Alcumus Info Exchange Ltd

Alcumus Info Exchange

Alcumus Info Exchange offers a fully configurable software platform, digitising your business processes and presenting them in one manageable solution.

Our platform offers a range of modules including:

• Environmental, health, safety and quality
• Property and Asset Management
• Supply Chain Management
• Corporate Social Responsibility
• Risk Management

Features

  • Real time, consistent data capture on and offline
  • Dynamic, smart forms and offline applications
  • Configurable email reminders, alerts, notifications and escalations
  • Workflow and action management led processes
  • Powerful, transparent reporting and management information
  • Unlimited user access across your organisation
  • Intuitive user interface configured in your organisation’s branding
  • Modular configuration that supports growth with the business
  • Available in multiple languages

Benefits

  • Streamlines processes, replacing multiple systems and creating efficiency
  • Automates manual processes, increase operational efficiency and improve performance
  • Empowers management through increased visibility of vital data
  • Supports smooth, cost effective and successful project delivery
  • Enables trend analysis, mitigating future incidents and costs
  • Enables benchmarking, giving the scope to measure improvement
  • Helps organisations to clearly demonstrate compliance and audit trails
  • Tailored to organisational needs, to foster collaboration across the business
  • Creates a central source of business intelligence

Pricing

£950 per unit

Service documents

Framework

G-Cloud 11

Service ID

4 8 5 0 6 9 3 1 4 8 5 0 4 8 4

Contact

Alcumus Info Exchange Ltd

Sarah Lewis

07598600368

Sarah.lewis@alcumusgroup.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
None
System requirements
Internet browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
The service desk operates during Normal Business Hours (NBH) and Normal Working Days (NWD) which are defined as 8am-6pm Mon to Fri excluding statutory holidays.

All calls into the helpdesk are immediately prioritised and our standard resolution SLA’s are as follows:

Priority 1 (critical) - Response within within 2 NBH.

Priority 2 (average) - Response within 4 NBH.

Priority 3 (low) - Response within 12 NBH.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Access to help-desk support (UK based) Monday-Friday 8-6
Dedicated Account Manager
Access to the above included in Licence Hosting & Help-desk Support Annual Fees
Support available to third parties
Yes

Onboarding and offboarding

Getting started
IEX is designed to allow us to configure intuitive and easy to use on-line systems requiring minimal training for standard users.
Historically most of our clients have found that they do not need comprehensive training packages or documentation. We can cite many large-scale client deployments where there has been virtually no user training required merely notification of the pending change with some outline guidance notes on timing and any change to in-house process or procedures.
However, we do allow for thorough System Administration and Report Builder training workshops as part of the implantation and will also run as required Train the Trainer/User awareness workshops.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Data can be extracted through the search engine and downloaded to CSV files.
End-of-contract process
We return data in a CSV format at an additional cost of £950.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The desktop application is designed to include a responsive UI/UX, facilitating use across tablet and mobile devices.
Additional offline app with capabilities to save draft data on device and synchronise to desktop application at a later date.
Service interface
Yes
Description of service interface
Utilising all capabilities of your internet browser.
Accessibility standards
None or don’t know
Description of accessibility
The application is configurable based on clients' specific requirements.
Accessibility testing
Undertaken several client-led accessibility audits.
API
Yes
What users can and can't do using the API
Users can make use of the API to pull and push data from the application into third-party software systems in real time.
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Users with administrator rights within the IE2 system will have the ability to:

Manage Lookup Lists,
Create Users Accounts,
Create User Groups,
Manage User Access,
Manage Single Sign On Authentication IDs,
Reset Passwords,
Archive User Accounts,
Lock and unlock Accounts,
Assign User Permissions and
View Audit Logs

Scaling

Independence of resources
The architecture of the hosted environment is designed for rapid scalability and performance.

Web and database servers are clustered on virtual machines making scaling of the system straightforward.

