Ctrl O

Linkspace Private Cloud

Linkspace Private Cloud is the secure Business Process Management (BPM) platform for individual public sector organisations wanting to deploy on private infrastructure. It enables rapid development of business systems putting users in control of outcomes and fostering progressive operational innovation. A 12-month, 200-user, minimum order applies only for Private Cloud.

Features

  • Secure and intuitive, specifically-designed for public-sector, highly-versatile data management tool
  • Low-cost, rapid-deployment way of setting-up a secure business analytics system
  • Manages any data-driven business processes; responsive design (tablet & mobile)
  • Full audit-trail of data and user activity, meets compliance needs
  • Data visualisation, easy to configure graphs, individual data views
  • Dashboard overview with red-amber-green (RAG) indicators, alerts and approval workflow
  • Economic for small teams; fully-scalable for large, distributed organisations
  • Open source, low-code business process management (BPM) platform
  • Flexible data-analysis tools, calendar, time-line and sync-matrix data view
  • One-step migration alternative to spreadsheets and spreadsheet-based ad-hoc process management

Benefits

  • Fast, agile, iterative cycle: purchase-to-operation, low cost of delivery
  • Data and outcome driven; users empowered to deliver powerful results
  • Quick, flexible, user-configurable, enable focus on outcomes not process
  • User-centric, user-deployed for successful digital transformation, fostering progressive innovation
  • Out-of-the-box, yet customisable in-house without consultant-integrator intervention, low TCO
  • Real-time single version of the truth, accessible from anywhere
  • Achieve digital-transformation goals; rapid, affordable Management Information System (MIS) builder
  • User-configurable: reports, views, dashboards, alerts; economical, fast, robust business solution
  • Granular access control to database facilitates evidence-based, auditable GDPR compliance
  • Collect, manage and securely share large datasets between many users

Pricing

£5 to £15 per user per month

Service documents

G-Cloud 9

634117412549865

Ctrl O

Andy Beverley

020 3474 1200

info@ctrlo.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints This Private Cloud deployment of Linkspace is designed to fulfill the specific needs of customers wishing to deploy on infrastructure under their control. We will work with customers to develop specific maintenance and support plans through our Lot 3 Cloud Support offering. We will comply with your infrastructure procedures and protocols so issues such as maintenance windows cannot be expressed without some engagement. Being open source, Linkspace is suitable for most infrastructure configurations.
System requirements
  • Internet connection
  • Standard browser on desktop, laptop, tablet or smartphone

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Support is 24/7/365 with standard email response within 1 hour
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels SERVICE LEVELS | Ctrl O provides a Response Time Service Level Agreement(SLA) which requires remote access to the Linkspace instance being supported. If this is not possible a custom enhanced support plan and package needs to be adopted (see below) PREMIUM SUPPORT | is included as standard in the G-Cloud per-user subscription price. CUSTOM ENHANCED SUPPORT | can be provided at rates based on the SFIA rate card. Our experience indicates all customers are satisfied with our Premium Support offering.

RESPONSE TIME | The response time depends on the priority of the incident, as follows:
▶ P1 and P2 (no alternative or no acceptable alternative): 1 hour.
▶ P3 (unusable non-critical function having operational impact, workaround available) 24 hours.
▶ P4 (function unusable, workaround available) 24 hours.

