Ctrl O

Linkspace

Linkspace enables public sector organisations to manage data around their particular business processes; without the need to invest in bespoke software. Quick to deploy, and accessible from anywhere, it can be easily set-up and customised by your teams as needs evolve. Designed to be secure; suitable for OFFICIAL SENSITIVE data.

Features

  • Easy-to-use, highly versatile, lean, bandwidth-friendly, robust: data management platform
  • Low-cost, rapid-deployment way of setting-up a secure business analytics system
  • Manages any data-driven business processes; responsive design (tablet & mobile)
  • Full audit-trail of data and user activity, meets compliance needs
  • Data visualisation, easy to configure graphs, individual data views
  • Dashboard overview with red-amber-green (RAG) indicators, alerts and approval workflow
  • Economic for small teams; fully-scalable for large, distributed organisations
  • Open source, low-code business process management (BPM) platform
  • Flexible data-analysis tools, calendar, time-line and sync-matrix data view
  • One-step migration alternative to spreadsheets and spreadsheet-based ad-hoc process management

Benefits

  • Fast, agile, iterative cycle: purchase-to-operation, low cost of delivery
  • Data and outcome driven; users empowered to deliver powerful results
  • Quick, flexible, user-configurable, enable focus on outcomes not process
  • User-centric, user-deployed for successful digital transformation, fostering progressive innovation
  • Out-of-the-box, yet customisable in-house without consultant-integrator intervention, low TCO
  • Data integrity assurance; replace spreadsheets weaknesses, de-risk data-capture and management
  • Achieve digital-transformation goals; rapid, affordable Management Information System (MIS) builder
  • User-configurable: reports, views, dashboards, alerts; economical, fast, robust business solution
  • Granular access control to database facilitates evidence-based, auditable GDPR compliance
  • Referenceable, compliance proven, active deployments in MOD and MOJ

Pricing

£0.50 to £7 per user per month

Service documents

G-Cloud 9

300980962631448

Ctrl O

Andy Beverley

020 3474 1200

info@ctrlo.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Our principal infrastructure sub-contractor is UKCloud enabling us to provide a highly-resilient Tier 3 hosting environment. The availability of Linkspace is 99.95% per year. MAINTENANCE WINDOWS | Emergency Maintenance will take place between the hours of 00:00 and 06:00 (UK local time) Monday to Friday or between the hours of Saturday 00:00 to 06:00 (UK local time) on Monday, (including bank holidays) unless there is an identified and demonstrable immediate risk to customer environment(s). We will consider alternative strategies by request, see our Service Definition for additional detail.
System requirements
  • Internet connection
  • Standard browser on desktop, laptop, tablet or smartphone

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Support is 24/7/365 with standard email response within 1 hour
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels SERVICE LEVELS | Ctrl O provides a Response Time Service Level Agreement(SLA). PREMIUM SUPPORT | is included as standard in the G-Cloud per-user subscription price. CUSTOM ENHANCED SUPPORT | can be provided at rates based on the SFIA rate card. Our experience indicates all customers are satisfied with our Premium Support offering.

RESPONSE TIME | The response time depends on the priority of the incident, as follows:
▶ P1 and P2 (no alternative or no acceptable alternative): 1 hour.
▶ P3 (unusable non-critical function having operational impact, workaround available) 24 hours.
▶ P4 (function unusable, workaround available) 24 hours.

