Qubic Group plc

Universal Remote Information Management (URIM) Application

Universal Remote Information Management (URIM) helps solve the problem of managing a widespread workforce.
It gives you global mobile access to structured information your people really need. Ideally suited to those responding to time-critical operational events, it ensures users have the vital information they need to do their job.

Features

  • User definable content, configurable and tailored to the specific organisation
  • Secure Instant Messaging
  • Multi-Lingual
  • Content always latest revision and available throughout the organisation.
  • User acknowledgement to incidents or policy/ information changes
  • Always latest internal contact list
  • Digitising of organisations processes and procedures
  • Provides audit trial
  • Ease of user adoption
  • Highly scalable and resilient

Benefits

  • Easily deployable by administrator avoids high traditional professional services costs.
  • Improves productivity and efficiency
  • Avoids costly ongoing printing of out of date procedure manuals
  • Ensures employees are informed and the organisation can validate this
  • Avoid the need to distribute old contact list
  • Improves company operations as procedures are readily available.
  • Regulatory requirements can be validated
  • Improves productivity and efficiency
  • Ensures information is always available and appropriate action taken

Pricing

£2.50 a user a month

Service documents

Framework

G-Cloud 12

Service ID

2 2 1 3 2 3 1 6 4 3 1 3 8 8 5

Contact

Qubic Group plc Charlie Riddle
Telephone: 02086017000
Email: Charlie.Riddle@qubicgroup.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
Application runs on iOS and Android mobile phones and is available to be downloaded from Apple or Google Play store

Application will require at least 15mb of available storage on mobile device

Data and information to be shared within application is uploaded via management console available on any windows browser
System requirements
  • Mobile Phone or Tablet as URIM is a mobile application
  • 2. Service Provider for mobile connection ie 4G or wifi
  • 15mb of available memory on mobile device

User support

Email or online ticketing support
Email or online ticketing
Support response times
Ticket response times depend on the severity of the incident being reported.
Priority 0 - Major issues relating to severe system outages are responded to 1 hour and aimed resolution within 2 hours.
Priority 1 - Critical issues relating to severe system degradation responded to 2 hours and aimed resolution within 4 hours.
Priority 2 - Medium issues impacting an individual or single user preventing base functionality responded within 3 hours and aimed resolution within 6 hours
Priority 3 - Low issues impacting a single user responded within 4 hours and aimed resolution within 8 hours.
Further available at www.qubicgroup.com
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
No
Support levels
Round the Clock (24/7) includes:-
Application monitoring;
Helpdesk user support;
Patch management and updates;
Anti-virus, anti-spam and ransomware protection of data;
Software license management
All included in license price
Support available to third parties
No

Onboarding and offboarding

Getting started
As part of the set up for the application a Qubic Group dedicated Project Manager is assigned who will work closely with the customer to design the installation plan. This plan will include:-
Installation of application;
Setting up of menus and sub menus;
Applying customer logos;
Training and assistance with user set up.

As well as a project manager each customer will be assigned an Account Manager to hand hold their relationship with Qubic during the lifespan of the relationship
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
As part of the exit of a customer from Qubic Group our Cancellation team will validate and confirm the process of the data migration away from Qubic Group.

Data can be extracted and sent to a customer as per customers requirements and will always be encrypted for security.

The original data with Qubic Group can continue to be stored until the customer confirms that the data can be deleted, subject to commercial storage considerations being clarified.
End-of-contract process
At the point of cancellation of a contract all services included in the contract will continue until the contract end date/point of exit.

As part of the cancellation process it will be clarified what actions are required in relation to:-

Returning of any data stored;
Cancellation of any 3rd party contracts in relation of the software provided.

Additional costs will be incurred if any (but not exclusively limited too) of the above actions require engineers or resources to perform additional tasks not included in the original contract.

Costs will also be incurred if any 3rd party agreements which are to be cancelled or terminated but have not reached the end of the contract and as such incurr a cancellation fee or charge.