TECHNICAL ACCOUNT MANAGER | A technical account manager is allocated to every customer.
CLOUD SUPPORT ENGINEER | Cloud support engineers are pooled and accessed through the help-desk.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started USER-TRAINING | Linkspace is intuitive and easy to use. We provide a number of training and familiarisation modalities to satisfy all needs. The comprehensive user guide is available on-line or as a PDF. The application has context-sensitive help for each view and feature. As the system is configured, help screens and pop-ups are also configured to provide specific end-user guidance. LINKSPACE ACADEMY | On-line training and training videos covering common user-administrator and end user use-cases are in development and will be published during the term of G-Cloud 9. Onsite classroom training for user-administrators, train-the-trainer and end-users is provided as a Cloud Support Service by Ctrl O. ONBOARDING | For Private Cloud deployments all onboarding and offboarding services are provided as a Cloud Support Service under Lot 3. A popular approach to onboarding Linkspace is to take a user requirement (a business process) and work with Ctrl O consultants as a Cloud Support Service to train user-administrators and end users as we jointly configure and deploy the application. Full details of Planning, Setup and Migration, Training and Ongoing Support services provided by Ctrl O are provided in Lot 3 "Cloud Support".
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction OFFBOARDING AND DATA EXTRACTION | All offboarding services for Private Cloud deployments are delivered under our Cloud Support Service at the rates specified in Lot 3. If you decide to leave the service you can download your data in a standard format, such as CSV and move it to another product. DATA DELETION | As Private Cloud infrastructure is not under our control, it is the responsibility of the customer to manage appropriate data deletion procedures.
End-of-contract process TERMINATION | Termination can be ordered by the customer in accordance with the relevant terms of the Call-off Contract. At the point of termination, all consumer data, accounts and access will be permanently deleted, and will not be able to be subsequently recovered or restored. Data will be provided to the customer in accordance with the offboarding procedure. All offboarding plans for Private Cloud need to be defined by customer and Ctrl O in setting-up the service and will be executed as a paid for service under Lot 3 "Cloud Support". There is a minimum contract term of 12 months for procuring Private Cloud, no equivalent restriction applies to Linkspace's public cloud platform.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service FULL ACCESS to all features is available on tablets and smartphones. Data is presented to users through a feature called VIEWS which are individually configurable by individual users either for themselves, teams or all users (subject to the grant of appropriate permissions). Users may configure their views to optimise the user-experience on their chosen device.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing Linkspace has been rigorously audited and tested to ensure it is compatible with modern web browsers, smartphones, tablets, text only browsers and screen readers. This has enabled Linkspace to achieve and surpass the requirements of the central government ministries where it is deployed. In March 2017 one such Assistive Technology Testing Report performed by government staff as part of a live deployment concluded that the application was one of the best seen in that context. Our onboarding procedures recommend the involvement of internal accessibility champions as part of the deployment and user testing team.
API Yes
What users can and can't do using the API The Linkspace API is available to all Linkspace customers. It provides access to all the data viewing and editing functionality of Linkspace, including: editing records, viewing records, viewing a record's history, and viewing reports. Because Linkspace is a software application with which the majority of interaction is expected to be its extensive data management features, the API does not offer any provisioning or configuration of Linkspace. The API uses HTTPS to create a secure interface, using OAuth2 for authentication. JSON is used to encode the data throughout the API.
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Linkspace has been designed so that users, with appropriate permissions, can configure every aspect of the application. This enables teams to evolve the way data is collected and managed as the business process evolves, without calling-in an integrator or IT department. Eliminating costly and lengthy contractual change-control procedures and putting those who fully understand the desired outcomes in control of the system. Full audit trail, constant backup and historical views of the system together with rigorous permissions controlling who can make changes support user-defined procedures for approving change. This fosters progressive innovation, a key objective of digital transformation. ACCESS CONTROL | Linkspace can be extensively configured to control who has access to what data and features. Create groups, add members to groups, and then define what a group can do. As access to features supporting the powerful customisation facility of Linkspace are governed by this access control, the owner of the business process can define who is responsible for making changes which can be user-tested in a sandbox environment before deployment.

Scaling

Scaling
Independence of resources Linkspace for public cloud is deployed using a single-tenanted virtual environment from UKCloud. In order to guarantee that customers in one VPS are not affected by the demands from customers in another VPS, UKCloud use resource reservations and shares such as internet bandwidth shaping. The UKCloud capacity planning team ensure that usage in terms of all resources are constantly monitored and increased accordingly relating to user demand. Linkspace itself is very light, using minimal bandwidth for each page displayed. Private Cloud infrastructure is under customer's control, we can work with customer to achieve similar standards as a Lot 3 service.

Analytics

Analytics
Service usage metrics Yes
Metrics types FORENSIC AUDIT TRAIL | All users and user-administrators with the appropriate permission have access to full audit trail in real-time. This can be filtered (say) by user or activity and downloaded. USAGE METRICS | Monthly usage reports are provided automatically.
Reporting types Regular reports