TECHNICAL ACCOUNT MANAGER | A technical account manager is allocated to every customer.
CLOUD SUPPORT ENGINEER | Cloud support engineers are pooled and accessed through the help-desk.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started USER-TRAINING | Linkspace is intuitive and easy to use. We provide a number of training and familiarisation modalities to satisfy all needs. The comprehensive user guide is available on-line or as a PDF. The application has context-sensitive help for each view and feature. As the system is configured, help screens and pop-ups are also configured to provide specific end-user guidance. LINKSPACE ACADEMY | On-line training and training videos covering common user-administrator and end user use-cases are in development and will be published during the term of G-Cloud 9. Onsite classroom training for user-administrators, train-the-trainer and end-users is provided as a Cloud Support Service by Ctrl O. ONBOARDING | Simple migration of existing data is achieved by bulk upload of a CSV file, this can be done by Ctrl O (see Service Definition for details) or a user-administrator. A popular approach to onboarding Linkspace is to take a user requirement (a business process) and work with Ctrl O consultants as a Cloud Support Service to train user-administrators and end users as we jointly configure and deploy the application. Full details of Planning, Setup and Migration, Training and Ongoing Support services provided by Ctrl O are provided in Lot 3 "Cloud Support".
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction OFFBOARDING AND DATA EXTRACTION | Migration from the service is easy using our zero-cost offboarding service. If you decide to leave the service you can download your data in a standard format, such as CSV and move it to another product. OPEN SOURCE | As Linkspace is open source a customer on a single-tenant instance of Linkspace (only free-trial instances are multi-tenanted) can arrange with us to be provided a complete system of their instance, including all business logic, audit trail and the ability to look back at historical views of the data at any chosen date and time. (Historical views will not show user-deleted records as these are purged in conformance with data privacy policies. Users may elect to archive non-personal data as an alternative to deletion to preserve this powerful historical audit feature.)
End-of-contract process TERMINATION | Termination can be ordered by the customer in accordance with the relevant terms of the Call-off Contract which typically have been at the discretion of the customer on providing 30 days' notice. At the point of termination, all consumer data, accounts and access will be permanently deleted, and will not be able to be subsequently recovered or restored. Data will be provided to the customer in accordance with the offboarding procedure. There is no charge over and above the normal subscription for this offboarding service. Exceptionally, additional exit Migration and Planning services may be procured from Ctrl O under Lot 3 "Cloud Support".

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service FULL ACCESS to all features is available on tablets and smartphones. Data is presented to users through a feature called VIEWS which are individually configurable by individual users either for themselves, teams or all users (subject to the grant of appropriate permissions). Users may configure their views to optimise the user-experience on their chosen device.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing Linkspace has been rigorously audited and tested to ensure it is compatible with modern web browsers, smartphones, tablets, text only browsers and screen readers. This has enabled Linkspace to achieve and surpass the requirements of the central government ministries where it is deployed. In March 2017 one such Assistive Technology Testing Report performed by government staff as part of a live deployment concluded that the application was one of the best seen in that context. Our onboarding procedures recommend the involvement of internal accessibility champions as part of the deployment and user testing team.
API Yes
What users can and can't do using the API The Linkspace API is available to all Linkspace customers. It provides access to all the data viewing and editing functionality of Linkspace, including: editing records, viewing records, viewing a record's history, and viewing reports. Because Linkspace is a software application with which the majority of interaction is expected to be its extensive data management features, the API does not offer any provisioning or configuration of Linkspace. The API uses HTTPS to create a secure interface, using OAuth2 for authentication. JSON is used to encode the data throughout the API.
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Linkspace has been designed so that users, with appropriate permissions, can configure every aspect of the application. This enables teams to evolve the way data is collected and managed as the business process evolves, without calling-in an integrator or IT department. Eliminating costly and lengthy contractual change-control procedures and putting those who fully understand the desired outcomes in control of the system. Full audit trail, constant backup and historical views of the system together with rigorous permissions controlling who can make changes support user-defined procedures for approving change. This fosters progressive innovation, a key objective of digital transformation. ACCESS CONTROL | Linkspace can be extensively configured to control who has access to what data and features. Create groups, add members to groups, and then define what a group can do. As access to features supporting the powerful customisation facility of Linkspace are governed by this access control, the owner of the business process can define who is responsible for making changes which can be user-tested in a sandbox environment before deployment.

Scaling

Scaling
Independence of resources Linkspace for Government is deployed using a single-tenanted virtual environment from UKCloud. In order to guarantee that customers in one VPS are not affected by the demands from customers in another VPS, UKCloud use resource reservations and shares such as internet bandwidth shaping. The UKCloud capacity planning team ensure that usage in terms of all resources are constantly monitored and increased accordingly relating to user demand. Linkspace itself is very light, using minimal bandwidth for each page displayed.

Analytics

Analytics
Service usage metrics Yes
Metrics types FORENSIC AUDIT TRAIL | All users and user-administrators with the appropriate permission have access to full audit trail in real-time. This can be filtered (say) by user or activity and downloaded. USAGE METRICS | Monthly usage reports are provided automatically.
Reporting types Regular reports

