Box-it provide fully integrated outsourced document management services ranging from offsite document storage to digital hosting via Omnidox our award winning Cloud based EDM solution by scanning paper and microfilm documents.
- Access document from anywhere or restrict to specific IP address
- Document Retention Policy control
- User Administration - Roles & Permissions new users & password
- Allows for home working or remote site working
- Either alert or delet expired records by document type
- Approve documents for processing ie. Invoices for payment
- Self administer for immediate change and saving money
- Documents can be accessed simultaneously and shared easily
- Frees up office space
- Increases productivity and improves efficency
- Safeguards (back-up) critical business information previously restricted to single copy
£346.53 per licence per month
- Pricing document
- Skills Framework for the Information Age rate card
- Service definition document
- Terms and conditions
Bramble Hub Limited
+44 (0) 2077350030
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Service constraints||Designed for use on a Windows Browser we support, Microsoft Internet Explorer (ideally version 9 or above), Google Chrome, Firefox.|
|System requirements||Adobe Viewer installed on desktop (Preferably version X or XI)|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Suppoort tickets are graded by severity
Level 1 system cant be operated / accesses within 2 hours
Level 2 system accessible but perfomance is slow 4 hours
Level 3 all other questions within 24 hours
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Standard Support - As standard We target a response within 1 hour of reciept. We will provide telephonic & email support operating on a Monday to Friday basis (excluding UK public holidays) between the hours of 08:00 to 18:00 with 1st line telephonic support provided by our in-house Customer Services Team.
Technical Support is undertaken by our in-house IT Support team which is made up of 1st, 2nd & 3rd line analysts with clear escalation paths between each sets of staff. All tasks are tracked on a ticketing system with full access provided to Customer Services to be shared with the client.
On reporting an incident a unique reference number will be allocated.
1. Error Message
2. Performance Issue
4. Login / User Admin
5. Suggested Improvement
The customer will also be asked to provide a full description of the problem. All issues will be dealt as ‘Red – High Priority’ however these may be downgraded following discussions with the customer by our support team. Our support contract will cover all elements of software maintenance,
|Support available to third parties||Yes|
Onboarding and offboarding
Omnidox is simple and intuitive to use and from experience is quickly mastered by users even with basic computer and internet skills. Nonetheless we recognise that people’s abilities to absorb training differs and that’s why our trainers are carefully selected with the right degree of interpersonal skills together with 1st class presentation skills. Omnidox training is delivered on a train the trainer basis in the form of a 1-day training event. The event is split into 2 parts. A half day is devoted to System Administration training. This covers the following: -Using the Security Administration tools e.g. setting rules around password administration
-Administration area to include:
-Administration levels explained.
-Creating roles for Users permissions.
-Activating & locking out Users explained.
-Understanding & Creating Criteria.
-Understanding Help Desk support.
The 2nd part is devoted to user training and covers the following:
-Creating link to Omnidox & Logging in.
-Search area to include:
-Wild card searching.
-Use of Viewing tools.
-Use of Print functions.
-Use of the Desktop upload.
-Using the Indexing functions.
-Handling orphaned documents.
-Handling the Expired Documents work-queues.
-Accessing MI Reports.
|End-of-contract data extraction||
At the end of the contract users can request the data to be extracted. Box-it will work with the user to develop an Exit Plan. The Images and documents are stored in industry standard format and can be exported to an agreed format and specification to meet the users replacement supplier.
This will be dealt with as a separate project and quoted on a time and material basis to an agreed project time line once the output specification has been agreed.
