Prolinx Hosted Platform (PHP) - Official Connections as a Service
PHP are offering Official and above IBM Connections service which combines file sharing and social collaboration platform in an easy to deploy, simplified package. With seamless Office, Windows and OSX integration and easy-to-use Mobile applications, Connections Cloud enables secure collaboration anywhere with people inside your organisation and other government departments.
- Profiles- Searchable information pages for every user
- Files- Share documents easily with 1Tb of storage per
- Chat- Instant messenger with voice and video.
- Communities- Gather experts to work on project or as teams
- Meetings- video casting, desktop and application sharing in online meetings
- ISO9001, ISO20000, ISO27001 certified organisation and ITIL service management framework
- Securely operated in the UK by SC/DV Cleared Personnel
- Detailed data access and user activity reports for compliance management
- Optional Vulnerability Management can be deployed 24x7x365 across security domains
- Share your view point and content in a safe environment
- Leverage skills -Find experts quickly saving time and money
- Collaborate openly- Spend less time in the inbox
- Innovate quickly- Get ideas and feedback from the entire organisation
- Unified Experience- Everything seamlessly tied together
- Rich Mobile- Never limited by the device you are using
- Design Led- Built from the ground up with users aforethought
- Unlimited Guests – Meaningful collaboration across organisational boundaries
- Reduces complexity of managing secure Connections technology
- Commensurate security controls in place
- Enable Customer Security stakeholders to focus on the Business
£14.00 per user per month
7 4 1 8 9 4 4 4 2 2 5 6 3 3 1
+44 (0) 330 180 0099
|Software add-on or extension||No|
|Cloud deployment model||
|Service constraints||We notify our customers of change calendar window that will detail upcoming planned outages and scheduled downtime of the service.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Any questions/ requests for information will be acknowledged within 4 working hours and resolved within 1 working day.|
|User can manage status and priority of support tickets||No|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
|Support levels||Prolinx will offer 1st line support for initial diagnosis. Beyond 1st line support Prolinx can call upon the IBM Cloud Support which delivers IT-level assisted support options that help you get the most out of your technology investment. Standard support, included with your subscription, includes 24x7 telephone support for severity 1 problems, plus a support portal, and email support. Optionally, customers can purchase Priority Support, or Premier Support, for an additional charge. These offer additional levels of support, including on-site visits where required. For full details, see the IBM Connections Cloud support page https://www.ibm.com/cloud-computing/social/us/en/supportoptions/|
|Support available to third parties||No|
Onboarding and offboarding
|Getting started||Prolinx can provide on-line supporting material (User Guides) to assist customers to maximise the benefits of the Official Connections collaborations tool. On-site training can be provided and our Service Desk can be available to provide assistance and guidance to customers as required. More formal classroom training can be provided by IBM which Prolinx would be happy to facilitate.|
|End-of-contract data extraction||
Termination or migration will necessitate a four week period prior to any expiry of the contractual agreement; Prolinx and the customer will agree an exit plan which will include a mandatory service migration meeting covering:
• The return of user generated data most appropriate to meet the exit and security requirements
• Whether they wish their data to remain available for future use (i.e.; persistent storage). If the data is not required, it will be purged and destroyed in accordance with the requirements associated with the data BIL rating.
• Whether they wish to extract their data. If the data is rated at Official including caveats (BIL3), precautions will need to be put in place to ensure that the security of the data is not compromised. Data can be extracted in a variety of formats including XML, CSV and TXT.
• Exit project plan
• The compliance requirements for secure destruction of important data and storage media
• Risk Assessments and agreed service cessation milestones
• Final commercial reconciliation.
Prolinx will agree a price for delivering the exit plan and will have fifteen days to transfer or destroy all user generated data within the Prolinx Assured Cloud Service.
Termination or expiry of the contractual agreement will initiate the Exit Project Plan as set out in the off-boarding section of this document.
In the event of termination, all/any remaining service charges will still apply and will be payable on or before the termination date.
In line with G Cloud T&Cs at least 90 days notice of termination must be provided in writing.
Prolinx will ensure disposal is undertaken in accordance with HMG IA Standard No 5. Prolinx currently adhere to a secure disposal and reuse policy for any equipment pertaining to MOD/Government projects.
