Idox Software Limited

Local funding and policy information portals

Off-the-shelf, local access, funding and policy portals to support members, students and/or the local business or community sector. Includes Open 4 Business, Open 4 Community and Open 4 Learning.

Features

  • Access to thousands of funding reports
  • Intuitive interface
  • Content rich
  • Funding for Businesses, Funding for the Voluntary and Community Sector
  • One-stop-shop for funding
  • Fully hosted and maintained
  • Funding for students
  • Develop and publish your own supporting content

Benefits

  • Save resources through efficiency
  • Ensure comprehensive awareness of funding landscape for your communities
  • Support local community and business sectors
  • Improve student recruitment and retention
  • Enable your communities and members to self-support

Pricing

£7850 per unit

  • Education pricing available

Service documents

Framework

G-Cloud 11

Service ID

6 6 4 4 6 3 3 9 8 5 3 3 6 8 3

Contact

Idox Software Limited

Lucy Holland

0333 011 1200

frameworks@idoxgroup.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
Standard Maintenance window between 4.00am and 8.00am Thursdays.
System requirements
Web browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
When a support request is received, the customer receives an acknowledgement and a priority level is set against the request dependent on its urgency/impact. Target initial response times are: -
• High priority – one working hour
• Medium priority – four working hours
• Low priority – eight working hours
• Enquiries – 45 working hours.
Support hours are 9am - 5pm Monday to Friday excluding England and Wales Public & Bank Holidays.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Target response/resolution times depend on the priority level of the request, as follows: -
Target response times:
• High – one hour*
• Medium – four hours
• Low – eight hours
• Enquiries – 45 hours
Target resolution times: -
• High – eight hours
• Medium – 18 hours
• Low – 45 hours
• Enquiries – 180 hours
*hour = working hour
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We work with the host organisation to position and re-brand their portal. We also offer support in marketing the offering to the local community.
Service documentation
Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
MS Word
End-of-contract data extraction
We can provide user data in CSV.
End-of-contract process
The organisation subscription expires and the portal can no longer be accessed. User specific data is purged from the system within 1 month of license expiry to comply with GDPR guidelines.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
All functionality & content is accessible on the mobile device versions but the display has been re-ordered for ease of use.
Service interface
Yes
Description of service interface
The service interface is web-based providing content that is accessible through a web browser. The service does not require any additional plug-ins or add-ons to use satisfactorily. The functional capability of the service is driven by server-side Microsoft based web technologies in tandem with client-side JavaScript, utilising HTML and CSS to provide a rich and powerful user experience.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
None or don't know
API
No
Customisation available
No

Scaling

Independence of resources
Our service is used by very large organisations both in the UK and internationally, it is highly robust and performance is not unduly impacted by large volumes of users.

Analytics

Service usage metrics
Yes
Metrics types
Monthly usage stats reports are automatically produced and sent to primary contacts within the host organisation. They show general usage, as well as more granular detail on the sector and activities searched on. Includes: number of visits, average duration, searches run, downloads completed and a range of meta-data about the user (organisation type, area of work, type of project). User polling is also available through this service.
Reporting types
Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Via CSV.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
98% availability per 30 day period
Approach to resilience
Our data centre is Tier 3 and meets all associated standards of resilience. Nighty offsite encrypted backups take place to allow data recovery to new hardware in a DR scenario. Full details available on request.
Outage reporting
Outages are reported via the helpdesk

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Management access is permitted only from internal networks, themselves requiring two factor authentication to access. Access control lists restrict access.
Access restriction testing frequency
At least every 6 months
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
QMS International Limited.
ISO/IEC 27001 accreditation date
26/08/2016
What the ISO/IEC 27001 doesn’t cover
No exclusions
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Although Idox Content is not directly 27001 certified, we follow the guidelines set out for the 12 areas of governance in 27001, which are certified within key sectors of the larger Idox Group. Specifically these areas are: 1. Risk assessment 2. Security policy 3. Organization of information security 4. Asset management 5. Human resources security 6. Physical and environmental security 7. Communications and operations management 8. Access control 9. Information systems acquisition, development and maintenance 10. Information security incident management 11. Business continuity management 12. Compliance Any such policies and procedures are implemented at the group core and executive levels
Information security policies and processes
Idox Software Ltd has an ISO 27001-certified information security management policy that applies to all business functions within the scope of the Information Security Management System and covers the information, information systems, networks, physical environment and people supporting these business functions. Internal audit and information security awareness training is conducted to ensure policies are followed. Risks raise through internal our external audit are reviewed at management meetings by the information security manager the appropriate head of business and a board representative.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
The Service Desk maintains records of each customer’s configuration, enabling the support team to respond proactively to change requests.
All system and application software changes and patches are documented and subject to change control procedures in accordance with PRINCE2. An updated set of documentation is provided with each major release.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We monitor OWASP and other sources for new software vulnerabilities and vulnerability reports, and software patches.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Monitoring tools are used to measure server performance metrics as well as storage and network/bandwidth utilisation. Any potential compromise is raised in line with our security incident reporting procedure.
Incident management type
Supplier-defined controls
Incident management approach
Security incident reporting process summary: incidents or suspected incidents are raised to internal service desk and reviewed by information security manager. They are allocated a risk reference, entered into the information security risk log and tracked until closure. In the case of major incidents a major incident report will be produced..

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£7850 per unit
Discount for educational organisations
Yes
Free trial available
No

Service documents

Return to top ↑