Objective Corporation Limited

Objective Connect

Secure content and process sharing for Digital Government. Objective Connect enables government organisations to securely create Workspaces with external partner organisations. With ISO27001 accreditation and hosted in 3+ AWS UK zones, many public-sector organisations are using Connect as their only tool for external secure content sharing and collaboration.

Features

  • Information Governance
  • Integration with Common Line of Business Systems
  • Social Collaboration
  • Comprehensive Administration, Auditing & Reports
  • Secure File & Document Management
  • Task & Process Management
  • Native Mobile Apps

Benefits

  • Connects Multi-Organisational Business Process & Services
  • Maintains Governance Outside of the Firewall
  • Empowers True Digital Transformation
  • Unique & Very Cost Effective Commercial Model
  • High User Adoption
  • Low Cost of Management
  • Minimises the Impact of Change

Pricing

£3,000 a unit a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mat.graves@objective.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

6 7 5 1 6 2 0 4 0 6 6 6 1 8 0

Contact

Objective Corporation Limited Mat Graves
Telephone: +44 (0)118 2072300
Email: mat.graves@objective.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
HPE Content Manager (TRIM)
Objective ECM
Cloud deployment model
  • Public cloud
  • Community cloud
Service constraints
Outlined in Objective Connect terms and conditions and Objective Connect Support Handbook
System requirements
Any modern browser or Internet Explorer 11+

User support

Email or online ticketing support
Email or online ticketing
Support response times
Standard Support and Premium Support are available dependent upon edition.
Online Incident creation available 24/7 -
Other support channels available Mon-Friday during Business Day Hours 8am-6pm
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
No
Support levels
Objective Connect support services are based on standard support and premium support. PREMIUM SUPPORT Premium Support customers receive all the elements Standard Support plus the following: • Up to four (4) named Support Contact accounts • Access by Support Contacts to telephone support on Business Days between 8am and 6pm where the customer is located; • Incident Priority Definitions and Incident Response and Resolution Targets (see Section 8); • Incident resolution, escalation and reporting • Extended support hours for Priority 1 Incidents (24x5 Monday to Friday, Business Days only); • Objective will provide Priority 1 post-incident reports; • Support Contact access to the portal to view Incidents and status; • Incidents are managed by the Objective Global Support team, providing real-time updates of progress and the ability to negotiate incident priority levels; • Assistance to Support Contacts in resolving Objective Connect technical issues such as applying certificates and installation assistance of new Objective Connect Link versions; • Support Contacts are notified by email of updates and new releases of Connect. Connect enhanced support for Connect Link customers provide Target Levels 1-4 for Response and Resolution.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
"Objective Connect is designed with zero training requirements in mind and most users start using it without any additional help.
Extensive getting started guides, tutorial videos and FAQs are available from:
https://www.objective.co.uk/resources/tutorials
Additional training and workshops can be provided as a paid service."
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
All documents hosted in Objective Connect can be downloaded at any time.
Audit trail can be exported by administrators to a CSV file at any time.
End-of-contract process
At the end of the contract users lose the option to create new secure workspaces and to add new documents to their workspaces. Administrators no longer have access to the administration features of Objective Connect.
Prior to the end of the contract users and administrators can download all documents and audit trails and close all workspaces, which will delete all contents from Objective Connect.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The web application is fully responses and provides the same level of experience on mobile devices.
Additionally there is a native mobile application for iOS and Android devices, which provides full access to the documents and folders hosted in Objective Connect.
Service interface
Yes
Description of service interface
Via supported Browser or via Outlook Plug-in
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
Via Testing with Government Customers and in Lab
API
Yes
What users can and can't do using the API
The API is public and integration with it is described in the API documentation.
All functionality available through the web application is available through the API as well.
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Administrators can brand Objective Connect by providing their organisation's logo. This logo is displayed on email notifications and on Objective Connect workspaces.

Scaling

Independence of resources
Objective Connect is a SaaS solution that can scale up and down as required.

Analytics

Service usage metrics
Yes
Metrics types
The Objective Connect administration dashboard provides access to the following metrics:
Connections are the currency of Connect and are calculated by multiplying the number of participants by the number of documents available in the same workspace. Administrators can view connection count at the account, workgroup, user or individual workspace level.
Reporting types
  • API access
  • Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
"Audit trails, containing records of all actions on the users' workspaces can be exported as CSV files through the customers' administration dashboard.
Additionally, Workspace Record's in PDF format can also be generated for download. Workspace Record functionality is available as an Enterprise-only subscription offering, presenting all audit events in a concise, human-readable document format."
Data export formats
  • CSV
  • Other
Other data export formats
PDF
Data import formats
Other
Other data import formats
  • Users input their information manually (such as names, contact details)
  • Data migration can be provided as a paid service

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
FIPS 140-2; AES-512;256
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
FIPS 140-2;AES-512;256

Availability and resilience

Guaranteed availability
99,9%, excluding scheduled downtime.
Approach to resilience
"The Connect architecture primarily leverages Wildfly, MySQL and ActiveMQ running across multiple AWS Virtual Machines, along with multiple auto-scaling microservices, providing additional system functionality.
This configuration directly supports both service redundancy and high-availability across the system."
Outage reporting
Email alerts, on the login page and on the public Objective Connect website.

Identity and authentication

User authentication needed
Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
Users require elevated Admin permissions associated with their login.
Access restriction testing frequency
Never
Management access authentication
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
British Assessment Bureau
ISO/IEC 27001 accreditation date
July 2018
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • ISO 9001
  • ISO 27018
  • Cyber Security Essentials
  • GDPR Compliant

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
ISO/IEC 9001
Information security policies and processes
Customer data is only available to a small number of highly trusted operations personnel which excludes the development and product teams.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All changes to production environments are tracked in an internal ticketing system. Are changes need to be classified and approved by the change advisory board located in UK. All change request are reviewed from the perspective of impact on the operation of the product and the IS 27001 certification.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
"Objective Connect has a robust monitoring and alerting and intrusion detection systems. Regular patching of applications and services compliant with the following standard is performed:
* ‘Critical’ patches should be deployed within hours
* ‘Important’ patches should be deployed within 2 weeks of a patch becoming available
* ‘Other’ patches deployed within 8 weeks of a patch becoming available"
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
"Connect is monitored in a variety of ways, depending on requirements. The main tools utilised are:
AWS Cloudwatch - the primary monitoring tool that provides a consolidated platform for the management and investigation of system health, events and logs.
PagerDuty - providing ongoing notification via email, SMS and mobile app alerts to Operations team members.
CloudTrail - utilised to support investigation and audit functions of the AWS environment."
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Administartion Dashboard ref Connections and E-Mail Notification

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • Public Services Network (PSN)
  • Scottish Wide Area Network (SWAN)

Pricing

Price
£3,000 a unit a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
14 day period for Standard User excludes any optional items (see price list).
Link to free trial
https://www.objective.co.uk/products/objective-connect

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mat.graves@objective.com. Tell them what format you need. It will help if you say what assistive technology you use.