Invotra

Intranet Platform as a Service (PaaS)

The Invotra Platform is a world-class and proven open-source technology platform that supports the Invotra Product application layer. The stack utilises a wide range of applications such as SE Linux, Drupal, Solr, Apache, Memcache, MariaDB, and Nagios to provide the perfect delivery environment all built on a secure cloud infrastructure.

Features

  • Search Engine
  • Webserver
  • Database
  • SSO
  • Drupal Content Management System (CMS)
  • Analytics
  • Monitoring
  • Information Architecture
  • Caching
  • Import / Export via APIs

Benefits

  • Provides clients with the ability to extend Invotra functionality
  • Publish intranet content for multiple devices
  • Develop bespoke intranet applications in Invotra
  • Develop bespoke people directory apps in Invotra
  • Develop bespoke social apps in Invotra
  • Supports Agile delivery
  • Integrate into world-class open source technology stack
  • Build once, deliver responsively to multiple devices
  • Use connectors for Google Analytics, Active Directory, Salesforce and others
  • Take advantage of analytics capabilities to measure KPIs

Pricing

£4000 per instance per month

Service documents

G-Cloud 9

209260226346767

Invotra

Jamie Garrett

07824168080

sales@invotra.com

Service scope

Service scope
Service constraints The Invotra Cloud Hosting Service only supports the Invotra Cloud Software Services and Products.

View the Invotra Cloud Software Services in the Digital Marketplace to learn more.
System requirements
  • Kerberos or SAML
  • Security review
  • Performance review

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Depending on the mutually agreed priority level of the query, emails are answered very quickly, usually within the working day.

The UK Helpdesk is available for the UK Public Sector customers between 0700-1900 Monday-Friday, excluding Bank Holidays and national holidays.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard WCAG 2.0 AA or EN 301 549 9: Web
Web chat accessibility testing Use webchat with users with sight issues.
Onsite support Yes, at extra cost
Support levels At Invotra, service is everything. We take great pride in the ways in which we deliver a superlative service to our customers.

Invotra Cloud Hosting customers will have a Technical Account Manager who will provide regular reviews of the customers service and PaaS performance.

See our Invotra Cloud Hosting Service Definition Document for full details of our support levels offered.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Invotra is locally based and travels extensively throughout the UK to meet its many UK Government customers.

Through regular face-to-face meetings, Invotra supports new customers with discovery, stakeholder engagement and training of intranet and digital workplace administrators.

Invotra then supports the project management teams responsible for delivery. This extends to teams responsible for security and architecture, content and people data migration and integration into live service management teams.

Throughout onboarding, Invotra provides detailed documentation for product descriptions, APIs and training.

End user education is available as well.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction Users can extract their data via the APIs at any point in time in the Service. If requested, Invotra will provide a zip file of this data at the end of the contract.
End-of-contract process Any documentation or support required by a sufficiently competent developer will be provided to ensure a smooth off-boarding process.

Using the service

Using the service
Web browser interface Yes
Using the web interface Manual access to the Invotra web interface is available. All other access through REST APIs.
Web interface accessibility standard WCAG 2.0 AA or EN 301 549
Web interface accessibility testing Invotra has conducted interface testing of its intranet and digital workplace applications with DWP end users in Preston, Blackpool & York, as well as DfT end users in London.

Invotra has incorporated accessibility experience in everything we do. For instance, form elements such as checkboxes are now standardised. We've implemented ARIA, and fixed native HTML and now use the author best practice guide, as a result of our engagement with UK Government customers.
API Yes
What users can and can't do using the API Service users are manually set up, and use APIs to update and change all content relating to people, content or taxonomies.

All calls are bound by the established permission system.
API automation tools Ansible
API documentation Yes
API documentation formats Open API (also known as Swagger)
Command line interface No

Scaling

Scaling
Scaling available Yes
Scaling type Manual
Independence of resources The platform is designed and scaled with excess capacity up to 50% above anticipated requirements of all customers. This is monitored and adjusted appropriately.
Usage notifications Yes
Usage reporting Email

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types Regular reports

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Physical access control, complying with CSA CCM v3.0
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up Virtual machines
Backup controls Mutually agreed as part of the Service design.
Datacentre setup Multiple datacentres
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability 99% uptime is guaranteed by Invotra for both Invotra Platinum and Invotra Gold. 98% uptime is guaranteed for Invotra Silver.

In the event of a failure to meet the specified service levels a service credit can be applied for by the customer. The details of the service credits available are detailed in Invotra's Terms & Conditions.
Approach to resilience Both high and low level designs are available to appropriately security cleared individuals upon request.
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
Access restrictions in management interfaces and support channels All processes and policies are detailed within an internal system which is available for review on request. The system fully supports all policies and processes required for ISO 27001.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Other
Devices users manage the service through Dedicated device on a segregated network (providers own provision)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Alcumus
ISO/IEC 27001 accreditation date 25/08/2016
What the ISO/IEC 27001 doesn’t cover Any elements of the business not directly related to the Invotra Service and Support.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes All processes and policies are detailed within an internal system which is available for review on request.

The system fully supports all policies and processes required for ISO 27001.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach This information is made available in both high and low level designs which are available to appropriately security cleared individuals upon request.
Vulnerability management type Supplier-defined controls
Vulnerability management approach All processes and policies are detailed within an internal system which is available for review on request. The system fully supports all policies and processes required for ISO 27001.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach All processes and policies are detailed within an internal system which is available for review on request. The system fully supports all policies and processes required for ISO 27001.
Incident management type Supplier-defined controls
Incident management approach All processes and policies are detailed within an internal system which is available for review on request. The system fully supports all policies and processes required for ISO 27001.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes

Pricing

Pricing
Price £4000 per instance per month
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Terms and conditions document View uploaded document
Return to top ↑