This product is the private cloud implementation of the Uniform back office system utilising the Uniform Remote Client. The product provides functions and features for the management of case data across Planning, Building Control, Environmental Health Gazetteer, Housing, Land Charges and Estates Management.
- Comprehensive case management.
- Easy access online.
- Legislative compliance for business areas.
- Comprehensive reporting.
- Highly configurable.
- Spatially enabled.
- Single centralised solution.
- Integration options.
- Efficiency savings - centralised data.
- Support for mobile/agile working.
- Supporting digital by default.
- Maintain compliance with legislation.
- Better efficiency savings through modern workflow.
- Process high volume of applications in reduced time.
- Improved reporting, research and monitoring capabilities.
- Better support for employees out in the field.
£28250 per unit
Idox Software Limited
0333 011 1200
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
When a support request is received, a priority level is set against the request dependent on its urgency and its impact on the customer’s business. Target initial response times are: -
• High priority – one working hour
• Medium priority – four working hours
• Low priority – eight working hours
• Enquiries – 45 working hours.
The above is applicable to normal working hours and excludes weekends.
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Target response/resolution times depend on the priority level of the request, as follows: -
Target response times: -
• High – one hour*
• Medium – four hours
• Low – eight hours
• Enquiries – 45 hours
Target resolution times: -
• High – eight hours
• Medium – 18 hours
• Low – 45 hours
• Enquiries – 180 hours
*hour = working hour
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||Idox will assign a project manager to plan and manage the project. This will involve the creation of a project plan with agreed milestones, a risk register and issue log. Idox will endeavour to utilise authority staff in an efficient manner avoiding any duplication of effort. The project plan will be actively maintained and used as a measure to monitor progress towards the deadlines set within it.|
|End-of-contract data extraction||As part of an agreed exit plan Idox provide a single export of data.|
If the local authority has elected to discontinue with the hosting environment, it is Idox responsibility to provide a single export of data and files from the database(s) based on an Idox specification.
Idox will charge the local authority a maximum of 10 consultancy days at its standard day rate for the purposes of a single data export. Additional costs may be required where any data transformation activity is requested.
A full data export comprises a full export of live data the Idox Document Management System and associated file storage. This will provided in two phases, the first phase will be a full export for testing purposes and the second and final phase will be for a final export. The first supply of data will be provided within 10 working days of termination notice unless otherwise agreed with the local authority.
The exported data will be provided in CSV with associated document im+R54 (for EDMS metadata) format unless otherwise agreed between Idox and the local authority.
Using the service
|Web browser interface||No|
|Application to install||Yes|
|Compatible operating systems||Windows|
|Designed for use on mobile devices||No|
|Accessibility standards||None or don’t know|
|Description of accessibility||Public facing elements are AA compliant.|
|What users can and can't do using the API||Create, Update and Retrieve records within Uniform.|
|API documentation formats|
|API sandbox or test environment||No|
|Description of customisation||The Uniform system provides users the ability to make changes to dropdown menus, colours and other system configuration options. Dependent on the type of change they can be made by end users or system administrators.|
|Independence of resources||The solution is based on discrete instances of server infrastructure within a virtual private network.|
|Service usage metrics||Yes|
|Metrics types||Monthly status and usage metrics.|
|Reporting types||Regular reports|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a CHECK service provider|
|Protecting data at rest||Encryption of all physical media|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||Users can choose to export or query data directly from the system using standard reporting or querying tools.|
|Data export formats||
|Data import formats||Other|
|Data protection between buyer and supplier networks||IPsec or TLS VPN gateway|
|Data protection within supplier network||
|Other protection within supplier network||Data is encrypted with SSL certificate using TLS1.2 protocol between the client device and the service. All data transferred internally is between secured networks and firewalled away from unnecessary access. All Access is across 1 or more firewalls restricted by port. Connectivity between sites is via encrypted VPN or fixed line to customer security standards.Traffic to and from exposed API's are encrypted with SSL.|
Availability and resilience
|Guaranteed availability||SLA subject to contract.|
|Approach to resilience||The application is composed of clusters or hot standby equipment at every level. This ensures there are no single points of failure in the design. The environment and software is monitored and any anomalies are escalated to a 24x7 support team. The physical site itself has redundancy in all services provided.|
|Outage reporting||Services are monitored and proactive notification emails are sent.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||Management access is permitted only from internal networks, themselves requiring two factor authentication to access. Access control lists restrict access.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||2-factor authentication|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||No audit information available|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||QMS International Ltd|
|ISO/IEC 27001 accreditation date||25/08/2016|
|What the ISO/IEC 27001 doesn’t cover||No exclusions.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||Idox Software Ltd has an ISO 27001-certified information security management policy that applies to all business functions within the scope of the Information Security Management System and covers the information, information systems, networks, physical environment and people supporting these business functions. Internal audit and information security awareness training is conducted to ensure policies are followed. Risks raise through internal our external audit are reviewed at management meetings by the information security manager the appropriate head of business and a board representative.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Hardware components are asset tagged, and tracked in our database of physical locations. Software components are deployed to servers and VMs with configuration management, and are tracked using that facility. Any changes to the environment must be submitted via a change request process, where they are assessed for any security or service impact, before being deployed to QA where they are vulnerability and QA checked for verification before a release to staging and production.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||We monitor OWASP and other sources for new software vulnerabilities and vulnerability reports, and software patches. Major releases of public facing applications undergo internally and/or externally conducted penetration testing.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Several layers of monitoring are in place to detect access attempts and attacks into the environment. These include the automated application functional monitors, network traffic analysis (NIDS), and unauthorised changes detected via configuration management.
Any potential compromise is raised in line with our security incident reporting procedure.
|Incident management type||Supplier-defined controls|
|Incident management approach||Security incident reporting process summary: incidents or suspected incidents are raised to internal service desk and reviewed by information security manager. They are allocated a risk reference, entered into the information security risk log and tracked until closure. In the case of major incidents a major incident report will be produced.|
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£28250 per unit|
|Discount for educational organisations||No|
|Free trial available||No|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Terms and conditions document||View uploaded document|