Prolinx Ltd

Prolinx Hosted Platform (PHP) - Official Connections as a Service

PHP are offering Official and above IBM Connections service which combines file sharing and social collaboration platform in an easy to deploy, simplified package. With seamless Office, Windows and OSX integration and easy-to-use Mobile applications, Connections Cloud enables secure collaboration anywhere with people inside your organisation and other government departments.

Features

  • Profiles- Searchable information pages for every user
  • Files- Share documents easily with 1Tb of storage per
  • Chat- Instant messenger with voice and video.
  • Communities- Gather experts to work on project or as teams
  • Meetings- video casting, desktop and application sharing in online meetings
  • ISO9001, ISO20000, ISO27001 certified organisation and ITIL service management framework
  • Securely operated in the UK by SC/DV Cleared Personnel
  • Detailed data access and user activity reports for compliance management
  • Optional Vulnerability Management can be deployed 24x7x365 across security domains
  • Share your view point and content in a safe environment

Benefits

  • Leverage skills -Find experts quickly saving time and money
  • Collaborate openly- Spend less time in the inbox
  • Innovate quickly- Get ideas and feedback from the entire organisation
  • Unified Experience- Everything seamlessly tied together
  • Rich Mobile- Never limited by the device you are using
  • Design Led- Built from the ground up with users aforethought
  • Unlimited Guests – Meaningful collaboration across organisational boundaries
  • Reduces complexity of managing secure Connections technology
  • Commensurate security controls in place
  • Enable Customer Security stakeholders to focus on the Business

Pricing

£14.00 per user per month

Service documents

G-Cloud 11

741894442256331

Prolinx Ltd

Sam Howells

+44 (0) 330 180 0099

Sam.howells@prolinx.co.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints We notify our customers of change calendar window that will detail upcoming planned outages and scheduled downtime of the service.
System requirements
  • Modern Browser
  • Mobile device (Android, iOS)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Any questions/ requests for information will be acknowledged within 4 working hours and resolved within 1 working day.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Prolinx will offer 1st line support for initial diagnosis. Beyond 1st line support Prolinx can call upon the IBM Cloud Support which delivers IT-level assisted support options that help you get the most out of your technology investment. Standard support, included with your subscription, includes 24x7 telephone support for severity 1 problems, plus a support portal, and email support. Optionally, customers can purchase Priority Support, or Premier Support, for an additional charge. These offer additional levels of support, including on-site visits where required. For full details, see the IBM Connections Cloud support page https://www.ibm.com/cloud-computing/social/us/en/supportoptions/
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Prolinx can provide on-line supporting material (User Guides) to assist customers to maximise the benefits of the Official Connections collaborations tool. On-site training can be provided and our Service Desk can be available to provide assistance and guidance to customers as required. More formal classroom training can be provided by IBM which Prolinx would be happy to facilitate.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction Termination or migration will necessitate a four week period prior to any expiry of the contractual agreement; Prolinx and the customer will agree an exit plan which will include a mandatory service migration meeting covering:

• The return of user generated data most appropriate to meet the exit and security requirements
• Whether they wish their data to remain available for future use (i.e.; persistent storage). If the data is not required, it will be purged and destroyed in accordance with the requirements associated with the data BIL rating.
• Whether they wish to extract their data. If the data is rated at Official including caveats (BIL3), precautions will need to be put in place to ensure that the security of the data is not compromised. Data can be extracted in a variety of formats including XML, CSV and TXT.
• Exit project plan
• The compliance requirements for secure destruction of important data and storage media
• Risk Assessments and agreed service cessation milestones
• Final commercial reconciliation.

Prolinx will agree a price for delivering the exit plan and will have fifteen days to transfer or destroy all user generated data within the Prolinx Assured Cloud Service.
End-of-contract process Termination or expiry of the contractual agreement will initiate the Exit Project Plan as set out in the off-boarding section of this document.

In the event of termination, all/any remaining service charges will still apply and will be payable on or before the termination date.

In line with G Cloud T&Cs at least 90 days notice of termination must be provided in writing.

