Improved communication with sharing of best practice, news, events and activities in a centralised portal.
1. Ability to add 'themes' / 'categories' to help ensure users get a tailored experience.
2. Library area
3. Network wide discussion forum
4. Event management
5. Email marketing capabilities
- Themed areas related to 4 sub groups of skills
- Library area
- Network wide discussion forum
- Event management
- Email marketing capabilities
- Improved communication
- Improved accessibility
- Ability to customise of dashboard based on area/s of interest
£5000 per unit
- Education pricing available
- Free trial available
3 5 3 1 6 5 0 3 9 0 7 6 8 8 7
0114 3456 700
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Email support - will be answered within 24 hours Monday to Friday 8.30am - 5pm.|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Support levels are subject to specific SLAs, determined at the point of contract.
Specific costs are dependent on numbers of users.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||Onsite and/or online training can be provided.|
|End-of-contract data extraction||The specifics of the data extraction policy are determined at project commencement, however we provide the option for full CSV data extraction as a minimum.|
|End-of-contract process||The possibilities are broad and varied, dependent on the contract. Customer's requirements are discussed individually.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||In some instances functionality may be reduced on smaller devices where practically necessary.|
|What users can and can't do using the API||Simple API allowing data access to third-parties.|
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||
The portal can be matched to a companies branding.
'Areas of interests' can be customised to requirements.
Customisation is done by us.
|Independence of resources||The system will be scalable which means resources will be adjusted in order to prevent performance issues caused by quantity of information held within the system. We periodically verify system performance to assure system performance is not affected.|
|Service usage metrics||Yes|
|Metrics types||Available upon request.|
|Reporting types||Reports on request|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Physical access control, complying with SSAE-16 / ISAE 3402|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||On request, we will provide full export of the database as SQL files (from MySQL database), CSV and XLS(X) files.|
|Data export formats||CSV|
|Data import formats||CSV|
|Data protection between buyer and supplier networks||
|Other protection between networks||Whitelisting or blacklisting IP addresses or ranges as additional security measures.|
|Data protection within supplier network||
Availability and resilience
Specific SLAs would be determined at the point of contract.
Our general are:
Backup of data and off site storage plan:
All databases are backed up daily and back-ups are then kept for 14 days (this can be changed upon request).
All data is stored in manned Data Centres, which are backed up every day.
Additional cross-server backups performed intermittently.
Recovery of data is performed following the identification of which backup point is required by the client. Latest backup point (as outlined above) is always used where any data restore is required.
Restore of previous backup points due to user error must be discussed individually to ascertain an approach acceptable by representatives for each party and may incur additional costs based on required solution.
Recovery of system files is performed using the latest live version of the system.
Any emergency recovery activity is performed to the shortest feasible timeframe, that is, resource will be applied to any issue as soon as it arises.
Support requests received will receive a response within 24 hours. The clock is stopped over the weekend.
|Approach to resilience||Available on request.|
|Outage reporting||We would report any service outages through email alerts.|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||We manage our infrastructure through AWS Console using AWS Identity and Access Management providing enhanced security. Communication between our computers and AWS Console is performed through secure connection (HTTPS). Every authorised employee has own IAM account protected with 2 Factor Authentication. Connections to our servers through port 22 (SSH) and 3306 (MySQL) are allowed only for whitelisted IPs, connections from other IPs are rejected by firewall.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||ISO 27001, self accessed.|
|Information security policies and processes||We have various documents detailing our Information Security Policy that are available upon request.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Components are managed via locked packaged files, these inform the system what version of components are being used. We receive notifications from services about potential issues and we assess whether to upgrade. Most use Semver (semantic versioning) - the system only upgrades necessary system upgrades and we assess others.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||All systems (including infrastructure hosting those systems) are scanned for vulnerabilities on regular basis. Any issues reported during a scan are fixed immediately. We're monitoring CVE (Common Vulnerabilities and Exploits) database maintained by NIST for any new vulnerabilities and verify if they affect our systems. Patches to software affected by new vulnerabilities are applied within 24 hours.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||For our systems we have audit trail logging every action. When user logs in from unknown IP notification is sent to our team. If we suspect this might be a potential compromise we block traffic from that IP on firewall and start investigating the source of compromise. Actions are performed immediately after receiving the notification. We also monitor changes to core files of our systems and notify the team when it happens, so we can action immediately in case of malicious actions. The rest of our process is available upon request, including monitoring AWS Console access and monitoring servers.|
|Incident management type||Supplier-defined controls|
|Incident management approach||Users have the ability to report incidents, which we will then create a ticket in the system for, categorise and set a priority level for. The tickets will then be dealt with accordingly. Once issue has been resolved, we will contact the client via telephone or email explaining the issue and how we resolved this.|
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£5000 per unit|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||It is a test version of the system in order to get a better feel for the software.|