Panlogic Limited - Digital Engineering

Digital Audit

Four Pillars of Digital Strategy: Design; Content; Functionality; Usability Digital Audit Digital landscape mapping: SWOT Digital transformation Digital strategy Improve profitability Unlock additional revenue Reduce costs Change management Current (as-is) asset/digital channel mapping Mapping real estate to organisational requirements Benchmarking Best practice

Features

  • Four Pillars of Digital Strategy: Design; Content; Functionality; Usability
  • Digital Audit
  • Digital landscape mapping: SWOT
  • Digital transformation
  • Digital strategy
  • Change management
  • Current (as-is) asset/digital channel mapping
  • Mapping real estate to organisational requirements
  • Benchmarking & best practice
  • Design/build & hosting

Benefits

  • Suitable for all public-sector organisations
  • User-friendly, multi-platform (web/tablet/mobile)
  • Management Information/audit
  • Suitable for non-technical users
  • User self-service
  • Four Pillars of Digital Strategy: Design; Content; Functionality; Usability
  • Digital Audit & landscape mapping: SWOT
  • Improve profitability
  • Reduce costs
  • Unlock additional revenue

Pricing

£750 per person per day

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 9

461308420634512

Panlogic Limited - Digital Engineering

William Makower

0208 948 5511

william.makower@panlogic.co.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints None
System requirements
  • Contract
  • Clam-AV anti virus
  • Linux Debian 8 or Ubuntu 16.04 OS
  • PHP 5.5+
  • MySQL 5.5
  • Apache2 or NGINX

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Depends on agreement
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Levels & costs depend on agreement.
We can provide a technical account manager.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Self-service on-boarding process
Service documentation No
End-of-contract data extraction JSON export is possible
End-of-contract process Included: access to the payment platform
Not included: any bespoke elements

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing -
API No
Customisation available Yes
Description of customisation Causes
Products
Payment methods
Payment amounts
Organisational information
Option to completely white-label the solution

Scaling

Scaling
Independence of resources Real-time resource monitoring & auto-scaling

Analytics

Analytics
Service usage metrics Yes
Metrics types Real-time dashboards
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach JSON & CSV export
Data export formats
  • CSV
  • Other
Other data export formats JSON
Data import formats Other
Other data import formats N/A

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 99.9%
Approach to resilience Available on request
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication needed No
Access restrictions in management interfaces and support channels N/A
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information No audit information available
Access to supplier activity audit information No audit information available
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation No
Security governance approach Security governance is defined in the SLA. However, responsibility typically for the systems procured via Panlogic lies with the Project Manager, Client Services Director and ultimately one of the Company Directors. Each of the policies that make up the security policy are reviewed annually by the senior staff.

Changes or additions can be proposed at any time by any member of staff, any substantive changes made to any documents will be communicated to all relevant personnel.
Information security policies and processes Panlogic has the following policies:
-Compliance Policy
-Information Handling Policy
-User Management Policy
-Acceptable Use Policy

Reporting Structure:
William Makower - Director
John Foster-Hill - Director
Designated Project Manager

On a day to day basis its the responsibility of the Project Manager to ensure the policies are set in place and overall its the Directors' responsibility to ensure all policies including HR and data protection are adhered.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Incident change and planned development changes are documented via the Panlogic ticketing system along with User Guide revisions.

Documented changes are recorded in states:
-Current state#
-Transition State
-Future state

These are announced via email and/or blog updates for significant developments.

Source code is maintained in a Git code repository and is tagged for releases, as are database changes.

Deployments of changes are automated using deployment services.
Vulnerability management type Undisclosed
Vulnerability management approach Threats are assessed by reviewing log files and traffic abnormalities and identifying non-genuine traffic.

Patches are deployed immediately after an issue is identified. A patch is first developed and tested and then implemented when proven to resolve the issue.

Information regarding threats is collated through social media, github, news groups, dedicated forums relating to the technologies used (e.g. PHP website, MySQL website etc.).
Protective monitoring type Supplier-defined controls
Protective monitoring approach Third-party tools are used to help gain insight from the server level upwards, to aid in identifying any internal or external incorrect use or abuse.

When a potential compromise is identified resolutions are defined, developed, tested and deployed as soon as possible.

Timings are typically covered within an SLA, but responses start usually from 4 working hours.
Incident management type Supplier-defined controls
Incident management approach Any incidents are recorded using Panlogic's ticketing system for tracking, escalation and reporting.

All incidents receive an initial response and then a follow-up with more detail. The timings will be governed by the agreed SLA.

Security breaches will be deemed a 'Level 1: Critical' incident and actioned accordingly.

Following a security incident and/or personnel changes, policies for access to systems are applied.

Security and other 'Level 1: Critical' incidents are notified to the service Project/Account Manager who will in turn notify their equivalent at the client organisation.

FAQs provided online are a 1st-line support option to common issues and questions.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £750 per person per day
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Trial and free options available.
Everything is included.
Time period limited by arrangement.

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