John White PM Ltd

JW PM Health and Justice Cloud Hosting Services

JW PM is a lead provider of VDI solutions for the Health and Justice healthcare arena in England. Successfully deploying VDI solutions to police healthcare and prisons healthcare. The solutions are bespoke to the client, follow all standards set by the authority including integration with NHS SPINE services.

Features

  • Works with thin-client as well as zero-client devices
  • Managed cloud-based solutions, designed and implemented end-to-end
  • Platform dedicated to health and justice healthcare
  • Co-residency service to reduce cost across your estate
  • Standalone dedicated platform to match your needs
  • Software Assurance will provide customer with pre-defined upgrade plan
  • Two factor authentication utilising NHS Smartcards
  • ISO 27001 certified
  • Cyber Essentials Certified
  • Connectivity with N3/HSCN

Benefits

  • Centralised management of anti-virus and cyber-security
  • Centralised management of the OS for updates and patching
  • Enhanced user experience due to standardised desktop across estate
  • Simplified deployment model reduces cost and time
  • Connectivity to HSCN authorised sites
  • All staff have security clearance for police, courts and prisons
  • Known price model throughout duration of contract
  • Scalable to suit your need during duration of contract

Pricing

£3000 per unit per year

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 11

715760188315480

John White PM Ltd

John White

07850020106

jwhite@johnwhitepm.co.uk

Service scope

Service scope
Service constraints 1. A N/3 HSCN connection is required, the exact speed of which is determined by the number of users/devices on the VDI system.
2. Existing devices that the client wants to convert to thin-clients will need to be verified as acceptable prior to inclusion. There may be charges to support these devices.
3. Telephony is not supported currently.
4. The solution is built to match national EMR requirements across Health and Justice.
System requirements
  • HSCN connection - JWPM can procure if required
  • Internal network - JWPM can install/configure if required
  • Warranted VDI terminals - JWPM can procure if required
  • KVM hardware may be required for Police and Prison installations
  • NHS Smartcards - JWPM can supply and Manage if required

User support

User support
Email or online ticketing support Email or online ticketing
Support response times JW PM offers a 24/7/365 service desk to support all end users of the application. All tickets are responded to as follows: P1 = 30 mins or less P2 = 2 Hours or less P3 = 4 Hours or less P4 = 8 Hours or less P5 = 16 Hours or less.

During project mobilistion SLA/KPIs will be reviewed and agreed with the clients to match their needs.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Onsite support
Support levels JWPM offer the following support:
1. Telephone Support 24/7/365 - included as part of the package;
2. Onsite support - provided during the go-live phase;
3. Additional onsite support can be purchased if required for other projects or support requirements;
4. Support for 1 x HMP with approx 30 devices: is approx. £40,000 per site per annum, ex VAT, ex desktop/network refresh costs and HSCN connectivity;
5. Support for 1 x Police Custody Suite: approx. £4,000 per annum, ex VAT, ex desktop/network refresh costs and HSCN connectivity;
5. Price reductions apply for multiple sites, as per the costing sheet;
6. A technical account manager is provided, as is a cloud support engineer.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started All new customers are assigned a Project Manager and Solution Architect to define the requirement and work with the client to ascertain cost, time and effort in the delivery of their project. the outputs of this engagement will be as a follows: proposed budget, high-level timeline and high-level design. JWPM will then step back and allow the customer to review this information, for them to make a decision, based on their needs. at all times the client will have access to the project manager and solutions architect. During engagement, an escalation process will be defined and agreed with the client.
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
  • Microsoft Office
  • Microsoft Visio
End-of-contract data extraction All data stored on the platform will be returned to the client in its native format or as a CSV file format. JW PM will not hold any data after contract end data. If required, a secure destruction certified can be obtained, if the client wishes all data to be destroyed.
End-of-contract process As part of the off-boarding process, JWPM will meet with the client and review what data has been collected and stored over the duration of the contract. It will be agreed with the client what data they wish to retain or destroyed. This engagement of process is included in the overall contract cost.

Using the service

Using the service
Web browser interface Yes
Using the web interface End users could utilise existing hardware and JWPM could work with your IT team to install and configure the Citrix Desktop Client. This is run via a web browser and, if HSCN connectivity is available, could connect to the JWPM cloud platform. As the platform is bespoke to the client and pre-configured by JWPM, the end user to not able to make any changes to the desktop environment.
Web interface accessibility standard None or don’t know
How the web interface is accessible The web interface is accessible through an icon on a standard Windows or Mac desktop.
Web interface accessibility testing As the desktop is a standard Windows 10 interface, people with assistive requirements can change the desktop to suit their needs.