Prolinx will ensure disposal is undertaken in accordance with HMG IA Standard No 5. Prolinx currently adhere to a secure disposal and reuse policy for any equipment pertaining to MOD/Government projects.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Chrome
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The available features are virtually device agnostic.
API Yes
What users can and can't do using the API IBM Connections Cloud provides RESTful APIs and Open Social APIs. The following components are accessible through APIs - Activities, Blogs, Bookmarks, Communities, Files, Forums, Ideation Blogs, Search and Wikis. You can also manage and provision your users and groups via Business Support System APIs. Full details can be found here https://sbtexplorer.mybluemix.net/Explorer.nsf/Explorer.xsp . IBM also provides API Explorer, which is a test environment for developing social applications using IBM Connections Cloud APIs. You can make API calls, see the response of those calls, and access the documentation for those APIs - all within a single interface.
API documentation Yes
API documentation formats HTML
API sandbox or test environment No
Customisation available Yes
Description of customisation Official Connections is a social collaboration platform, and as such provides a great deal of flexibility for individual users to make changes. Users are able to choose who they network with, and what people, communities and files they wish to follow. They are able to upload files, write blogs, comments and contribute to forums and wikis. They are able to build Communities, choose the appearance of the community, what apps to include within the community, and what other users are able to join and contribute to that community. In addition to the above, administrators and developers can perform simple changes to the overall appearance of the service for their users, for example, they can change the branding, logo and colour scheme.

Scaling

Scaling
Independence of resources Prolinx provides a Private Cloud service offering and therefore this is only accessible to individual customers.

Analytics

Analytics
Service usage metrics Yes
Metrics types Our support team provides proactive monitoring of all services to manage the infrastructure. All user access is monitored and recorded and metrics can be made available if required.
Reporting types Reports on request

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold IBM

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach There is an extensive set APIs that can be used to create, read or extract content from the Connections Cloud platform. Full details of how this can be done is found here - https://www.ibm.com/cloud-computing/social/us/en/toolkit/ . IBM also offers Content Migration Factory, where IBM Services can assist with importing and exporting user data for an additional charge.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • JSON
  • ATOM
  • CMIS
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • JSON
  • ATOM
  • CMIS

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability The service shall be operational and available to customers for 99.95% of the time during each calendar month. This shall not include any scheduled maintenance periods, but customers shall be given one calendar months’ notice of any intended maintenance periods.
Approach to resilience Prolinx also utilises a secondary Data Centre facility to provide full resilience and Disaster Recovery (DR) capability.
Outage reporting For a complete or partial service outage the GOSC will be advised so they can cascade the information to all MoDNet or DII F users. Prolinx can offer other Government Departments the ability of an API or email alert system.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Prolinx make use of trusted roles and have separation of duty and limits on each transactional privilege set. All these measures combine to an accepted standard practise which has satisfied already provisioned MoD and other Government contracts.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users receive audit information on a regular basis
How long user audit data is stored for Between 1 month and 6 months
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for Between 6 months and 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 05/09/2015
What the ISO/IEC 27001 doesn’t cover There are no exceptions and our certificate covers the following:
The provision of IT infrastructure solutions and IT managed services, which includes consultancy, design and implementation services. This in accordance with the ISMS statement of applicability v9.0 dated 11/07/2015.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes The ISO 27001:2013 certification specifies requirements for the implementation of security controls customised to the needs of an organisation's Information Security Management System. Prolinx adhere and implement adequate and appropriate security controls to protect company information assets.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Prolinx have a number of methods already in use with our Compliance Department to support and safeguard information.

Prolinx have robust method for vulnerability management that is used with all vulnerabilities and risks which is minimised with proven effective risk analysis and mitigation strategies by experienced Prolinx staff.

All vulnerabilities and reporting is compliant with GPG standards.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach All vulnerabilities and reporting is compliant with GPG standards.

The monitor and report aspects of Access Control, Perimeter Defences, Resource Integrity, Intrusion Detection and Malware Defence are all part of our standard offering. The exception to this intrusion detection whereby we respond and also report findings to the JCU at MoD Corsham. An update and patch policy IAW JSP440.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach The Prolinx monitoring platform can provide real-time views of availability statistics, as well as detailed monitoring and analysis of data from virtual switches, routers, servers and any other SNMP-enabled devices. The Prolinx monitoring platform which includes availability, security and integrity monitoring of the applications and VMware horizon environment.

Prolinx also use Fortigate firewalls and Fortigate wireless hardware for its architectures. These products are best of breed within the market and can be fully managed, supported and monitoring by Prolinx service desk.

Every incident that requires escalation we engage the relevant parties taking any necessary action reporting directly to the GOSCC
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach The Service Desk manages incidents using a dedicated service management tool suite these can be raised by a telephone call, email or from an automated alerting system. Incidents are classified and prioritised in accordance with the agreed SLAs. There are multiple types of classification and several levels of prioritisation that can have different response and resolution characteristics ranging from 30 minute responses with 4 hour resolutions to 4 hour responses with 48 hour resolutions with several levels in between. Incidents are managed to ensure that any impact is minimised and the situation is dealt with appropriately.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Other
Other public sector networks MOD Connected Network (MCN)

Pricing

Pricing
Price £14.00 per user per month
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