Quant Network

Overledger SaaS - DLT/Blockchain Operating System

Overledger is cloud-based Enterprise DLT operating system, that connects to many DLTs and other API based systems. It exposes their combined functionality through a single API and allows coordinated transactions and business processes to happen across all the connected DLTs and API based systems.

Features

  • Overledger supports powerful multi-DLT applications (mApps)
  • Quant ID - Multi-chain and interoperable meta-identity
  • Simple and fast to develop against using our REST API
  • Our connector framework to connect any DLT or traditional system
  • Cross Chain Atomic Swaps
  • Treaty Contracts – Multi-chain smart contracts even on DLTs
  • Zero-Knowledge Proof – Safely protect data on public networks
  • Securely bridge Permissioned to Permissionless DLTs

Benefits

  • Start using Blockchain with just 3 lines of code
  • Have choice, interoperability, flexibility and not be locked-in
  • Avoid buying additional infrastructure
  • Comply to security and regulation
  • Use existing technical skills and resources
  • Start in less than 8 minutes

Pricing

£1 a unit a year

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 12

Service ID

3 6 5 6 4 4 1 2 7 5 0 4 4 4 7

Contact

Quant Network

Gilbert Verdian

02038589833

contact@quant.network

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
N/A
System requirements
  • 12 virtual machines as minimum requirements
  • Medium spec VMs with 16GB RAM, 250GB Disk
  • Node servers as required per DLT. 64GB RAM 1TB Disk
  • Linux (Redhat, Ubuntu or equivalent)
  • Kubernetes

User support

Email or online ticketing support
Email or online ticketing
Support response times
8am-6pm Business Hours (UK)
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AAA
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), 7 days a week
Web chat support accessibility standard
WCAG 2.1 AAA
Web chat accessibility testing
We use Zendesk's support web chat.
Onsite support
Yes, at extra cost
Support levels
Standard Support
- included for 8am-6pm (UK)

Enhanced Support
- 7am-12am midnight (UK)
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We help onboard clients who buy the Overledger platform. We provide online training and documentation to get started.

We also provide workshops to understand and walkthrough their use cases.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
All their data can be exported from their dedicated database at end of contract.
End-of-contract process
The AWS instance of Overledger is decommissioned. The steps are to export their data (logs, transactions history etc) to the client and then start the decommissioning of their VPC

Using the service

Web browser interface
No
Application to install
Yes
Compatible operating systems
Linux or Unix
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Overledger publishes a standard API which is accessible to all devices and endpoints.
Service interface
No
API
Yes
What users can and can't do using the API
Overledger API
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Determining which internal and external DLTs and Blockchains they wish to connect to.

Scaling

Independence of resources
We have dedicated infrastructure for clients, which is solely used by that client. All scaling is done using horizontal and vertical scaling using elastic computing and kubernetes containers to scale as needed based on usage and load.

Analytics

Service usage metrics
Yes
Metrics types
We provide realtime reporting on the number of transactions, usage, volume to all our clients.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
All transactions and data are written to a mongodb database. The user's data can be exported as needed at any time.
Data export formats
  • CSV
  • Other
Other data export formats
  • Database format
  • Entire backup of database
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We deliver 99.99% in line with AWS availability and SLAs. Service Credits will be provided if we don't meet guaranteed levels of availability.

We can also deliver higher requirements as needed by scaling on multi-cloud infrastructure.
Approach to resilience
Available on request, leveraging AWS datacentre resilience.
Outage reporting
We report outages publicly using Statusupdate.io and client notifications through:
- a public dashboard
- an API
- email alerts

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Support channels are only accessible by internal staff, who have to VPN into a management network using multi-factor authentication and access the areas of the platform they are responsible for.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
EY CertifyPoint
ISO/IEC 27001 accreditation date
18 November 2010
What the ISO/IEC 27001 doesn’t cover
Services that do not use the following AWS technology:
https://aws.amazon.com/compliance/iso-certified/
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
20 April 2020
CSA STAR certification level
Level 3: CSA STAR Certification
What the CSA STAR doesn’t cover
The areas not covered in: https://d1.awsstatic.com/whitepapers/compliance/CSA_Consensus_Assessments_Initiative_Questionnaire.pdf
PCI certification
Yes
Who accredited the PCI DSS certification
Coalfire Systems, Inc.
PCI DSS accreditation date
31 Jul 2020
What the PCI DSS doesn’t cover
https://aws.amazon.com/compliance/services-in-scope/
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
• Vendor Management
• Organization of Information Security
• Human Resource Security
• Network
• Security Policy, Standards and Procedures
• Physical and Environmental Security
• Vulnerability Management
• Key Management (KMS)
• Access Control
• Information Systems Development and Maintenance
• Risk Assessment and Management
• Information Security Incident Management
• Business Continuity and Disaster Recovery

Policies apply to all users. This includes staff, consultants, contractors or vendors (whether temporary or permanent) who have access to the technology.

Every employee is onboarded and the policies explained and accepted.
We undergo security awareness training with online examinations and reporting for compliance.

We undergo phishing assessments regularly and inform staff about the latest threats.

Our CEO was previously working for HM Treasury, Downing St, MoJ heading up Security for HMG and then for the Bank of England as the CISO for the UK's payment infrastructure run by Vocalink.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
We use the tools available in AWS to track the services used and their lifecylce. Complemented with realtime reporting on configuration, application and infrastructure performance and health of the systems.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
The underlying cloud infrastructure (hypervisor and below) is managed by AWS. The operating systems and up, is managed and scanned regularly identity and patches and vulnerabilities which may be present. We conduct weekly and monthly patching cycles to keep the OS and applications up to date.
Finally, we conduct internal and external vulnerability assessments and pen tests to our infrastructure to identify and potential weaknesses to address.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
We conduct internal and external vulnerability assessments and pen tests to our infrastructure to identify and potential weaknesses to address.

We have perimeter, internal and external monitoring in place from firewalls, web applications firewalls, internal operating systems and databases events that are all monitored into a single logging instance. We have realtime alerting dashboards and notifications when things are flagged. Our team investigate each alert and respond within minutes if it is relevant and significant to invoke our incident response plans.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
We have realtime alerting dashboards and notifications when things are flagged. Our team investigate each alert and respond within minutes if it is relevant and significant to invoke our incident response plans.

We have pre-defined processes to investigate common events based on criticality and risk. The company receives realtime alerts through our common messaging systems, including slack and inform our leadership (CEO/CTO) of any escalations within minutes.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£1 a unit a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
We provide a trial licence for 30-90 days depending on the client's need. It provides full access to the Overledger platform and all its features.

Service documents

Return to top ↑