Intelogy Limited

COLIN ® as a Service (Press Office collaboration software)

COLIN® is a secure online collaboration tool specifically designed for use by UK Government Press Offices. It benefits press officers by providing accurate up to date information to external requests from media outlets; an audit trail of all conversations with the Press; and increases efficiency amongst the Media team.

Features

  • Real-time data collaboration of press office data
  • Advanced searching of press office records
  • Remote access via secure authentication to press office info
  • Auto-compilation of daily forecast records
  • Contacts library of journalists for regular interactions.
  • Virus scanning of uploaded assets
  • Advanced Media Office task management
  • Azure AD integration

Benefits

  • Rapid secure storage and retrieval of interactions with journalists.
  • Centralised management of call logs, interview bids, forecasts and more.
  • Advanced collaboration features.
  • Workflow management for press officers providing accurate and consistent lines.
  • Simple user interface - no training required.
  • Mobile device optimised.
  • Evergreen design - multiple free updates throughout contract.
  • Used by vast majority of UK central government media offices.

Pricing

£10 to £88 per licence per month

Service documents

Framework

G-Cloud 11

Service ID

2 5 3 7 0 3 1 6 6 3 0 6 7 6 9

Contact

Intelogy Limited

Andrew Tomlins

02037473506

andrew.tomlins@intelogy.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Being a cloud service, the system relies on access to the internet. All modern browsers are supported .

For multi-factor authentication, access to a mobile phone, office phone or the Microsoft Authenticator app is required.
System requirements
  • Each user must have purchase a separate COLIN license.
  • Each user must have a modern web browser.
  • Each user must have access to the internet.
  • User needs a secondary form of authentication (mobile, phone, app).

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our help desk operates on UK Office hours only. Our response times are based on the following priority levels (as defined by the ticket raiser):
P1 – (Urgent) - 2 hours response;
P2 – (High) - 4 hours response;
P3 – (Normal) - 10 hours response;
P4 – (Low) - 10 hours response times.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Onsite support
Support levels
We provide UK Office Hours support as per below:
P1 – (Urgent) - 2 hours response;
P2 – (High) - 4 hours response;
P3 – (Normal) - 10 hours response;
P4 – (Low) - 10 hours response times.

We provide a technical account manager and a cloud support engineer as part of the response team.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
- on site workshop / demo (free if within the M25, otherwise travel expenses charged) OR up to 2 x remote webinar sessions to on board users.
- "Quick start guide" for new users.
- early access to a free demo site for user familiarisation
Service documentation
No
End-of-contract data extraction
All data is stored in a SQL database and a backup can be provided OR a CSV files with associated attachments can also be provided.
End-of-contract process
At the end of the contract, the customer is offered an extract of the stored data (in SQL format) and then the instance of the system will be deleted from the hosting platform. There is no cost for this service.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Rich text editing of items such as forecasts is not possible via the mobile client.
Service interface
No
API
No
Customisation available
Yes
Description of customisation
There is customisation of default templates for various types of records throughout the system.
There is customisation of the portal homepages.
Buyers can configure the use of various types of records as required.

Scaling

Independence of resources
The system is designed so that all types of scaling are possible. Other instances of the system are stored on different Azure VM servers and therefore other clients should not affect the specific organisation contracted to use COLIN. If more resources are required then higher performance ratings can be applied to the service. The application has been designed so that that throttling of requests is controlled so that one user's request does not block another user's processes.

Analytics

Service usage metrics
Yes
Metrics types
A monthly or weekly report of data is provided to the system owners.
Reporting types
Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
At the end of the contract, the customer is offered an extract of the stored data in SQL format or CSV
Data export formats
CSV
Data import formats
  • CSV
  • Other
Other data import formats
XML

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We mirror Microsoft Azure's availability guarantee and will directly pass on any refunds provided by Microsoft if service levels fall below their publicly stated levels (99.9%).
https://azure.microsoft.com/en-gb/support/legal/sla/summary/
Approach to resilience
The Microsoft Azure platform provides a 14 day restore to point in time.
Further information is available on request.
Outage reporting
The following is available to us:
- a public dashboard https://azure.microsoft.com/en-gb/status/
- an API
- email alerts

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Management interfaces are limited to select users only (defined as "Senior Managers" and Intelogy support staff).

Support channels are limited to the same subset of people.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users receive audit information on a regular basis
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Less than 1 month

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
07/02/2017
CSA STAR certification level
Level 2: CSA STAR Attestation
What the CSA STAR doesn’t cover
The certification covers the underlying Azure platform but not the application.
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
We hold Cyber Essentials certification as an organisation.
We are working towards ISO27001 standard, therefore all our security governance procedures are aligned to that. We set up all our systems on a least trust basis so only people who need access are provided it and only to the level required. Only a small subset of staff have admin access. Our support staff have undergone background checks by a third party (DBS).
Information security policies and processes
We are working towards ISO27001 accreditation so we adopt the "Plan-Do-Check-Act" (PDCA) model, which is applied to all Information Security Management Systems (ISMS).

We have a set of policies defined at a Board level and all staff are contracted to follow them. They are available via our internal ISMS and any breeches of policies should be reported to our Operations Director who will decide on the course of action. Our policies are reviewed and adapted annually. All changes are highlighted to staff via internal meetings.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All changes are applied via standard processes. i.e.

A set of potential changes are assessed for inclusion in a point release of a new version. Assessment of risk, value to the end users, technical feasibility and complexity are taken into account and changes batched into priorities as a result. Changes are conducted on an internal development environment and tested with pre-defined scripts. The changes to application or configuration are then deployed by an authorised platform administrator to a staging environment, tested and signed off by a product manager, before repeating the process on a production environment in Azure.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Intelogy have configured the service through Azure Security Center to have constant monitoring and logging turned on for all nodes (web VMs and databases).

Any high priority threats are notified to our platform team instantly and action will be taken if possible and applicable at the soonest opportunity.

In addition, customers can access the following public status page:
https://azure.microsoft.com/en-gb/status
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Yes, we have a defined process for common events:

5.2 Detection

* Identification and reporting of the incident.

* Incident details must be captured.

* Categorization of incident.

* Classify the incident. High, Medium, Low

* Identification of stakeholder who all should be involved for managing the incident

5.3 Response

* Preventive action of the incident minimize the re-occurrence of the incident

* Corrective Action

5.4 Analysis

* Data collection

* Root Cause Analysis of the incident

5.5 Report

* Preventive action of the incident minimize the reoccurrence of the incident

* Learning communicated to either whole organisation and stakeholders
Incident management type
Supplier-defined controls
Incident management approach
Users can report incidents via phone, email and the helpdesk service.

Detection

* Identification and reporting of the incident.

* Incident details must be captured.

* Categorization of incident.

* Classify the incident. High, Medium, Low

* Identification of stakeholder who all should be involved for managing the incident

Response

* Preventive action of the incident minimize the re-occurrence of the incident

* Corrective Action

Analysis

* Data collection

* Root Cause Analysis of the incident

Report

* Preventive action of the incident minimize the reoccurrence of the incident

* Learning communicated to either whole organisation and stakeholders

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£10 to £88 per licence per month
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
A full version of the system is available to each organisation after an initial qualification discussion for a period of 6 weeks.
Link to free trial
Demo version of site available on request

Service documents

Return to top ↑