JW PM Health and Justice Cloud Hosting Services
JW PM is a lead provider of VDI solutions for the Health and Justice healthcare arena in England. Successfully deploying VDI solutions to police healthcare and prisons healthcare. The solutions are bespoke to the client, follow all standards set by the authority including integration with NHS SPINE services.
- Works with thin-client as well as zero-client devices
- Managed cloud-based solutions, designed and implemented end-to-end
- Platform dedicated to health and justice healthcare
- Co-residency service to reduce cost across your estate
- Standalone dedicated platform to match your needs
- Software Assurance will provide customer with pre-defined upgrade plan
- Two factor authentication utilising NHS Smartcards
- ISO 27001 certified
- Cyber Essentials Certified
- Connectivity with N3/HSCN
- Centralised management of anti-virus and cyber-security
- Centralised management of the OS for updates and patching
- Enhanced user experience due to standardised desktop across estate
- Simplified deployment model reduces cost and time
- Connectivity to HSCN authorised sites
- All staff have security clearance for police, courts and prisons
- Known price model throughout duration of contract
- Scalable to suit your need during duration of contract
£3000 per unit per year
- Education pricing available
- Free trial available
John White PM Ltd
1. A N/3 HSCN connection is required, the exact speed of which is determined by the number of users/devices on the VDI system.
2. Existing devices that the client wants to convert to thin-clients will need to be verified as acceptable prior to inclusion. There may be charges to support these devices.
3. Telephony is not supported currently.
4. The solution is built to match national EMR requirements across Health and Justice.
|Email or online ticketing support||Email or online ticketing|
|Support response times||
JW PM offers a 24/7/365 service desk to support all end users of the application. All tickets are responded to as follows: P1 = 30 mins or less P2 = 2 Hours or less P3 = 4 Hours or less P4 = 8 Hours or less P5 = 16 Hours or less.
During project mobilistion SLA/KPIs will be reviewed and agreed with the clients to match their needs.
|User can manage status and priority of support tickets||No|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Onsite support|
JWPM offer the following support:
1. Telephone Support 24/7/365 - included as part of the package;
2. Onsite support - provided during the go-live phase;
3. Additional onsite support can be purchased if required for other projects or support requirements;
4. Support for 1 x HMP with approx 30 devices: is approx. £40,000 per site per annum, ex VAT, ex desktop/network refresh costs and HSCN connectivity;
5. Support for 1 x Police Custody Suite: approx. £4,000 per annum, ex VAT, ex desktop/network refresh costs and HSCN connectivity;
5. Price reductions apply for multiple sites, as per the costing sheet;
6. A technical account manager is provided, as is a cloud support engineer.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||All new customers are assigned a Project Manager and Solution Architect to define the requirement and work with the client to ascertain cost, time and effort in the delivery of their project. the outputs of this engagement will be as a follows: proposed budget, high-level timeline and high-level design. JWPM will then step back and allow the customer to review this information, for them to make a decision, based on their needs. at all times the client will have access to the project manager and solutions architect. During engagement, an escalation process will be defined and agreed with the client.|
|Other documentation formats||
|End-of-contract data extraction||All data stored on the platform will be returned to the client in its native format or as a CSV file format. JW PM will not hold any data after contract end data. If required, a secure destruction certified can be obtained, if the client wishes all data to be destroyed.|
|End-of-contract process||As part of the off-boarding process, JWPM will meet with the client and review what data has been collected and stored over the duration of the contract. It will be agreed with the client what data they wish to retain or destroyed. This engagement of process is included in the overall contract cost.|
Using the service
|Web browser interface||Yes|
|Using the web interface||End users could utilise existing hardware and JWPM could work with your IT team to install and configure the Citrix Desktop Client. This is run via a web browser and, if HSCN connectivity is available, could connect to the JWPM cloud platform. As the platform is bespoke to the client and pre-configured by JWPM, the end user to not able to make any changes to the desktop environment.|
|Web interface accessibility standard||None or don’t know|
|How the web interface is accessible||The web interface is accessible through an icon on a standard Windows or Mac desktop.|
|Web interface accessibility testing||
As the desktop is a standard Windows 10 interface, people with assistive requirements can change the desktop to suit their needs.