|End-of-contract process||At the end of the contract we develop an exit plan and work with the user to export the data in a usable format on a time and materials basis.After the specification is signed off we will provide a fixed price proposal.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||No|
|What users can and can't do using the API||We can use web-services for system to system integration - However this is bespoke to each implementation.|
|API sandbox or test environment||No|
|Independence of resources||We use a combination of in-house developed monitoring software and monitoring dashboards provided by 3rd party providers .Omnidox in monitored constantly for presence and performance by the support team. To maintain performance where new services are spun up if demand requires.|
|Service usage metrics||Yes|
|Metrics types||Omnidox performance matrix measures service uptime and retrieval time. On a monthly basis we provide billing reports with the following detail: Users – number of named users enrolled onto the system / Functionality – which of the optional modules / Storage – GB of volume stored|
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Supplier-defined controls|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider|
|Protecting data at rest||Physical access control, complying with another standard|
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||Bulk back scanning would be done at our centre in Winchester and we handle the image upload. Occasional desktop upload is completed using the desktop upload functionality. Pre-populated data for example approved supplier list update, purchase order data or any other regular feed can be imported into our system for validation and indexing or exported into line of business or ERP system by Secure File Transfer Protocol or Virtual Private network.|
|Data export formats||
|Data import formats||
|Data protection between buyer and supplier networks||Legacy SSL and TLS (under version 1.2)|
|Data protection within supplier network||Other|
|Other protection within supplier network||To access any data on our network all users need to authenticate against our domain active directory, only then can any data be access if the user has the appropriate permissions.|
Availability and resilience
Omnidox is provided as a fully managed service. Box-it therefore includes responsibility for system availability in respect of infrastructure components provided by Box-it including but not limited to:
Hosting environment -
Operating System -
Security Software -
Database Software -
EDM Application(s) -
Data Backups -
Box-its connections to the Internet -
Technical Disaster Recovery -
Technical & Help Desk Support -
System Availability -
Excluding any pre-notified maintenance periods, Box-it will ensure availability in any fixed 3 calendar month period will be no less than;
Service Availability Period 1: - Between the hours of 09.00 to 17.00 UK time Monday to Friday - not less than 99.8%
Service Availability Period 2: - Between the hours of 0.00 to 09.00 and 17.00 to 24.00 UK time Monday to Friday – not less than 99.8%
Service Availability Period 3: - Between the hours of 0.00 Saturday and 24.00 UK time Sunday - not less than 98.0%
|Approach to resilience||
BCP and DR procedures are aimed at maintaining as comprehensive a service delivery to clients as possible whilst ensuring staff are not endangered in so doing in the event of a catastrophe or other disaster is of paramount importance to Box-it.
The aim of this plan is to prepare the business to cope with the effects of an emergency and build confidence in client partnerships of this ability. The types of emergencies that this plan covers includes the following:
Organised and/or Deliberate Disruptions,
Loss of Utilities and Services,
Equipment or System Failure,
Serious Information Security Incidents
Other Emergency situations.
The site at Winchester is covered by a fallback generator that kicks in 10 seconds after electrical power failure and all servers (and workstations in operations) are protected by UPS.
All key servers are duplicated on site.
Mirrored site: All servers are replicated at a 3rd Party data centre - Currently manually enabled but by the end of 2017 this will be automatically switched over should the primary site fail.
Two separate internet connections are in place these enter the facility from different locations.
Our DR plan also details recovery to a new site in the event of total loss.
|Outage reporting||Our Customer Services teams will notify users of any scheduled maintenance or any unplanned outages.|
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||We can restrict to specific IP address.|
|Access restrictions in management interfaces and support channels||
1st line support is handled by our customer services team. The customer services team has the same permissions as the user Administrator. All access is controlled by user name and password permission and all access is logged.
2nd 3rd and 4th line support has a dedicated super administrator account. This is on an as needs basis and the control of this account is by user name and password and all access is audited
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Certified by Intertek - Certificate number ISMS1796-02|
|ISO/IEC 27001 accreditation date||03/12/2013 recent renewal 20/01/2017|
|What the ISO/IEC 27001 doesn’t cover||Nothing|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
Box-it has certification in ISO 27001:2013 – Information Security Management Systems (ISMS), ISO 9001:2008 – Quality Management Systems; ISO 14001:2004 Environmental Management systems and ISO BIP0008 – Evidential Weight of Information Stored Electronically along with other industry related ISO accreditations and applies these standards to all works undertaken for document scan processes, along with our archive and destruction services.
Box-it routinely places its staff on Awareness programs and training courses for all related requirements in the work place and regular refresher courses are carried out to ensure operating staff are fully aware of all privacy and legislation when processing client documentation.
Our systems and CCTV routinely register all activity within the Box-it complex and incident reporting protocols has allowed Box-it to be incident free for over 25 years.
Box-it takes very seriously the security & integrity of personal data, either in storage or in process and have developed security standards based upon appropriate risk assessments, industry expectations and in Pre-
accordance with our Data Protection Policy and our Information Security Policy.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Change requests are raised, these are managed by the Change Manager role, all requests need to have supporting information, such as change request date (needs to at least 7 days before implementation), change description, if testing performed, implementor, backout plan, etc, the change is then reviewed a CAB. There is an Emergency Change process which is approved by Senior Management.|
|Vulnerability management type||Undisclosed|
|Vulnerability management approach||We do not currently perform vulnerability testing, this is something we will be looking to implement in the futur|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||We have monitoring software in place to alert us of any impending issues, tickets are raised and escalated as necessary to resolve issues. Issues are responded to within a set criteria depending on their impact.|
|Incident management type||Supplier-defined controls|
|Incident management approach||Our clients report issues to our Customer Services team, who then raise a ticket on our Service Desk system. These tickets are given a priority which is used to determine how the issue will be dealt with by the Service Desk team. Our Service Desk system can be used to create reports.|
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||Yes|
|Connected networks||Health and Social Care Network (HSCN)|
|Price||£346.53 per licence per month|
|Discount for educational organisations||No|
|Free trial available||No|