IGspectrum Ltd

Secure Infrastructure Platform

Provides the highest level of security to Healthcare Service providers without the cost and timescales involved in developing and commissioning a secure platform for confidential patient data.

Features

  • Secure service which can be deployed quickly and effectively
  • Fully compliant with regulations including DoH and IGSOC2 (IG Toolkit)
  • Protected by periodic penetration testing – see IGsecurity service
  • Hosted at secure facilities managed by experienced BS27001 accredited staff
  • 100% guaranteed network and infrastructure uptime
  • Delivery partners are world leaders in hosting, computing and security
  • HSCN Connection available

Benefits

  • Uptime guarantee ensures that your database is always available
  • Hosted configuration meets your required service levels and subsequent dependencies
  • Cost effective
  • Availability requirements can be satisfied
  • Annual cyber-security test
  • Help desk during normal working hours
  • 24/7 Help Desk available
  • Maintenance and enhancment services available
  • Capacity management included

Pricing

£9,600 to £20,000 a unit a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul.gillot@igspectrum.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

5 6 2 7 8 3 5 0 7 8 8 6 2 5 7

Contact

IGspectrum Ltd Paul Gillot
Telephone: 07774 929 823
Email: paul.gillot@igspectrum.com

Service scope

Service constraints
There are no constraints
System requirements
There are no system requirements. PaaS built to your requirements

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 1 hour on working days – 4 hours at weekends
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
The support is generally available during the standard working day and is chargeable. Special arrangements can be accommodated and are also chargeable.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide initial support to determine PaaS requirements free of charge to include processor, disk, memory, resilience, software, operating system and security requirements. Once the PaaS is configured we hand-hold through the testing and migration process. Additional early life support is provided to ensure smooth running of the service.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
We work with the user to provide an extract in the most common formats. If any other formats are required we can look to satisfy these. When data has been extracted we provide a certificate of destruction if required.
End-of-contract process
Extract in a standard format - no charge
Extract in a non-standard format - price on application
Destruction of data and certificate of same - no charge
Destruction of applications etc. - no charge
Movement of data and or applications to a third party - price on application

Using the service

Web browser interface
No
API
No
Command line interface
No

Scaling

Scaling available
Yes
Scaling type
Automatic
Independence of resources
We are alerted to excessive resource usage and can scale resources if needed.
Usage notifications
Yes
Usage reporting
  • Email
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • Memory
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
No
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Virtual machines
  • Databases
  • Storage devices
  • Dedicated servers
Backup controls
Back-ups can be configured to meet user's requirements - there maybe an additional charge.
Standard back-ups take place on a periodic basis - no charge
Datacentre setup
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre with multiple copies
  • Single datacentre
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
99.99% assured by independent validation of assertion; contract determines any refunds if availability levels are not met
Approach to resilience
Available on request
Outage reporting
Via Email alerts or by other means if required and available.

Identity and authentication

User authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication
OTP
Access restrictions in management interfaces and support channels
We can satisfy any user requirement access management and restriction.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Description of management access authentication
OTP
Devices users manage the service through
  • Dedicated device on a government network (for example PSN)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
21/10/2009
What the ISO/IEC 27001 doesn’t cover
No exclusions
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
31/12/2009
CSA STAR certification level
Level 5: CSA STAR Continuous Monitoring
What the CSA STAR doesn’t cover
No exclusions
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
SSAE ISAE
Information security policies and processes
IG Statement of Compliance

IG Toolkit Level 2

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Full lifetime tracking is deployed. No changes are made without a full security assessment.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
All existing and new treat types are evaluated and if necessary the appropriate action is taken.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Threat detection and prevention require a combination of people, process, and security experts who monitor, analyse, and alert any incidents on a 24x7 basis. Threat intelligence is monitored to provide continuous protection for your sensitive data.

A full plan is in place to respond to any real or potential compromise. This plan can be initiated at any time on a 24/7 basis.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Pre-defined processes exist.

Users report to the service desk.

Incident reports are provided as needed.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
VMware
How shared infrastructure is kept separate
VMware and database segregation.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
Rackspace maintains the ISO14001 certification on the system which we use. This certification is on the Rackspace website here: https://www.rackspace.com/en-gb/compliance/iso which requires them to manage their environmental performance, including energy and waste management, in a systematic way equivalent to the related EU Code of Conduct above by setting environmental objectives

Pricing

Price
£9,600 to £20,000 a unit a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul.gillot@igspectrum.com. Tell them what format you need. It will help if you say what assistive technology you use.