication
|Access restrictions in management interfaces and support channels||All processes and policies are detailed within an internal system which is available for review on request. The system fully supports all policies and processes required for ISO 27001.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
|Devices users manage the service through||Dedicated device on a segregated network (providers own provision)|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||You control when users can access audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||Between 1 month and 6 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Alcumus|
|ISO/IEC 27001 accreditation date||25/08/2016|
|What the ISO/IEC 27001 doesn’t cover||Any elements of the business not directly related to the Invotra Service and Support.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security accreditations||No|
|Named board-level person responsible for service security||Yes|
|Security governance accreditation||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
All processes and policies are detailed within an internal system which is available for review on request.
The system fully supports all policies and processes required for ISO 27001.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||This information is made available in both high and low level designs which are available to appropriately security cleared individuals upon request.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||All processes and policies are detailed within an internal system which is available for review on request. The system fully supports all policies and processes required for ISO 27001.|
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||All processes and policies are detailed within an internal system which is available for review on request. The system fully supports all policies and processes required for ISO 27001.|
|Incident management type||Supplier-defined controls|
|Incident management approach|
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||No|
|Price||£4000 per instance per month|
|Discount for educational organisations||No|
|Free trial available||No|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Terms and conditions document||View uploaded document|