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Other
Other data at rest protection approach For Private Cloud the infrastructure is controlled by customer, we will work with customer to deploy protection of data at rest according to their specification. Any necessary configuration being provided under our Lot 3 Cloud Support Service.
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach DATA EXTRACTION APPROACH | It is a standard feature of Linkspace that all or part of data can be downloaded in CSV format by anyone who has been given appropriate permissions by the user-administrator (a member of the customer team). This download can be made at any time and as frequently as needed. OPEN SOURCE | We will work with a customer to clone a single-tenant instance of Linkspace with all their data, if requested as a Cloud Support Service under lot 3.
Data export formats
  • CSV
  • Other
Other data export formats Linkspace code is open source, a clone may be created
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability For Private Cloud the infrastructure is under customer control, we have no means to manage the level of service provision.
Approach to resilience For public cloud deployments, snapshot backups are taken every 24 hours and then encrypted and stored in a physically separate data centre provided by an independent provider (Memset). Incremental daily backups are each stored for 4 months, full monthly backups are stored for 12 months. For large deployments, data is also replicated continuously to a second server. In the event of server failure, this allows for virtually no data loss and fast reversion to an alternative server (within 1 hour). We will work with customers deploying private cloud instances of Linkspace to achieve similar or alternative procedures under our Cloud Support Service (Lot 3).
Outage reporting The management of a Private Cloud infrastructure is controlled by the customer.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Ctrl O management interfaces for Linkspace are only accessible using indirect bastion hosts, to reduce the external attack vector. Support channels for Linkspace are restricted to only known customers. Customers' policies in their controlled infrastructure may differ.
Access restriction testing frequency At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BM Trada
ISO/IEC 27001 accreditation date 04/06/2017
What the ISO/IEC 27001 doesn’t cover All the services provided are covered by the certification
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
Information security policies and processes Ctrl O has been built from the day it was incorporated on the fundamental principles of ISO27001. These form the core of everything the company and its employees do. Ctrl O's ISO27001 certification has been independently assessed and certified by BM Trada, a UKAS accredited audit body. Ctrl O is governed by an integrated suite of information security policies. Under the top level Information Security Policy itself are second-level documents with specific focuses, including acceptable use, protection against malicious software, system monitoring, secure development, supply chain management and many others.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Ctrl O has documented configuration and change management policies and processes, which have been implemented, maintained and assessed in accordance with the guidance from ISO27001. Formal configuration management processes are integrated within all Ctrl O's activities, as part of its ISMS policies. A robust, established process for the formal submission of change requests is mandated to ensure that a formal audit trail is maintained. Operational security in customer controlled infrastructure may differ according to customer defined policies and protocols. Ctrl O can provide advice or comply under Lot 3 Cloud Support Services.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Ctrl O has a documented vulnerability management policy and process, which has been implemented, maintained and assessed in accordance with its ISO27001 certification. Ctrl O subscribes to vulnerability notifications for all software it operates, assessing each notification, and depending on its severity either deploying during routine updates or at much shorter notice if deemed necessary. Operational security in customer controlled infrastructure may differ according to customer defined policies and protocols. Ctrl O can provide advice or comply under Lot 3 Cloud Support Services.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Ctrl O's approach to protective monitoring aligns with the Protective Monitoring Controls (PMC 1-12) outlined in CESG document GPG13 (Protective Monitoring for HMG ICT Systems). It includes checks on time sources, cross-boundary traffic, suspicious activities at a boundary, network connections and the status of backups, amongst many others. All alerts are notified to Ctrl O staff for prompt investigation. Operational security in customer controlled infrastructure may differ according to customer defined policies and protocols. Ctrl O can provide advice or comply under Lot 3 Cloud Support Services.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Ctrl O has a documented incident management policy and process, which has been implemented, maintained and assessed in accordance with its ISO27001 certification. This activity is responsible for the progression of alerts generated by automated monitoring systems, issues identified by Ctrl O personnel, and incidents identified and reported to Ctrl O by its customers. All incidents are promptly reported into a central ticketing system, which ensures that each is promptly assigned to an appropriate resource, and its progress tracked to resolution. Operational security in customer controlled infrastructure may require custom compliance which is achieved under Lot 3 Cloud Support .

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • New NHS Network (N3)
  • Joint Academic Network (JANET)
  • Other

Pricing

Pricing
Price £5 to £15 per user per month
Discount for educational organisations No
Free trial available Yes
Description of free trial FREE TRIAL | is only available on the Public Cloud. INCLUDED | All features of Linkspace are included in the free trial. EXCLUDED |Single-tenant instances of Linkspace are not provided automatically in the free trial period but will be considered on request. TIME PERIOD | Free trial is 30 days.
Link to free trial https://CtrlO.com

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