JW PM, will during mobilisation, pro-actively engage with any end user who has these requirements.
API No
Command line interface No

Scaling

Scaling
Scaling available Yes
Scaling type
  • Automatic
  • Manual
Independence of resources 1. Web load balancers
2. High speed data interfaces
3. Upgradable servers in the hosting environment
4. Dedicated platform for dedicated clients
Usage notifications Yes
Usage reporting
  • Email
  • SMS

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
  • Number of active instances
Reporting types
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up The service can back up virtual machines and associated data.
Backup controls During project mobilisation it will be agreed with client what backup controls they wish to have in place and subject to them being reasonable, they will be implemented. It is most likely to be daily, weekly and monthly backups as per industry standards.
Datacentre setup Single datacentre with multiple copies
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability CIMAS is hosted in a Tier 1 Data Centre which is rated as 99.999%, within which the platform works at 99.9% availability or higher, subject to the end-user's internal network connection.
2. Refunds are investigated on a case by case basis due to the areas that are outside the control of JWPM.
Approach to resilience This information is available on request, and we more than happy to discuss the security, resilience and redundancy of the service with any potential customers.
Outage reporting 1. If an outage was to occur, the JWPM Service Desk, which operates 24/7/365 would notify by email a predefined cohort of service users to the outage.
2. The outage report would continue an initial assessment of the issue and an expectation resolution timeline.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Access to management interfaces will be permitted only on dedicated management VLANs separated by a firewall. Support engineers and their roles are controlled by Active Directory accounts and delegations on security groups as organisation units.
If external access is required, access will be only permitted through two factor authentication.
VDI users are controlled by Active directory distributed polices.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)

Audit information for users

Audit information for users
Access to user activity audit information Users receive audit information on a regular basis
How long user audit data is stored for User-defined
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 CQS (Certified Quality Systems) Ltd
ISO/IEC 27001 accreditation date 13th December 2018
What the ISO/IEC 27001 doesn’t cover This is a company wide accreditation and applies to all departments
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes 1. JWPM is certified to ISO 27001:2013 (Cert Num: ISM7799306) and has information security policies and procedures in place to comply with this standard.
2. Internal audits are undertaken to monitor and assure compliance.
3. Reporting structure is to Head of PMO, then Director, who met weekly to review organisational and project risks, including information risks.
4. JWPM completes NHS Digital's Data Security and Protection Toolkit (JWPM ODS Code: 8K421, Status=Satisfactory, Submitted Jan 2019)
5. JWPM is working towards Cyber Essentials certification during 2019.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach 1. All application configuration and change management is as per ITIL v3 2. All changes are subjected to a rigorous UAT
3. All changes are applied to a sandpit installation and tested for security weaknesses before being applied to live
4. All platform hardware is monitored as per the manufacturer's Hardware Life Cycle and replaced as advised
5. All O/S and Service Delivery Software is tracked to comply with the manufacturer's System Life Cycle and replaced as advised to ensure ongoing security and support
Vulnerability management type Undisclosed
Vulnerability management approach 1. JWPM follows the Capability Maturity Model for Vulnerability Management, and will also: Identify, assess, define and plan a resolution when a threat is identified
2. Scan on a regular basis for potential threats
3. Regularly monitor security forums
4. Keep all AV and Cyber Security software up to date
5. JW PM has a defined process and maintenance regime for identifying and installing O/S and application security policies. Reports are generated on a regular basis to show the status of these activities.
6. For emergency patch management; depending on criticality will depend on how quickly JWPM patches the servers.
Protective monitoring type Undisclosed
Protective monitoring approach All staff are trained to inform the 24/7 service desk on any potential incident. A ticket is raised by the Service Desk and this is immediately allocated to the Information Security Office for review and action. As part of the Information Security Policy, there are controls in place by JWPM. Policies are available on request. Any compromise would be investigated by the Information Security Officer and Information Governance Lead.
Incident management type Supplier-defined controls
Incident management approach All staff are trained to inform the 24/7 service desk on any potential incident. A ticket is raised by the Service Desk and this is immediately allocated to the Information Security Office for review and action. As part of the Information Security Policy, there are controls in place by JWPM. Policies are available on request.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used Citrix XenServer
How shared infrastructure is kept separate Compute separation is provided by the software. Network and storage virtualisation techniques are also employed.

Energy efficiency

Energy efficiency
Energy-efficient datacentres No

Pricing

Pricing
Price £3000 per unit per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial JW PM is happy to discuss a proof of concept (PoC) with any prospective client. This would typically be tied down to one location with one team who primarily work that location. We would expect the PoC to run for approx. 2 months.

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