Konica Minolta Business Solutions (UK) Ltd

Cloud Print Infrastructure Services

A hybrid cloud print service designed for organisations (such as local government, central government and healthcare) who wish to unburden themselves from running a complex IT print infrastructure whilst gaining all the benefits of a Software as a Service solution. For the latest information please visit: http://www.konicaminolta.co.uk/en-gb/industry-verticals/technology-solutions-for-the-public-sector/g-cloud

Features

  • Cloud Print Infrastructure as a Service
  • Multi-vendor Universal Print Driver with full finishing capabilities
  • Print file size compression
  • Self service setup
  • Ideal for Citrix environments including those with bandwidth considerations
  • Simple upgrade path to a true Cloud Print Management solution
  • Cloud Service hosted in the UK

Benefits

  • Simple on-premise print migration to Cloud
  • No IT requirement for setup
  • No on-premise Server/OS requirements
  • Fully managed service including application and OS patch management
  • Multi-vendor support for printers
  • Monthlty subscription model
  • Simple upgrade to a true Cloud Print Management service
  • Print usage reporting - Dashboard

Pricing

£7.78 to £9.63 a device a month

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidsandtenders@konicaminolta.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

2 1 8 6 9 9 0 2 1 9 2 8 7 1 7

Contact

Konica Minolta Business Solutions (UK) Ltd Kathleen Rogers
Telephone: 01268 534444
Email: bidsandtenders@konicaminolta.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
Service constraints
Our technology uses a workstation client. This Client needs to be able to communicate with the workstation and the printer. Note, if the printer is on a separate network to the workstation (or has internet access only), then we can provide a Gateway to communicate with the printer devices.
System requirements
  • PC Client compatible with Windows 7,8 and 10
  • Mac computer clients compatible with OS 10.5 to 10.13
  • Applle IOS compatible with 7.0 to 11.0
  • Android OS compatible with 4.1 (Jelly Bean) to 7.1.2
  • Windows Phone OS required 8.1

User support

Email or online ticketing support
Email or online ticketing
Support response times
1 hour support SLA covering Monday-Friday (excluding bank holidays). 24/7 support available at an extra cost.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
SLA delivers a 1 hour response time. There are status updates every 4, 8 and 16 hours depending if it is a Critical, Major or Minor incident. This is included as part of the core solution offering.

Technical account management, and access to support engineers, are included within our standard support offering.

24/7 support is available at an additional cost.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We follow an installation process which includes a document framework that defines every customer's solution integration requirements. This is the basis from which our Professional Services team will work with the customer to carry out a successful installation. Part of the installation process will include training for the basic operations of the system so that customers can take full advantage of the technology. Training can be remote, face to face and can include personalised documentation.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Data can be extracted into CSV, PDF and XLSX format via the application portal.
End-of-contract process
Customers have the ability at the end of the contract to export their reporting data via the solution portal. This is a feature of the solution and can be done at any time for free.

There will be an additional cost associated with exporting all data beyond reporting, and providing this to the customer. This will be based on the size of the customer and complexity of the setup.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The desktop service via the solution's client will send print jobs via a traditional file/print workflow. Mobile devices will submit print jobs via the App or email to print .
Service interface
Yes
Description of service interface
The solution has a Web based administration interface and is accessed via most common Web browsers.
Accessibility standards
None or don’t know
Description of accessibility
Users with the correct permissions have the ability to manage other users and printers via a simple Web based administrative interface. There is also the ability to provide print reporting usage from the administrative interface.
Accessibility testing
None however can accommodate this should a user case example arise.
API
Yes
What users can and can't do using the API
Setup service through API. Can be used for normal operational processes (import, export, add, edit, delete data of users/print-jobs) via API.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Our solution is a secure multi-tenancy platform where tenants can include their corporate logo and CA certificate. This can be done via a simple upload.

Scaling

Independence of resources
Our solution is configured so that it is elastic. Our service monitoring software alerts our Professional Services team once a defined limit has been reached. Once this happens, we will increase the resource that our Cloud service requires to accommodate for this additional capacity.

