1Tech Limited

Social Platform

1Tech’s Social Platform is an enterprise web platform for building business solutions that deliver immediate results and long-term value. Encompassing Liferay Community Edition, it can be used in multiple ways including: • Web Platform • Collaboration Platform • Social Platform

Features

  • Content & Document Management with Microsoft Office® integration
  • Web Publishing and Shared Workspaces
  • Enterprise Collaboration and Communities
  • Social Networking and Mashups
  • Enterprise Portals and Identity Management
  • Self Service Portals
  • Knowledge Sharing Workspaces
  • Dynamic Web 2.0 Websites
  • Revenue-generating Social Networks
  • Enterprise Application Integrati

Benefits

  • A complete, credible solution with no licensing fees
  • Low total cost of ownership
  • Feature rich robust data model, Indexing and full text search
  • Scalable, flexible open architecture with frequent updates and wide support
  • Active and collaborative development community

Pricing

£3.25 to £6 per licence per month

Service documents

G-Cloud 9

354660118857739

1Tech Limited

Simon Pelling

0845 644 0945

sales@1tech.eu

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to All the other services offered by 1Tech under this framework
Cloud deployment model Public cloud
Service constraints No. Please See our attached Service Definition Document
System requirements Our Solutions are System Agnostic

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We have pre agreed SLA conditions for our service operating at Assured or Elevated Service Level. Please see our attached Service Definition Document for full details.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Onsite support
Support levels We provide two levels of support as detailed in our Service Definition Document attached. The level of direct contact and staff access depends on the number of instances of this service purchased by the client.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We can provide training and support via our Cloud Support Services.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction All data is available at the end of a contract and we can provide a migration service under our Cloud Support offerings.
End-of-contract process At the end of the contract the service will cease and all data will be destroyed. Prior to this a service will be offered to the Client to ascertain what if any information they would like to retain and a programme is established to provide this information to the client via our Cloud Support services.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Users should not experience any difference when using our services from Mobile Devices.
Accessibility standards None or don’t know
Description of accessibility Our Service is accessible to all internet connected users via their browser.
Accessibility testing None
API Yes
What users can and can't do using the API There is a RESTful web service that is provided by the software
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Based on volumes of concurrent requirements our service is totally customisable to the clients requirements and this can be done via our service offerings under GCloud9 - Cloud Support.

Scaling

Scaling
Independence of resources This is guaranteed as the solution provided is a dedicated cloud infrastructure instance of the application and not within a muli-tenant style deployment.

This ensures that all infrastructure resources are contained within a single dedicated virtual machine instance that can only ever be utilised by the customer's users.

Analytics

Analytics
Service usage metrics Yes
Metrics types Service metrics are provided by our analytics dashboard in the Cloud infrastructure offering.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach There are many methods for exporting data from this application to many data formats including: JSON, XML, Excel, CSV, PDF, etc.

Bespoke or tailor data export and migration can also be provided upon request.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • JSON
  • XML
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Please refer to our attached Service Definition Document
Approach to resilience Resilience of the service is provided by the application using application led clustering and failover between a minimum of 2 instances across availability zones / data centres.

If AWS is being used then each separate physical instance would be deployed within a different A/Z.
Outage reporting The service provides a public dashboard for monitoring and reporting. An API is also available that can be integrated to any operations tools. Email alerts are also provided by the monitoring tool when thresholds are reached.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels We use VPN software and provide VPN access to those users that require access to management interfaces and support channels.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 QMS
ISO/IEC 27001 accreditation date 2008
What the ISO/IEC 27001 doesn’t cover All ISO 27001 topics are covered and supported by our services
ISO 28000:2007 certification Yes
Who accredited the ISO 28000:2007 QMS
ISO 28000:2007 accreditation date 2008
What the ISO 28000:2007 doesn’t cover All ISO 28000 topics are covered and provided by the certification.
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes ISO 27001 Information Security Management System. We are ISO 27001 certified.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Configuration and Change Management are performed using stringent techniques with state of the art open source software including:

Source Code Management and Control Service - Gitlab
Continuous Delivery Service - Jenkins
Application Portability - Docker
Release Management - Ansible
Continuous Delivery Service - AWS Codepipeline
Automated Code Deployment Service - AWS CodeDeploy
Project and Issue Tracking - JIRA
Document Collaboration Wiki - Confluence
Test Case Management – TestRail
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach A vulnerability is defined in the ISO 27002 standard as “A weakness of an assetor group of assets that can be exploited by one or more threats”. We use sophisticated technology to identify potential threats to the service. This includes:

-Preparation
-Vulnerability scan - identifies and reports potential risks
-Define remediating actions
-Implement remediating actions
-Rescan

Patches to operating systems are deployed within hours of a security concern. Patches to applications are deployed by standard SLA and incident reporting.

We cannot disclose where we obtain information about potential threats publicly but can do so with clients with appropriate security clearance.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Protective Monitoring process is supported by use of our protective monitoring software which automatically identifies potential compromises. These incidents are reported and addressed within real time in most cases. Some incidents require analysis and may be addressed according to security incident type.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Please refer to our attached Service Definition Document.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £3.25 to £6 per licence per month
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