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Physical access control, complying with CSA CCM v3.0
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach DATA EXTRACTION APPROACH | It is a standard feature of Linkspace that all or part of data can be downloaded in CSV format by anyone who has been given appropriate permissions by the user-administrator (a member of the customer team). This download can be made at any time and as frequently as needed. Powerful boolean filters can be employed in the selection of sub-sets of data to enable users to export only the data they want. OPEN SOURCE | We will work with a customer to clone a single-tenant instance of Linkspace with all their data, if requested.
Data export formats
  • CSV
  • Other
Other data export formats Linkspace code is open source, a clone may be created
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability The minimum availability of Linkspace is 99.95% per year. This excludes planned maintenance, which will only take place out of normal business hours at times agreed by the customer. Sometimes maintenance will be required on the UKCloud servers at times outside of our control. If these
times are unacceptable, a customer’s Linkspace instance can be moved to another unaffected server beforehand. A move will require approximately 1 hour of downtime. STANDARD SLA | A Service Level non-conformance event ("SLNC") happens if the service level falls below the stated availability percentage (excluding Planned and Emergency maintenance periods). Consumers will be eligible for service credits on affected services only. Service credits will be calculated as a percentage of the fees for the affected services for the monthly billing period during which the SLNC occurred (to be applied at the end of the billing cycle). Service credit is 5% of the monthly spend. SLNCs directly or indirectly arising from the same cause, event or sequence of events within 72 hours of the earlier SLNC represent a single instance of Service Level non-conformance.
Approach to resilience Snapshot backups are taken every 24 hours and then encrypted and stored in a physically separate data centre provided by an independent provider (Memset). Incremental daily backups are each stored for 4 months, full monthly backups are stored for 12 months. For large deployments, data is also replicated continuously to a second server. In the event of server failure, this allows for virtually no data loss and fast reversion to an alternative server (within 1 hour).
Outage reporting Ctrl O maintains a very close relationship with each customer. In the event of an outage, a customer will be contacted directly to inform them of the issue, provide details and expected times of the rectification, and provide any assistance to mitigate the outage with the customer.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Ctrl O management interfaces for Linkspace are only accessible using indirect bastion hosts, to reduce the external attack vector. Support channels for Linkspace are restricted to only known customers.
Access restriction testing frequency At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BM Trada
ISO/IEC 27001 accreditation date 04/06/2017
What the ISO/IEC 27001 doesn’t cover All the services provided are covered by the certification
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
Information security policies and processes Ctrl O has been built from the day it was incorporated on the fundamental principles of ISO27001. These form the core of everything the company and its employees do. Ctrl O's ISO27001 certification has been independently assessed and certified by BM Trada, a UKAS accredited audit body. Ctrl O is governed by an integrated suite of information security policies. Under the top level Information Security Policy itself are second-level documents with specific focuses, including acceptable use, protection against malicious software, system monitoring, secure development, supply chain management and many others.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Ctrl O has documented configuration and change management policies and processes, which have been implemented, maintained and assessed in accordance with the guidance from ISO27001. Formal configuration management processes are integrated within all Ctrl O's activities, as part of its ISMS policies. A robust, established process for the formal submission of change requests is mandated to ensure that a formal audit trail is maintained.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Ctrl O has a documented vulnerability management policy and process, which has been implemented, maintained and assessed in accordance with its ISO27001 certification. Ctrl O subscribes to vulnerability notifications for all software it operates, assessing each notification, and depending on its severity either deploying during routine updates or at much shorter notice if deemed necessary.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Ctrl O's approach to protective monitoring aligns with the Protective Monitoring Controls (PMC 1-12) outlined in CESG document GPG13 (Protective Monitoring for HMG ICT Systems). It includes checks on time sources, cross-boundary traffic, suspicious activities at a boundary, network connections and the status of backups, amongst many others. All alerts are notified to Ctrl O staff for prompt investigation.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Ctrl O has a documented incident management policy and process, which has been implemented, maintained and assessed in accordance with its ISO27001 certification. This activity is responsible for the progression of alerts generated by automated monitoring systems, issues identified by Ctrl O personnel, and incidents identified and reported to Ctrl O by its customers. All incidents are promptly reported into a central ticketing system, which ensures that each is promptly assigned to an appropriate resource, and its progress tracked (and escalated, as required) to resolution.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • New NHS Network (N3)
  • Joint Academic Network (JANET)

Pricing

Pricing
Price £0.50 to £7 per user per month
Discount for educational organisations No
Free trial available Yes
Description of free trial INCLUDED | All features of Linkspace are included in the free trial. EXCLUDED |Single-tenant instances of Linkspace are not provided automatically in the free trial period but will be considered on request. TIME PERIOD | The standard free trial period is 30 days.
Link to free trial https://CtrlO.com

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