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||The available features are virtually device agnostic.|
|What users can and can't do using the API||IBM Connections Cloud provides RESTful APIs and Open Social APIs. The following components are accessible through APIs - Activities, Blogs, Bookmarks, Communities, Files, Forums, Ideation Blogs, Search and Wikis. You can also manage and provision your users and groups via Business Support System APIs. Full details can be found here https://sbtexplorer.mybluemix.net/Explorer.nsf/Explorer.xsp . IBM also provides API Explorer, which is a test environment for developing social applications using IBM Connections Cloud APIs. You can make API calls, see the response of those calls, and access the documentation for those APIs - all within a single interface.|
|API documentation formats||HTML|
|API sandbox or test environment||No|
|Description of customisation||Official Connections is a social collaboration platform, and as such provides a great deal of flexibility for individual users to make changes. Users are able to choose who they network with, and what people, communities and files they wish to follow. They are able to upload files, write blogs, comments and contribute to forums and wikis. They are able to build Communities, choose the appearance of the community, what apps to include within the community, and what other users are able to join and contribute to that community. In addition to the above, administrators and developers can perform simple changes to the overall appearance of the service for their users, for example, they can change the branding, logo and colour scheme.|
|Independence of resources||Prolinx provides a Private Cloud service offering and therefore this is only accessible to individual customers.|
|Service usage metrics||Yes|
|Metrics types||Our support team provides proactive monitoring of all services to manage the infrastructure. All user access is monitored and recorded and metrics can be made available if required.|
|Reporting types||Reports on request|
|Supplier type||Reseller providing extra features and support|
|Organisation whose services are being resold||IBM|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a CHECK service provider|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||There is an extensive set APIs that can be used to create, read or extract content from the Connections Cloud platform. Full details of how this can be done is found here - https://www.ibm.com/cloud-computing/social/us/en/toolkit/ . IBM also offers Content Migration Factory, where IBM Services can assist with importing and exporting user data for an additional charge.|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
|Guaranteed availability||The service shall be operational and available to customers for 99.95% of the time during each calendar month. This shall not include any scheduled maintenance periods, but customers shall be given one calendar months’ notice of any intended maintenance periods.|
|Approach to resilience||Prolinx also utilises a secondary Data Centre facility to provide full resilience and Disaster Recovery (DR) capability.|
|Outage reporting||For a complete or partial service outage the GOSC will be advised so they can cascade the information to all MoDNet or DII F users. Prolinx can offer other Government Departments the ability of an API or email alert system.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||Prolinx make use of trusted roles and have separation of duty and limits on each transactional privilege set. All these measures combine to an accepted standard practise which has satisfied already provisioned MoD and other Government contracts.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users receive audit information on a regular basis|
|How long user audit data is stored for||Between 1 month and 6 months|
|Access to supplier activity audit information||Users receive audit information on a regular basis|
|How long supplier audit data is stored for||Between 6 months and 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||BSI|
|ISO/IEC 27001 accreditation date||05/09/2015|
|What the ISO/IEC 27001 doesn’t cover||
There are no exceptions and our certificate covers the following:
The provision of IT infrastructure solutions and IT managed services, which includes consultancy, design and implementation services. This in accordance with the ISMS statement of applicability v9.0 dated 11/07/2015.
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||Cyber Essentials|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||The ISO 27001:2013 certification specifies requirements for the implementation of security controls customised to the needs of an organisation's Information Security Management System. Prolinx adhere and implement adequate and appropriate security controls to protect company information assets.|
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
Prolinx have a number of methods already in use with our Compliance Department to support and safeguard information.
Prolinx have robust method for vulnerability management that is used with all vulnerabilities and risks which is minimised with proven effective risk analysis and mitigation strategies by experienced Prolinx staff.
All vulnerabilities and reporting is compliant with GPG standards.
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
All vulnerabilities and reporting is compliant with GPG standards.
The monitor and report aspects of Access Control, Perimeter Defences, Resource Integrity, Intrusion Detection and Malware Defence are all part of our standard offering. The exception to this intrusion detection whereby we respond and also report findings to the JCU at MoD Corsham. An update and patch policy IAW JSP440.
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||
The Prolinx monitoring platform can provide real-time views of availability statistics, as well as detailed monitoring and analysis of data from virtual switches, routers, servers and any other SNMP-enabled devices. The Prolinx monitoring platform which includes availability, security and integrity monitoring of the applications and VMware horizon environment.
Prolinx also use Fortigate firewalls and Fortigate wireless hardware for its architectures. These products are best of breed within the market and can be fully managed, supported and monitoring by Prolinx service desk.
Every incident that requires escalation we engage the relevant parties taking any necessary action reporting directly to the GOSCC
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||The Service Desk manages incidents using a dedicated service management tool suite these can be raised by a telephone call, email or from an automated alerting system. Incidents are classified and prioritised in accordance with the agreed SLAs. There are multiple types of classification and several levels of prioritisation that can have different response and resolution characteristics ranging from 30 minute responses with 4 hour resolutions to 4 hour responses with 48 hour resolutions with several levels in between. Incidents are managed to ensure that any impact is minimised and the situation is dealt with appropriately.|
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||Yes|
|Other public sector networks||MOD Connected Network (MCN)|
|Price||£14.00 per user per month|
|Discount for educational organisations||No|
|Free trial available||No|