Data is stored on dedicated Storage Area Network (SAN) which can be easily scaled to meet growing data requirements. Rackspace SAN is tiered according to speed of data access with database storage configured for optimum performance.

Both Rackspace and Info Exchange continually monitor the system for disk space, memory usage, and CPU and proactively scale up servers or disk space to meet ongoing growth of the system, or introduction of new clients.

Analytics

Service usage metrics
Yes
Metrics types
The Info Exchange system contains a full audit log of all events that take place within the application. Typically this includes:
Archive record
Assign workflow action
Change password
Complete workflow action
Create record
Create user
Delete record
Edit record
Email notification
Login
Logout
Password reset requested
Run report
Run search
Set application permissions
Reporting types
Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users can export data through CSV download via the search engine, or through an automated data extract routine to a client-provided FTP site, or through API.
Data export formats
  • CSV
  • Other
Other data export formats
PDF
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We guarantee 100% up-time of the hosting infrastructure and 99% up-time of the application.
Approach to resilience
Our MSO document is available on request.
Outage reporting
Email alerts to user-base advising of an outages or performance-related issues.

Identity and authentication

User authentication needed
Yes
User authentication
  • Username or password
  • Other
Other user authentication
Info Exchange supports external authentication and integration to a third-party gateway as required.
The recommended authentication process is via Single Sign On through the use of an authenticated gateway access page and secure web services.
Using Single Sign On, a user is authenticated once within the client domain and is then given access to the Info Exchange application with access and authentication controlled by a one-time token that is valid only for the user session and is time bound to expire if not used.
Identity Provider Initiated SAML 2.0 SSO is also available as a configurable option for each exchange.
Access restrictions in management interfaces and support channels
Access only provided to those who require access for the management, development and maintenance of the service. Logins are password authenticated using secure one way encryption methods. Level of access given to each users is dependent on the requirements of their role.
Access restriction testing frequency
At least once a year
Management access authentication
  • Username or password
  • Other
Description of management access authentication
Info Exchange supports external authentication and integration to a third-party gateway as required.
The recommended authentication process is via Single Sign On through the use of an authenticated gateway access page and secure web services.
Using Single Sign On, a user is authenticated once within the client domain and is then given access to the Info Exchange application with access and authentication controlled by a one-time token that is valid only for the user session and is time bound to expire if not used.
Identity Provider Initiated SAML 2.0 SSO is also available as a configurable option for each exchange.

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
09/11/2018
What the ISO/IEC 27001 doesn’t cover
Products and Services
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
ISO 27001 - certificate available on request

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Change requests are submitted via our configuration help-desk, reviewed in light of any security or solution impact. They are then submitted through a change control process before implementing into the live environment.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Alcumus Info Exchange deploy a combination of activities to manage vulnerability, including:
• Annual penetration testing by NCC Group
• Full 24x7 monitoring
• System installation using hardened, patched OS
• Dedicated firewall and VPN services to help block unauthorized system access
• Dedicated Intrusion Detection Devices providing an additional layer of protection against unauthorized system access
• Distributed Denial of Service mitigation services based on proprietary Rackspace PrevenTier™ system
• Fully updated Anti-Virus policies using industry standard Symantec products
• Testing and deployment of security patches to both the OS and infrastructure as well as updates to Windows applications
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
The infrastructure is monitored 24x7 covering networks, firewalls, load balancers, server hardware, operating systems, disk performance, and security. There is an IDS in place via the Alert Logic Threat Manager logging local Security events and these are constantly monitored via the Rackspace BackBone infrastructure team.
Either through annual penetration tests or regular monitoring services.
Potential compromises are investigated for impact and severity, and resolved according to critical priority.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Info Exchange’s security management is led by a Director of the business with the responsibility of monitoring and acting upon any security incidents, and ensuring that Info Exchange continues to meet its security and legislative obligations to clients. More detail on our ISMS and copies of our Information Security Policy and ISO 27001 certificate are available upon request.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£950 per unit
Discount for educational organisations
No
Free trial available
No

Service documents

Return to top ↑