Assessmint Limited

Assessmint Secure Data Exchange Portal

Assessmint Secure Data Exchange Portal provides an online, cloud-based secure data exchange portal for secure requests for and transfer of data between organisations and 3rd parties.
Create a global secure data and file collection portal to repeatably gather critical business information (facts, documents, spreadsheets, data files, from customers/employees/suppliers.

Features

  • Secure data exchange and collection
  • Rapidly deployed cloud solution with secure online conversations
  • Assessment assignment, progress-chasing and close down
  • Dynamic reporting with data exploration and analysis capabilities
  • Push data to a secure “landing point” in your company
  • Creation and management of assessment contributors
  • Secure document store for all relevant documents
  • Multiple graphical outputs
  • Platform can be delivered as a fully managed service

Benefits

  • Device and platform agnostic solution
  • Quickly and securely gather business critical information
  • Single and accessible repository for analysis of baseline information
  • Customisable Vendor and Contract categories for continual improvement
  • Rapidly deployed so available immediately

Pricing

£1000 to £3000 per instance per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 10

251893878111632

Assessmint Limited

Justin Mullen

07710 482520

justin@assessmint.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints 24 hour planned availability with planned 1 maintenance window per fortnight / Core hours 0830-1800 with no planned downtime / 99.5% availability target.
System requirements
  • A reasonable internet connection speed is required
  • Browser based access (IE7 or later, Safari, Chrome, Firefox)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Support response times

Platform is 24x7, core operational support from 0830 – 1800, Monday to Friday. Can be extended by prior agreement.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels There is one support level included with the purchase of the product which includes online, email and phone support during 0830-1800 Monday through Friday. Additional support can be negotiated on a case by case basis. We provide a technical account manager.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Onsite Training, Online training and documentation.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction A core part of the Assessmint technology provides an import/export facility that customers can use at any time.
End-of-contract process We commit to provide an open and fast way of customer data extraction (“off-boarding”). A core part of the Assessmint technology provides an import/export facility that customers can use at any time. For all other data items we will provide data extracts in Microsoft Excel, Microsoft SQL or comma separated file formats, as preferred by the customer. There will be no charge for these type of extracts – other requested formats may however have a charge. We commit to purge all such customer’s data at termination point. We will not expect to help with the migration to other systems, but if requested may charge for this service at normal rates in the SFIA document.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None
Accessibility standards None or don’t know
Description of accessibility There is little or no non-text content within the product. There is no video content.
Accessibility testing We have not tested interfacing with assistive technology.
API Yes
What users can and can't do using the API Everything that can be done with the user interface
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Users can customise the views of the assessment results and base-lines. They can customise the Vendor and Contract categories. They can customise the assessment templates and the emails to support the assessment process. They can customise the assessment questions, gradings, styles, definitions, labels, recommendations, reports and dashboards.

Scaling

Scaling
Independence of resources Services separation and services management separation is assured by assurance of service design.

Analytics

Analytics
Service usage metrics Yes
Metrics types Service availability and usage.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach A core part of the Assessmint technology provides an import/export facility that customers can use at any time.
Data export formats
  • CSV
  • Other
Data import formats
  • CSV
  • Other

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability 99.5, assured by contractual commitment
Approach to resilience Available on request
Outage reporting Email alerts or dashboards

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels There are separate levels of permission for read, update and administrative rights on each individual piece of data. Permissions can be set to groups of users or to individuals. Different classes of users are supported, such as account administrators, normal users and survey contributors, each of which has different access to functions within the system. This maintains the principle of least privilege.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach TO BE DONE
Information security policies and processes All access to the system uses encrypted HTTPS, to ensure that information cannot be intercepted. All user accounts are password protected, all passwords are encrypted. User creation and management is delegated to the Customer. User management includes the creation of new users, user disable/enable, and user deletion. Data is partitioned by organization, and data can only be shared within the organization. Even within an organization, data is only available to the person who created it, or those to whom they have granted permission. This protection extends to all methods of access to the system, including administrative tools within the system and the secure web service interface. There are separate levels of permission for read, update and administrative rights on each individual piece of data. Permissions can be set to groups of users or to individuals. Different classes of users are supported, such as account administrators, normal users and survey contributors, each of which has different access to functions within the system. This maintains the principle of least privilege. All errors and updates within the system are logged to allow investigation.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach The system keeps backup copies of the database and can restore these to revert all data to the moment before the upgrade. Selective reversion of specific features is much harder; the most practical course of action in almost all cases is to fix the issue(s). The solution is hosted by a major hosting provider based in the London area, directly connected to LINX (the London Internet Exchange). This affords excellent bandwidth availability via multiple Tier 1 Internet Service Providers, alongside high volume sites serving the UK such as Google, Yahoo and bbc.co.uk.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our London-based hosting provider performs regular vulnerability assessments and penetration testing. The hosting provider provides automated Microsoft Security Patching. The hosting provider provides alerts for potential threats.
Protective monitoring type Undisclosed
Protective monitoring approach Our London based hosting provider performs regular monitoring and response. The hosting provider provides instant emergency response by text or email.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach At agreed intervals, our account managers meet with their clients to review the accumulated log of any reported incidents, so that progress can be tracked, queries raised and dealt with, and a high level of understanding of the client’s needs grown and maintained. Users can report incidents either by phone or email. Incident reports are provided by email or via an agreed upon shared hosting platform.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £1000 to £3000 per instance per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Full access to the system for 10 working days or more as required.

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