Idox Software Limited

Uniform Remote Private Cloud

This product is the private cloud implementation of the Uniform back office system utilising the Uniform Remote Client. The product provides functions and features for the management of case data across Planning, Building Control, Environmental Health Gazetteer, Housing, Land Charges and Estates Management.

Features

  • Comprehensive case management.
  • Easy access online.
  • Legislative compliance for business areas.
  • Comprehensive reporting.
  • Highly configurable.
  • Spatially enabled.
  • Single centralised solution.
  • Integration options.

Benefits

  • Efficiency savings - centralised data.
  • Support for mobile/agile working.
  • Supporting digital by default.
  • Maintain compliance with legislation.
  • Better efficiency savings through modern workflow.
  • Process high volume of applications in reduced time.
  • Improved reporting, research and monitoring capabilities.
  • Better support for employees out in the field.

Pricing

£28250 per unit

Service documents

G-Cloud 10

236404143047965

Idox Software Limited

Darren Moyes

0333 011 1200

frameworks@idoxgroup.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints None
System requirements None

User support

User support
Email or online ticketing support Email or online ticketing
Support response times When a support request is received, a priority level is set against the request dependent on its urgency and its impact on the customer’s business. Target initial response times are: -
• High priority – one working hour
• Medium priority – four working hours
• Low priority – eight working hours
• Enquiries – 45 working hours.

The above is applicable to normal working hours and excludes weekends.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Target response/resolution times depend on the priority level of the request, as follows: -
Target response times: -
• High – one hour*
• Medium – four hours
• Low – eight hours
• Enquiries – 45 hours
Target resolution times: -
• High – eight hours
• Medium – 18 hours
• Low – 45 hours
• Enquiries – 180 hours
*hour = working hour
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Idox will assign a project manager to plan and manage the project. This will involve the creation of a project plan with agreed milestones, a risk register and issue log. Idox will endeavour to utilise authority staff in an efficient manner avoiding any duplication of effort. The project plan will be actively maintained and used as a measure to monitor progress towards the deadlines set within it.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction As part of an agreed exit plan Idox provide a single export of data.
End-of-contract process If the local authority has elected to discontinue with the hosting environment, it is Idox responsibility to provide a single export of data and files from the database(s) based on an Idox specification.

Idox will charge the local authority a maximum of 10 consultancy days at its standard day rate for the purposes of a single data export. Additional costs may be required where any data transformation activity is requested.

A full data export comprises a full export of live data the Idox Document Management System and associated file storage. This will provided in two phases, the first phase will be a full export for testing purposes and the second and final phase will be for a final export. The first supply of data will be provided within 10 working days of termination notice unless otherwise agreed with the local authority.

The exported data will be provided in CSV with associated document im+R54 (for EDMS metadata) format unless otherwise agreed between Idox and the local authority.

Using the service

Using the service
Web browser interface No
Application to install Yes
Compatible operating systems Windows
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility Public facing elements are AA compliant.
Accessibility testing None.
API Yes
What users can and can't do using the API Create, Update and Retrieve records within Uniform.
API documentation Yes
API documentation formats PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation The Uniform system provides users the ability to make changes to dropdown menus, colours and other system configuration options. Dependent on the type of change they can be made by end users or system administrators.

Scaling

Scaling
Independence of resources The solution is based on discrete instances of server infrastructure within a virtual private network.

Analytics

Analytics
Service usage metrics Yes
Metrics types Monthly status and usage metrics.
Reporting types Regular reports

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Users can choose to export or query data directly from the system using standard reporting or querying tools.
Data export formats
  • CSV
  • Other
Data import formats Other

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network Data is encrypted with SSL certificate using TLS1.2 protocol between the client device  and the service. All data transferred internally is between secured networks and firewalled away from unnecessary access. All Access is across 1 or more firewalls restricted by port. Connectivity between sites is via encrypted VPN or fixed line to customer security standards.Traffic to and from exposed API's are encrypted with SSL.

Availability and resilience

Availability and resilience
Guaranteed availability SLA subject to contract.
Approach to resilience The application is composed of clusters or hot standby equipment at every level. This ensures there are no single points of failure in the design. The environment and software is monitored and any anomalies are escalated to a 24x7 support team. The physical site itself has redundancy in all services provided.
Outage reporting Services are monitored and proactive notification emails are sent.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels Management access is permitted only from internal networks, themselves requiring two factor authentication to access. Access control lists restrict access.
Access restriction testing frequency At least every 6 months
Management access authentication 2-factor authentication

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information No audit information available
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 QMS International Ltd
ISO/IEC 27001 accreditation date 25/08/2016
What the ISO/IEC 27001 doesn’t cover No exclusions.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Idox Software Ltd has an ISO 27001-certified information security management policy that applies to all business functions within the scope of the Information Security Management System and covers the information, information systems, networks, physical environment and people supporting these business functions. Internal audit and information security awareness training is conducted to ensure policies are followed. Risks raise through internal our external audit are reviewed at management meetings by the information security manager the appropriate head of business and a board representative.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Hardware components are asset tagged, and tracked in our database of physical locations. Software components are deployed to servers and VMs with configuration management, and are tracked using that facility. Any changes to the environment must be submitted via a change request process, where they are assessed for any security or service impact, before being deployed to QA where they are vulnerability and QA checked for verification before a release to staging and production.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We monitor OWASP and other sources for new software vulnerabilities and vulnerability reports, and software patches. Major releases of public facing applications undergo internally and/or externally conducted penetration testing.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Several layers of monitoring are in place to detect access attempts and attacks into the environment. These include the automated application functional monitors, network traffic analysis (NIDS), and unauthorised changes detected via configuration management.

Any potential compromise is raised in line with our security incident reporting procedure.
Incident management type Supplier-defined controls
Incident management approach Security incident reporting process summary: incidents or suspected incidents are raised to internal service desk and reviewed by information security manager. They are allocated a risk reference, entered into the information security risk log and tracked until closure. In the case of major incidents a major incident report will be produced.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £28250 per unit
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Terms and conditions document View uploaded document
Return to top ↑