Alcumus Info Exchange Ltd

Alcumus Info Exchange

Alcumus Info Exchange offers a fully configurable software platform, digitising your business processes and presenting them in one manageable solution.

Our platform offers a range of modules including:

• Environmental, health, safety and quality
• Property and Asset Management
• Supply Chain Management
• Corporate Social Responsibility
• Risk Management

Features

  • Real time, consistent data capture on and offline
  • Dynamic, smart forms and offline applications
  • Configurable email reminders, alerts, notifications and escalations
  • Workflow and action management led processes
  • Powerful, transparent reporting and management information
  • Unlimited user access across your organisation
  • Intuitive user interface configured in your organisation’s branding
  • Modular configuration that supports growth with the business
  • Available in multiple languages

Benefits

  • Streamlines processes, replacing multiple systems and creating efficiency
  • Automates manual processes, increase operational efficiency and improve performance
  • Empowers management through increased visibility of vital data
  • Supports smooth, cost effective and successful project delivery
  • Enables trend analysis, mitigating future incidents and costs
  • Enables benchmarking, giving the scope to measure improvement
  • Helps organisations to clearly demonstrate compliance and audit trails
  • Tailored to organisational needs, to foster collaboration across the business
  • Creates a central source of business intelligence

Pricing

£950 per unit

Service documents

G-Cloud 11

485069314850484

Alcumus Info Exchange Ltd

Toby South

07799 895493

toby.south@alcumusgroup.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints None
System requirements Internet browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times The service desk operates during Normal Business Hours (NBH) and Normal Working Days (NWD) which are defined as 8am-6pm Mon to Fri excluding statutory holidays.

All calls into the helpdesk are immediately prioritised and our standard resolution SLA’s are as follows:

Priority 1 (critical) - Response within within 2 NBH.

Priority 2 (average) - Response within 4 NBH.

Priority 3 (low) - Response within 12 NBH.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Access to help-desk support (UK based) Monday-Friday 8-6
Dedicated Account Manager
Access to the above included in Licence Hosting & Help-desk Support Annual Fees
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started IEX is designed to allow us to configure intuitive and easy to use on-line systems requiring minimal training for standard users.
Historically most of our clients have found that they do not need comprehensive training packages or documentation. We can cite many large-scale client deployments where there has been virtually no user training required merely notification of the pending change with some outline guidance notes on timing and any change to in-house process or procedures.
However, we do allow for thorough System Administration and Report Builder training workshops as part of the implantation and will also run as required Train the Trainer/User awareness workshops.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Data can be extracted through the search engine and downloaded to CSV files.
End-of-contract process We return data in a CSV format at an additional cost of £950.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The desktop application is designed to include a responsive UI/UX, facilitating use across tablet and mobile devices.
Additional offline app with capabilities to save draft data on device and synchronise to desktop application at a later date.
Service interface Yes
Description of service interface Utilising all capabilities of your internet browser.
Accessibility standards None or don’t know
Description of accessibility The application is configurable based on clients' specific requirements.
Accessibility testing Undertaken several client-led accessibility audits.
API Yes
What users can and can't do using the API Users can make use of the API to pull and push data from the application into third-party software systems in real time.
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Users with administrator rights within the IE2 system will have the ability to:

Manage Lookup Lists,
Create Users Accounts,
Create User Groups,
Manage User Access,
Manage Single Sign On Authentication IDs,
Reset Passwords,
Archive User Accounts,
Lock and unlock Accounts,
Assign User Permissions and
View Audit Logs

Scaling

Scaling
Independence of resources The architecture of the hosted environment is designed for rapid scalability and performance.

Web and database servers are clustered on virtual machines making scaling of the system straightforward.

Data is stored on dedicated Storage Area Network (SAN) which can be easily scaled to meet growing data requirements. Rackspace SAN is tiered according to speed of data access with database storage configured for optimum performance.

Both Rackspace and Info Exchange continually monitor the system for disk space, memory usage, and CPU and proactively scale up servers or disk space to meet ongoing growth of the system, or introduction of new clients.

Analytics

Analytics
Service usage metrics Yes
Metrics types The Info Exchange system contains a full audit log of all events that take place within the application. Typically this includes:
Archive record
Assign workflow action
Change password
Complete workflow action
Create record
Create user
Delete record
Edit record
Email notification
Login
Logout
Password reset requested
Run report
Run search
Set application permissions
Reporting types Regular reports

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users can export data through CSV download via the search engine, or through an automated data extract routine to a client-provided FTP site, or through API.
Data export formats
  • CSV
  • Other
Other data export formats PDF
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability We guarantee 100% up-time of the hosting infrastructure and 99% up-time of the application.
Approach to resilience Our MSO document is available on request.
Outage reporting Email alerts to user-base advising of an outages or performance-related issues.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Username or password
  • Other
Other user authentication Info Exchange supports external authentication and integration to a third-party gateway as required.
The recommended authentication process is via Single Sign On through the use of an authenticated gateway access page and secure web services.
Using Single Sign On, a user is authenticated once within the client domain and is then given access to the Info Exchange application with access and authentication controlled by a one-time token that is valid only for the user session and is time bound to expire if not used.
Identity Provider Initiated SAML 2.0 SSO is also available as a configurable option for each exchange.
Access restrictions in management interfaces and support channels Access only provided to those who require access for the management, development and maintenance of the service. Logins are password authenticated using secure one way encryption methods. Level of access given to each users is dependent on the requirements of their role.
Access restriction testing frequency At least once a year
Management access authentication
  • Username or password
  • Other
Description of management access authentication Info Exchange supports external authentication and integration to a third-party gateway as required.
The recommended authentication process is via Single Sign On through the use of an authenticated gateway access page and secure web services.
Using Single Sign On, a user is authenticated once within the client domain and is then given access to the Info Exchange application with access and authentication controlled by a one-time token that is valid only for the user session and is time bound to expire if not used.
Identity Provider Initiated SAML 2.0 SSO is also available as a configurable option for each exchange.

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 09/11/2018
What the ISO/IEC 27001 doesn’t cover Products and Services
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes ISO 27001 - certificate available on request

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Change requests are submitted via our configuration help-desk, reviewed in light of any security or solution impact. They are then submitted through a change control process before implementing into the live environment.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Alcumus Info Exchange deploy a combination of activities to manage vulnerability, including:
• Annual penetration testing by NCC Group
• Full 24x7 monitoring
• System installation using hardened, patched OS
• Dedicated firewall and VPN services to help block unauthorized system access
• Dedicated Intrusion Detection Devices providing an additional layer of protection against unauthorized system access
• Distributed Denial of Service mitigation services based on proprietary Rackspace PrevenTier™ system
• Fully updated Anti-Virus policies using industry standard Symantec products
• Testing and deployment of security patches to both the OS and infrastructure as well as updates to Windows applications
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach The infrastructure is monitored 24x7 covering networks, firewalls, load balancers, server hardware, operating systems, disk performance, and security. There is an IDS in place via the Alert Logic Threat Manager logging local Security events and these are constantly monitored via the Rackspace BackBone infrastructure team.
Either through annual penetration tests or regular monitoring services.
Potential compromises are investigated for impact and severity, and resolved according to critical priority.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Info Exchange’s security management is led by a Director of the business with the responsibility of monitoring and acting upon any security incidents, and ensuring that Info Exchange continues to meet its security and legislative obligations to clients. More detail on our ISMS and copies of our Information Security Policy and ISO 27001 certificate are available upon request.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £950 per unit
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