RAiDiAM Services Limited

Raidiam Connect

An Identity, API and Authentication accelerator platform designed to help orchestrate any identity end to end solution to provide a range of benefits when implementing trust frameworks and opening opportunities in the Connected API economy.

Features

  • Can be white-labelled and Branded appropriately (with Raidiam reference)
  • Reduces the Implementation time of Identity and API platforms
  • Provides 'Out of the Box' Consent services
  • Provides example policies for Open APIs
  • Access and Identity Management (inc. Multi Factor)
  • Available on web or mobile
  • Data model compatibility
  • Integrates with Certificate Authorities
  • Microservices to facilitate ecosystem management of identities
  • Real-time notifications of security (Identity) events

Benefits

  • Accelerator for implementing Identity Access Management Platforms
  • User centric platform for selecting Authentication journey
  • Provides an enablement platform for Open API economy
  • Pulls API Gateways, Identity Platforms and trust frameworks together
  • Opens the path for supporting Zero Trust ecosystems
  • Can be applied to any industry
  • Agnostic to Identity and Authentication providers
  • Utilises Devops provisioning techniques to accelerate multi location deployments
  • Can assist with opening additional markets within connected economy

Pricing

£100 to £200 a unit an hour

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@raidiam.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

2 9 4 7 4 7 0 6 7 7 3 4 8 3 4

Contact

RAiDiAM Services Limited Ralph Bragg
Telephone: 07890130559
Email: info@raidiam.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Raidiam Connect is a trust framework and identity platform enabler/accelerator. It is designed to leverage your existing investments to speed up the end to end integration and exposing of services across Web, Mobile and API channels through Identity Platforms to maximise the use of the connected economy.
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
Raidiam Connect requires an outline view of the API channels that reside on the current architecture.

As delivered, there are no specific service constraints associated with Raidiam Connect. Considerations for service are related to the buyers risk appetite to cloud protection and resilience. Though Raidiam Connect can be manually or auto-scaled, this will be dependent upon the buyer set-up.

As detailed on the service requirement, the main consideration is to run Raidiam Connect with sufficient compute capacity available on the respective instances used to run the full stack.
System requirements
  • Set-up of two Availability Zones
  • 2x t2.medium instance for storage
  • 2x t2.medium instance for fine grained access
  • 2x t2.medium instance for coarse grained access
  • 2x t2.medium instance for federation services
  • Minimum of 8gb of memory on each node
  • Software licenses for third-party products
  • Leverages Cloud native services, best practice and associated costs

User support

Email or online ticketing support
Yes, at extra cost
Support response times
For 'live service' we are happy to operate a service desk with first response SLAs (e.g within 15 to 30 minutes). This service will be with primary objective of returning the environment to an operational level. For general questions that do not have a live service impact, then we are still happy to provide a ticketing system for declared users, and agree a reasonable time (e.g. Within 3 hours). For weekend support, with prior notice, this can be supported with an additional 'on-call' premium
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
£150 per hour for remote support.
£1,000 per day for on-site Identity
Product specialist £1,600 per day for on-site specialist, architectural or design support.

Depending on the size of the ask from the user, Raidiam would be able to provide an ongoing support team with account management. This would be subject to a full analysis of a request in order that the right terms are made available to meet demand and expectations.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Depending upon the requirement of the user, the help provided will range from providing instructions of how to use the web interface through to the setting up of onsite training walk-throughs in a train the trainer format
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
The associated APIs are available to the buyer and as such provide the mechanism for data extraction when and where necessary.

We can also provide a full data extract in a portable bulk file format as required.
End-of-contract process
There are a few options with respect to what happens at the end of an agreement. 1. Removal of the Raidiam Connect service, leaving a set of guidelines for replacement 2. Should the user want to retain Raidiam Connect, this can be licensed via additional agreement, charged annually 3. Further to [2] there is the possibility to set-up a support agreement to provide ongoing support for a live service. Note: This would be as a third line support model rather than providing incident management support.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
There is no demonstrable difference in the function on desktop or mobile. The web interface has been designed to be fully responsive to maximise the experience of the user on a mobile device; including tablets.
Service interface
No
API
Yes
What users can and can't do using the API
Raidiam Connect trust framework is designed around API first principles. It is possible and preferred for buyers to leverage this API to integrate with their existing management process and technology.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • PDF
  • Other
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
In essence the web interface can be white-labelled (with credit and a Raidiam Connect logo) to be skinned in the buyers colour palette and with logo.

