Switchstance

Communications Portal

Improved communication with sharing of best practice, news, events and activities in a centralised portal.

1. Ability to add 'themes' / 'categories' to help ensure users get a tailored experience.
2. Library area
3. Network wide discussion forum
4. Event management
5. Email marketing capabilities

Features

  • Themed areas related to 4 sub groups of skills
  • Library area
  • Network wide discussion forum
  • Event management
  • Email marketing capabilities

Benefits

  • Improved communication
  • Improved accessibility
  • Ability to customise of dashboard based on area/s of interest

Pricing

£5000 per unit

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

3 5 3 1 6 5 0 3 9 0 7 6 8 8 7

Contact

Switchstance

Angela Stead

0114 3456 700

hello@switchstance.agency

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints N/A
System requirements
  • Internet access
  • Software licenses

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Email support - will be answered within 24 hours Monday to Friday 8.30am - 5pm.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Support levels are subject to specific SLAs, determined at the point of contract.

Specific costs are dependent on numbers of users.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Onsite and/or online training can be provided.
Service documentation No
End-of-contract data extraction The specifics of the data extraction policy are determined at project commencement, however we provide the option for full CSV data extraction as a minimum.
End-of-contract process The possibilities are broad and varied, dependent on the contract. Customer's requirements are discussed individually.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service In some instances functionality may be reduced on smaller devices where practically necessary.
Service interface No
API Yes
What users can and can't do using the API Simple API allowing data access to third-parties.
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The portal can be matched to a companies branding.

'Areas of interests' can be customised to requirements.

Customisation is done by us.

Scaling

Scaling
Independence of resources The system will be scalable which means resources will be adjusted in order to prevent performance issues caused by quantity of information held within the system. We periodically verify system performance to assure system performance is not affected.

Analytics

Analytics
Service usage metrics Yes
Metrics types Available upon request.
Reporting types Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach On request, we will provide full export of the database as SQL files (from MySQL database), CSV and XLS(X) files.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks Whitelisting or blacklisting IP addresses or ranges as additional security measures.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Specific SLAs would be determined at the point of contract.

Our general are:

Backup of data and off site storage plan:
All databases are backed up daily and back-ups are then kept for 14 days (this can be changed upon request).
All data is stored in manned Data Centres, which are backed up every day.
Additional cross-server backups performed intermittently.

Recovery:
Recovery of data is performed following the identification of which backup point is required by the client. Latest backup point (as outlined above) is always used where any data restore is required.
Restore of previous backup points due to user error must be discussed individually to ascertain an approach acceptable by representatives for each party and may incur additional costs based on required solution.
Recovery of system files is performed using the latest live version of the system.
Any emergency recovery activity is performed to the shortest feasible timeframe, that is, resource will be applied to any issue as soon as it arises.

Support:
Support requests received will receive a response within 24 hours. The clock is stopped over the weekend.
Approach to resilience Available on request.
Outage reporting We would report any service outages through email alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels We manage our infrastructure through AWS Console using AWS Identity and Access Management providing enhanced security. Communication between our computers and AWS Console is performed through secure connection (HTTPS). Every authorised employee has own IAM account protected with 2 Factor Authentication. Connections to our servers through port 22 (SSH) and 3306 (MySQL) are allowed only for whitelisted IPs, connections from other IPs are rejected by firewall.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach ISO 27001, self accessed.
Information security policies and processes We have various documents detailing our Information Security Policy that are available upon request.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Components are managed via locked packaged files, these inform the system what version of components are being used. We receive notifications from services about potential issues and we assess whether to upgrade. Most use Semver (semantic versioning) - the system only upgrades necessary system upgrades and we assess others.
Vulnerability management type Supplier-defined controls
Vulnerability management approach All systems (including infrastructure hosting those systems) are scanned for vulnerabilities on regular basis. Any issues reported during a scan are fixed immediately. We're monitoring CVE (Common Vulnerabilities and Exploits) database maintained by NIST for any new vulnerabilities and verify if they affect our systems. Patches to software affected by new vulnerabilities are applied within 24 hours.
Protective monitoring type Supplier-defined controls
Protective monitoring approach For our systems we have audit trail logging every action. When user logs in from unknown IP notification is sent to our team. If we suspect this might be a potential compromise we block traffic from that IP on firewall and start investigating the source of compromise. Actions are performed immediately after receiving the notification. We also monitor changes to core files of our systems and notify the team when it happens, so we can action immediately in case of malicious actions. The rest of our process is available upon request, including monitoring AWS Console access and monitoring servers.
Incident management type Supplier-defined controls
Incident management approach Users have the ability to report incidents, which we will then create a ticket in the system for, categorise and set a priority level for. The tickets will then be dealt with accordingly. Once issue has been resolved, we will contact the client via telephone or email explaining the issue and how we resolved this.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £5000 per unit
Discount for educational organisations Yes
Free trial available Yes
Description of free trial It is a test version of the system in order to get a better feel for the software.

Service documents

Return to top ↑