Using the service

Web browser interface
No
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Windows Phone
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Application is used on mobile devices as a principle and with information and data designed to be available through mobile devices

Desktop is only used to apply data and information to application through a web browser
Service interface
Yes
Description of service interface
Service interface is a access via web browser to apply data and information to the application
Accessibility standards
None or don’t know
Description of accessibility
Data is loaded through the service interface in xls format or plain text format and applied to the application in a series of customer definable menus and sub menus
Accessibility testing
The interface has been fully tested (including regression testing, user acceptance testing and volume performance testing)
API
No
Customisation available
Yes
Description of customisation
Date and information can be fully customised with menus and sub menus able to be configured to customers requirements including language.
Telephone numbers and services stored within the application are be set at a global, regional and local level as required.
Customers logo can be applied to application to further customise

Scaling

Independence of resources
Users logging into the application on their mobile device use very little system requirements so the impact of users using the service is very small.
As the users accesses the data the service uses load balancing technology so ensure resources are equally distributed through the network and across the servers where the data is held at rest

Analytics

Service usage metrics
No

Resellers

Supplier type
Reseller (no extras)
Organisation whose services are being resold
URIM App Limited

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data can be exported from the management console via a web browser in either xls or plain text format.
Data export formats
  • CSV
  • Other
Other data export formats
Plain text
Data import formats
  • CSV
  • Other
Other data import formats
Plain text

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Qubic Group SLA is that the service is available 99.99% as measured over the calendar month with the exception of:-
any planned and notified maintenance;
any period of force majeure;
any act or omission of the customer either directly or indirectly causes the service interruption.
In the event of service interruption the customer can claim from Qubic Group service credits which are calculated as per the terms of conditions available from Qubic Group.
Approach to resilience
The Qubic Group datacentres are N+1 and Tier 3 datacentres with all operations designed to be resilient. Further information is available on request.
Outage reporting
In the event of outage impacting services to Qubic Groups customers the communication to customers is managed centrally from the ticket/service desk system.

All communication will be logged into the system with regular updates. Those customers impacted receive the necessary updates via email and the customer facing portal if they have access to it.

Any customer logging a service ticket in the event of an outage will also receive updates on their ticket as well as the main central ticket.

Account managers will also be on hand to call customers and discuss the outage.

Identity and authentication

User authentication needed
Yes
User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
All users are assigned access based on users defined roles with only the relevant access for their role being provided.

A full audit trail is available of all logons and actions undertaken to provide a full history of user access and management.

Access management reviews are conducted on a regular basis to ensure correct levels of access are maintained by users per role.
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
QMS International
ISO/IEC 27001 accreditation date
25/11/2014
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • Cyber Essentials
  • IASME Governance
  • CiSP
  • ISO9001:2015

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Qubic Group is ISO9001 and 27001 accredited.
Within the Qubic Group we have a strictly adhered to Information Security Management System (ISMS) Policy and Procedure.
The ISMS Policy and Procedure is reviewed and set by the The Information Management Forum within Qubic Group. This forum is made up of:-
ISMS Manager who oversees the forum.
The remainder of the forum is made up of Qubic Managing Directors, Operations Manager, Service Manager, and Senior Data Engineer.
The forum is responsible for Policy and Procedure reviews, documentation, training awareness and induction, incident management and ISMS audits.
The Policy and Procedure is located on the company shared drive for all staff to access.
All new joiners are required to read and sign off the policy and procedure as part of their induction process.
All existing other staff sign off the policy and procedure annually.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
IT change management is a controlled process and any required internal changes to the computing environment are registered by raising a Case Record in the CRM system.
The nature of the change, rationale and any security implications are recorded. Changes to customer networks are similarly requested and logged in the CRM system.
All concerned parties are informed of the status of the request as changes progressed and implemented.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Technical vulnerabilities identified as a result of the implementation of the ISMS are reviewed and addressed as detailed in this Manual.
Patches required to address vulnerabilities in systems are white line tested by a third party provider before being authorised for deployment.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Qubic Group use proactive monitoring tools to continuously monitor the status of the environments and infrastructures that are delivered to customers.

The monitoring tool will issue an alarm if one of the set parameters is breached or the status of the service falls into a defined category. The alarm will be picked by the Qubic Group Network Operations Centre (NOC) and the issue will then be investigated and resolved.

All alarms are initially investigated as a P0 Critical incident.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Where a Incident is reported, a ticket is raised and allocated to a Qubic engineer who will ascertain the severity of the issue by contacting the customer and working with them to diagnose the incident.
All incidents will be logged within the Qubic ticketing system.
Where a workaround has been implemented and rectification works are required to fully complete the incident Qubic will engage the ‘Problem Management team’ made up of Senior Directors, Management, and Technical Staff who would jointly agree the plan of action to rectify.
A Major Incident Report (MIR) is completed and shared with the customer.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£2.50 a user a month
Discount for educational organisations
No
Free trial available
No

Service documents