Panlogic Limited - Digital Engineering

Easy & Secure Pledgometer Service

Pledgeometer: dynamic pledge ‘thermometer’ (defining £ raised) Customisation/variables definition Multiple pledgeometers per category (with category definition) Dynamic pledgeometer animation Reverse countdown ‘£XXX needed’ Pledge recording & management Public & private/anonymous pledges Pledge payment integration Multi-currency handling Repeating pledges Integration of offline & online pledges Email integration Non-financial pledges possible

Features

  • Pledgeometer - dynamic pledge ‘thermometer’ (defining £ raised)
  • Customisation and variables definition
  • Multiple pledgeometers per category (with category definition)
  • Dynamic pledgeometer animation
  • Reverse countdown ‘£XXX needed’
  • Pledge recording & management
  • Public & private/anonymous pledges
  • Pledge payment integration & multi-currency handling
  • Integration of offline & online pledges
  • Design/build & hosting

Benefits

  • Suitable for all public-sector organisations
  • User self-service
  • Management Information/audit
  • Suitable for non-technical users
  • User-friendly, multi-platform (web/tablet/mobile)
  • Customisation and variables definition
  • Pledge recording & management
  • Repeating pledges
  • Email integration
  • Non-financial pledges possible

Pricing

£650 to £1200 per person per day

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

2 3 7 5 4 8 9 2 5 0 4 1 6 1 9

Contact

Panlogic Limited - Digital Engineering

William Makower

0208 948 5511

william.makower@panlogic.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
None
System requirements
  • Contract
  • Clam-AV anti virus
  • Linux Debian 8 or Ubuntu 16.04 OS
  • PHP 5.5+
  • MySQL 5.5
  • Apache2 or NGINX

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Within the hours of 09:00 and 17:00 (Monday to Friday) excluding UK Bank Holidays and Public Holidays) - extended hours (including 24x7x365) available on request:

Critical issues: Support initiated within 4 core hours from notification
Urgent issues: Support initiated within 12 core hours from notification
Routine issues: Support initiated within 24 core hours from notification
Non-standard maintenance requests: Scheduled promptly and notification of initial analysis and/or action taken (or to be taken) forwarded to the Client within 8 core hours of receipt
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 A
Web chat accessibility testing
Web chat is always an important component to our digital solutions and even more so for Assistive Technology users. We leverage the extensive testing done by market leaders in web chat components such as LiveChat and ZenDesk to ensure this feature meets the required level of compliance. We further ensure the web chat product enables a seamless transition for AT users from the chat experience to the core solution.
Onsite support
Yes, at extra cost
Support levels
Levels & costs depend on agreement.
We can provide a technical account manager.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Self-service on-boarding process
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Word
  • Excel
End-of-contract data extraction
JSON export is possible
End-of-contract process
Included: access to the payment platform
Not included: any bespoke elements

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
None
Service interface
No
API
No
Customisation available
Yes
Description of customisation
Causes
Products
Payment methods
Payment amounts
Organisational information
Option to completely white-label the solution

Scaling

Independence of resources
Real-time resource monitoring & auto-scaling

Analytics

Service usage metrics
Yes
Metrics types
Real-time dashboards
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
No
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
JSON & CSV export
Data export formats
  • CSV
  • Other
Other data export formats
JSON
Data import formats
Other
Other data import formats
N/A

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
99.9%
Approach to resilience
Available on request
Outage reporting
Email alerts

Identity and authentication

User authentication needed
No
Access restrictions in management interfaces and support channels
N/A
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
No audit information available
Access to supplier activity audit information
No audit information available
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Security governance is defined in the SLA. However, responsibility typically for the systems procured via Panlogic lies with the Project Manager, Client Services Director and ultimately one of the Company Directors. Each of the policies that make up the security policy are reviewed annually by the senior staff.

Changes or additions can be proposed at any time by any member of staff, any substantive changes made to any documents will be communicated to all relevant personnel.
Information security policies and processes
Panlogic has the following policies:
-Compliance Policy
-Information Handling Policy
-User Management Policy
-Acceptable Use Policy

Reporting Structure:
William Makower - Director
John Foster-Hill - Director
Designated Project Manager

On a day to day basis its the responsibility of the Project Manager to ensure the policies are set in place and overall its the Directors' responsibility to ensure all policies including HR and data protection are adhered.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Incident change and planned development changes are documented via the Panlogic ticketing system along with User Guide revisions.

Documented changes are recorded in states:
-Current state#
-Transition State
-Future state

These are announced via email and/or blog updates for significant developments.

Source code is maintained in a Git code repository and is tagged for releases, as are database changes.

Deployments of changes are automated using deployment services.
Vulnerability management type
Undisclosed
Vulnerability management approach
Threats are assessed by reviewing log files and traffic abnormalities and identifying non-genuine traffic.

Patches are deployed immediately after an issue is identified. A patch is first developed and tested and then implemented when proven to resolve the issue.

Information regarding threats is collated through social media, github, news groups, dedicated forums relating to the technologies used (e.g. PHP website, MySQL website etc.).
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Third-party tools are used to help gain insight from the server level upwards, to aid in identifying any internal or external incorrect use or abuse.

When a potential compromise is identified resolutions are defined, developed, tested and deployed as soon as possible.

Timings are typically covered within an SLA, but responses start usually from 4 working hours.
Incident management type
Supplier-defined controls
Incident management approach
Any incidents are recorded using Panlogic's ticketing system for tracking, escalation and reporting.

All incidents receive an initial response and then a follow-up with more detail. The timings will be governed by the agreed SLA.

Security breaches will be deemed a 'Level 1: Critical' incident and actioned accordingly.

Following a security incident and/or personnel changes, policies for access to systems are applied.

Security and other 'Level 1: Critical' incidents are notified to the service Project/Account Manager who will in turn notify their equivalent at the client organisation.

FAQs provided online are a 1st-line support option to common issues and questions.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£650 to £1200 per person per day
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Trial and free options available.
Everything is included.
Time period limited by arrangement.

Service documents

Return to top ↑