The interface is customised with all available mechanisms for authentication that are used by the buyer. These are added to the Authentication screen and provide single click redirects to the respective authentication service.

The underpinning trust framework services have a completely flexible data model that allows attributes to be easily added as necessary to support the ecosystem under development. It is recognised that every industry is different, with different requirements and accreditations for participating organisations. The trust framework is designed to support extensibly any attributes that are necessary.

Scaling

Independence of resources
Yes, the Raidiam Connect service is modular, loosely coupled and scalable. Each service can be adapted and be scaled independently with no impact to other services. Resiliency and redundancy are baked-in to the configuration as standard.

Analytics

Service usage metrics
No

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Either through API access or on-demand, Raidiam can provide a portable bulk extract in common file format(s)
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
Will require analysis of source to target data analysis

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Availability levels for Raidiam Connect are subject to the buyers approach to scaling and provisioning within AWS instances. SLAs are also subject to the levels that the buyer has signed up to as part of the AWS contract with regards to reserved capacity.
Approach to resilience
Resilience of service is again dependant upon the buyers attitude to resiliency levels within their instance of AWS. Raidiam are happy to consult on best practice in these areas should the need arise.
Outage reporting
These will be via standard monitoring solutions available through AWS and the corresponding dashboards.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication
The authentication provider is 'pluggable' to support numerous multi-factor authentication methods from any provider. In addition, there is also the possibility of creating bespoke solutions to cater for any specific needs not available.
Access restrictions in management interfaces and support channels
N/A
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
The solutions and services that Raidiam provides are all based on regulatory and industry standard protocols for the transfer of data through APIs and Identity platforms. These standards include: - Financial API standard (of which Raidiam are contributing authors to) - OIDC - OAuth2 - Open Banking Standards - Payment Services Directive (PSD2)
Information security policies and processes
As contributing authors to the Financial grade API (FAPI) standards there are a suite of conformance guidelines to which implementations are built against. The regulatory directives and mandates are core tenets to our business and so each resource, solution and advisory service that we deliver is based on deep seated understanding and practical experience in delivering Identity strategy solutions that conform to the regulatory standards and current best practices that the market is subject to.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
From a provisioning standpoint, the configuration management process is driven by one-click deployments through the use of deployment scripting techniques such as Terraform, CloudFormation, Ansible and utilise custom Amazon Machine Images (AMIs) to ensure a repeatable and standard mechanism to be deployed across multiple environments. At the start of engagement, target environments are defined and the configuration baked in to the deployment package. By default, where changes are required, these are resultant in an updated version of the scripts and packages, providing clear audit and recovery positions.
Vulnerability management type
Undisclosed
Vulnerability management approach
The Raidiam Connect solution is deployed on Amazon Web Services (AWS) (or other cloud providers) and as such is governed by the monitoring and detection services that are enabled on the target instance. Where Raidiam Connect is deployed on the buyer instance of AWS (or other cloud provider) recommended levels for monitoring will be provided. In terms of deploying patches for vulnerabilities discovered on Raidiam Connect, these will be fully tested on Raidiam instances before providing updated deployment routines for propagation into live at minimal disruption 'One click' deployments
Protective monitoring type
Undisclosed
Protective monitoring approach
Cloud Watch Alarms are Configured for all unauthorized trafic, We operate an API first only security model, ALL traffic flows through a single location. Our clients have the option of leveraging AI / Traffic Analysis technology to look for malicious behaviour that may not otherwise be detected.
Responses are inline with GDPR processes, notification to ICO should a potential breach involve customer data, notifcation to affected clients.
All access is audited, unauthorized or unsuccessful requests are logged, should they occur more than a configured frequency an alert is genertaed.
Incident management type
Undisclosed
Incident management approach
Through our associated service, we provide (where requested) an operational support desk, where users are provided with a portal where issues and incidents can be logged. On receipt of a Priority 1 ticket, the on-call incident manager will open up the necessary communication channels to collate all required information to troubleshoot the problem. The users are able to monitor and add further details to the tickets as required. To increase access, designated users are set-up as a user group and they can see all tickets raised by the group. Incident reports available as Knowledge Base or email

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£100 to £200 a unit an hour
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@raidiam.com. Tell them what format you need. It will help if you say what assistive technology you use.