Analytics

Service usage metrics
Yes
Metrics types
Print usage per user, device and department.
Reporting types
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Data can be extracted into CSV, PDF and XLSX format via the application portal.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • .XLSX
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We utilise AWS (UK Datacentre) that hosts the IT infrastructure for our service which guarantees 99.95% up time. Our technology can have several configuration options of its micro services and Access Point components which can be outside of our Hosted environment. Due to the architecture flexibility, guaranteeing the application availability cannot be done as there may be micro-services or access point components that are utilised outside of our control. Please be assured that High Availability is built in the hosting infrastructure and application architecture that typically will deliver above 99.95% availability from a software service perspective.
Approach to resilience
Our service has been designed with high availability in mind. We use a load balancing technology combined with AWS resilience services to deliver both High Availability and Disaster Recovery. Further information is available upon request.
Outage reporting
Our internal monitoring systems will alert our support teams in the unlikely event where there is an outage. Notification of outages to customers can be communicated via an API or email alerts.

Identity and authentication

User authentication needed
Yes
User authentication
  • Username or password
  • Other
Other user authentication
Authentication supported protocols: Microsoft AD/LDAP, Microsoft Azure AD, Okta, Azure OAuth2, ADFS OAuth2
Access restrictions in management interfaces and support channels
Access controls are strictly enforced and provisioned as a function of user role or through rigorous just-in-time access requests.
Access restriction testing frequency
At least once a year
Management access authentication
  • Username or password
  • Other
Description of management access authentication
Using Authentication via: Microsoft AD/LDAP, Microsoft Azure AD or Okta.

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
NQA
ISO/IEC 27001 accreditation date
18/11/2019
What the ISO/IEC 27001 doesn’t cover
The scope of our ISO27001 covers the Import and Distribution of Multi-functional Printing Devices and Associated Supplies including Software Solutions and services to Customers as part of Optimized Print Services and Optimized Business Services. This includes all Annex A controls.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
Worldpay
PCI DSS accreditation date
30/05/2018
What the PCI DSS doesn’t cover
Covers the limited number of credit card transactions that we process. There are no credit card related payment processes outside of this scope.
Other security certifications
Yes
Any other security certifications
  • Cyber Essentials
  • Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
ISO 27001 ISO 27017 ISO 9001 PCI DSS Konica Minolta is committed to operating an effective Information Security Management System that will ensure information is protected from a loss of confidentiality, integrity and availability. Given this, our basic approach to information security is to continuously make improvements by measuring and assessing risks associated with important information assets and applying effective measures to mitigate those risks. To support this, we have identified key information security principles; and to ensure these key principles are met, we have established a set of information security objectives as part of our Integrated Business Management System which are monitored and reviewed regularly. This Policy covers Konica Minolta Business Solutions (UK) Ltd and all relevant subsidiaries, including all UK regional offices. It is applicable to all colleagues, visitors, suppliers, customers and contractors related to business activities, products or services. Compliance with the Information Security Policy is mandatory. All Leaders are directly responsible for implementing this policy and ensuring colleagues’ compliance within their Business Units and Shared Functions

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Change configuration is been tracked by YouTrack to create, authorize, monitor and implement changes within secure software development lifecycle. The change advisory council reviews the potential security impacts of the changes before approval.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Our solution developers use OWASP vulnerability assessment and threat modelling, we also use specific NIST and Microsoft SDLC guidance documents for selected areas.

Our Cloud service is patched on a monthly cycle.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Actual, suspected, or potential breaches will be reported immediately to Data Protection Officer (DPO) and shall notify the implicated end-customer within 72 hours.
Depending on the size and seriousness of a data breach, we may conduct an investigation into the circumstances surrounding the breach. Investigations may include an on-site examination of systems and procedures and could lead to a recommendation to inform data subjects about a security breach incident if end-customer has not already done so.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
An incident management framework has been established and communicated with defined processes, roles and responsibilities for the detection, escalation and response of incidents. Incident management teams perform 24x7 monitoring, including documentation, classification, escalation and coordination of incidents per documented procedures.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£7.78 to £9.63 a device a month
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Free trials can be available upon request however will require further due diligence so we can assess the scale of the trial required.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidsandtenders@konicaminolta.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.