JW PM, will during mobilisation, pro-actively engage with any end user who has these requirements.
|Command line interface||No|
|Independence of resources||
1. Web load balancers
2. High speed data interfaces
3. Upgradable servers in the hosting environment
4. Dedicated platform for dedicated clients
|Infrastructure or application metrics||Yes|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Supplier-defined controls|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||A third-party destruction service|
Backup and recovery
|Backup and recovery||Yes|
|What’s backed up||The service can back up virtual machines and associated data.|
|Backup controls||During project mobilisation it will be agreed with client what backup controls they wish to have in place and subject to them being reasonable, they will be implemented. It is most likely to be daily, weekly and monthly backups as per industry standards.|
|Datacentre setup||Single datacentre with multiple copies|
|Scheduling backups||Supplier controls the whole backup schedule|
|Backup recovery||Users contact the support team|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
CIMAS is hosted in a Tier 1 Data Centre which is rated as 99.999%, within which the platform works at 99.9% availability or higher, subject to the end-user's internal network connection.
2. Refunds are investigated on a case by case basis due to the areas that are outside the control of JWPM.
|Approach to resilience||This information is available on request, and we more than happy to discuss the security, resilience and redundancy of the service with any potential customers.|
1. If an outage was to occur, the JWPM Service Desk, which operates 24/7/365 would notify by email a predefined cohort of service users to the outage.
2. The outage report would continue an initial assessment of the issue and an expectation resolution timeline.
Identity and authentication
|Access restrictions in management interfaces and support channels||
Access to management interfaces will be permitted only on dedicated management VLANs separated by a firewall. Support engineers and their roles are controlled by Active Directory accounts and delegations on security groups as organisation units.
If external access is required, access will be only permitted through two factor authentication.
VDI users are controlled by Active directory distributed polices.
|Access restriction testing frequency||At least once a year|
|Management access authentication||
|Devices users manage the service through||
Audit information for users
|Access to user activity audit information||Users receive audit information on a regular basis|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users receive audit information on a regular basis|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||CQS (Certified Quality Systems) Ltd|
|ISO/IEC 27001 accreditation date||13th December 2018|
|What the ISO/IEC 27001 doesn’t cover||This is a company wide accreditation and applies to all departments|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
1. JWPM is certified to ISO 27001:2013 (Cert Num: ISM7799306) and has information security policies and procedures in place to comply with this standard.
2. Internal audits are undertaken to monitor and assure compliance.
3. Reporting structure is to Head of PMO, then Director, who met weekly to review organisational and project risks, including information risks.
4. JWPM completes NHS Digital's Data Security and Protection Toolkit (JWPM ODS Code: 8K421, Status=Satisfactory, Submitted Jan 2019)
5. JWPM is working towards Cyber Essentials certification during 2019.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
1. All application configuration and change management is as per ITIL v3 2. All changes are subjected to a rigorous UAT
3. All changes are applied to a sandpit installation and tested for security weaknesses before being applied to live
4. All platform hardware is monitored as per the manufacturer's Hardware Life Cycle and replaced as advised
5. All O/S and Service Delivery Software is tracked to comply with the manufacturer's System Life Cycle and replaced as advised to ensure ongoing security and support
|Vulnerability management type||Undisclosed|
|Vulnerability management approach||
1. JWPM follows the Capability Maturity Model for Vulnerability Management, and will also: Identify, assess, define and plan a resolution when a threat is identified
2. Scan on a regular basis for potential threats
3. Regularly monitor security forums
4. Keep all AV and Cyber Security software up to date
5. JW PM has a defined process and maintenance regime for identifying and installing O/S and application security policies. Reports are generated on a regular basis to show the status of these activities.
6. For emergency patch management; depending on criticality will depend on how quickly JWPM patches the servers.
|Protective monitoring type||Undisclosed|
|Protective monitoring approach||All staff are trained to inform the 24/7 service desk on any potential incident. A ticket is raised by the Service Desk and this is immediately allocated to the Information Security Office for review and action. As part of the Information Security Policy, there are controls in place by JWPM. Policies are available on request. Any compromise would be investigated by the Information Security Officer and Information Governance Lead.|
|Incident management type||Supplier-defined controls|
|Incident management approach||All staff are trained to inform the 24/7 service desk on any potential incident. A ticket is raised by the Service Desk and this is immediately allocated to the Information Security Office for review and action. As part of the Information Security Policy, there are controls in place by JWPM. Policies are available on request.|
|Approach to secure software development best practice||Supplier-defined process|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||Yes|
|Who implements virtualisation||Supplier|
|Virtualisation technologies used||Citrix XenServer|
|How shared infrastructure is kept separate||Compute separation is provided by the software. Network and storage virtualisation techniques are also employed.|
|Price||£3000 per unit per year|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||JW PM is happy to discuss a proof of concept (PoC) with any prospective client. This would typically be tied down to one location with one team who primarily work that location. We would expect the PoC to run for approx. 2 months.|