Objective ECM & EDRM as a Service including MS Office 365
Objective ECM and EDRM including integration to O365 Software as a Service makes it easy for agencies to manage their Enterprise Content including document and records management, collaboration and business process automation of digital and physical content. 30 Government business processes including FOI/SAR and Ministers Questions.
- Enterprise Content Management & Information Governance
- Document and Records Management
- Business Process Automation, Workflow and Process Governance
- Drawings Management, Document Imaging and Redaction
- Case Management
- Enterprise Search
- Mobile and Offline Working
- Integration with Email, Office and Line of Business Systems
- Access via Mobile, Browser and Tablets
- Sharepoint Integration and Governance
- Manage Information Assets through their lifecycle at lower cost
- Connects content to people and the people they work with
- Delivers a simple, fast and personal experience that can scale
- Manage all content; both electronic and physical
- Accessible via Web, Mobile, Email, Sharepoint O365 and LoB Systems
- Pre-configured file plans for SCARRS and LGCS
- Zero based training web-based application
- An accredited solution with data resident in the UK/Europe
- Allows for Collaboration and Enterprise Search across all content
- Automates core business processes across Organisations and External Stakeholders
£23 per user per month
- Education pricing available
- Pricing document
- Skills Framework for the Information Age rate card
- Service definition document
- Terms and conditions
Objective Corporation Limited
+44 (0)118 2072300
|Software add-on or extension||No|
|Cloud deployment model||
Typically all maintenance schedules will be performed out of core office hours weekdays or over weekends.
The solution is based on the Microsoft Azure platform. Each system supports a minimum of 50 users. Each instance is dedicated to a single customer.
Customisation permitted: Whilst there are no limitations to customisation of the out of box functionality that Objective can support, all customisation must be scoped to understand the impact on security, service management and resource.
Customisation involving simple reconfiguration is supported, however
any design alteration or the addition of third party applications must be declared for impact assessment.
|Email or online ticketing support||Email or online ticketing|
|Support response times||Online ticketing Support 24/7|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.1 AA or EN 301 549|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Standard Support Hours are 09:00 to 17:00 Monday to Friday Excluding Public Holidays.
Enhanced support is available including 07:00-19:00 and 24/5.
|Support available to third parties||Yes|
Onboarding and offboarding
The Objective ECM solution will be installed and configured by Objective Professional Services prior to delivery of the solution to the customer.
Data cleansing prior to data migration is available as a separate option, and if selected, this will form part of the on-boarding process.
A project plan will be agreed between the parties based on the requirements for the system, with an associated timeline. Regular reviews of both the project plan and demonstrations of the functionality will be included, as will a training plan that accommodates administrators, super users and end users.
Following a successful acceptance test by key users, the system will be handed over to the customer.
The Objective Consultants will be available for a period after the go-live, and will do a warm handover to the Technical Support and Account Management teams.
|End-of-contract data extraction||
Objective will export content from the hosted environment as follows:
• In order to receive the information, the customer will be responsible for creating their own hosted environment account with sufficient capacity to hold the dataset and provide Objective access.
• Objective will place a copy an export of the database and Objective document store in this area and provide a notification for the customer that this task has been completed.
• Objective will maintain the original instance for a period of 30 days from export, upon which time it will be deleted.
• Once the data has been extracted, Objective will instruct the data centre to remove the Customers Objective instance. This will include removal of data volumes, snapshots and backups which will be permanently deleted from the hosted environment.
|End-of-contract process||Should the customer elect to terminate the contract, then written notice must be given according to the terms of the contract. Objective will migrate out content. The Objective Account Manager will coordinate with Objective Professional Services to perform the Migration process at an additional cost. Should the customer elect to migrate from Hosted ECM to On-Premise ECM, the transfer of all configurations and data will be undertaken by Objective Professional Services prior to decommissioning the hosted environment.|
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
Objective ECM supports a responsive user experience. The ECM browser will resize automatically based on the available screen space on the device.
Note the install is for a plug-in to enhance the user experience but is not a mandatory requirement. All users can access the service by a browser only.
|What users can and can't do using the API||
How users setup the service: The service is setup on behalf of the customer.
How users can make changes through the API: The service offers various routes to facilitate either a deep two way data exchange or a reference based loose coupling of systems.
Objective’s web services API provides a full range of “SCRUD” (Search, Create, Read, Update and Delete) services for content creation and consumption as well as other services for workflow interaction and session and transaction management.
This operates securely via SSL over HTTPS on port 443. It is language agnostic. The fine granularity of the web services means that an integrating system has ultimate control over all aspects of the integration to achieve a defined business outcome. It requires the integrating system to have knowledge of the business rules (filing rules, metadata and object mappings, etc) configured within the Objective ECM.
Objective also offers a ‘wrapper’ for the Objective Web-talk interface called the Objective Applink. This is an agile and rapid development environment providing a configurable interface to allow API calls to be exposed for external consumption. This can provide a cost effective way to integrate standard data interchange between Objective and multiple systems.
|API documentation formats||
|API sandbox or test environment||No|
|Description of customisation||
What can be configured and customised:
Many elements of the solution can be configured - this includes business specific elements such as the file plan, content types, business system preferences and business processes through Workflow.
Beyond configuration the solution can be customised for Integrations with 3rd party systems and for Integrations via Web Services and APIs and form UIs.
How users can customise?
Authorised users can configure the solution via the user interface or by using various utilities.
Technical users (or Objective technical consultants) can customise using the provided Web Services and APIs.
Who can customise?
Business specific elements can be configured by adminstrator users. Workflow can be configured by workflow administrator users.
Customisation involving simple reconfiguration is supported, however
any addition of third party applications must be declared for impact assessment. Technical users (or Objective technical consultants) can also customise using the provided Web Services and APIs.
|Independence of resources||The solution is single tenant. Other users cannot impact the service.|
|Service usage metrics||Yes|
Regular reports provided.
Dashboard updated on a daily basis.
Metrics include application usage analytics for example top user document creations etc.
Reports on Incident Service Level Targets and Availability Target Levels.
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||Less than once a year|
|Penetration testing approach||‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider|
|Protecting data at rest||
|Other data at rest protection approach||
Physical access controls from the Cloud platform.
ISO 27001 accredited procedures are in place to protect data at rest.
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||Data can be analysed at any time through reporting capabilities, and can be exported if so desired.|
|Data export formats||Other|
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
|Other protection within supplier network||
Isolated Security Zones within the network is an effective strategy for reducing many types of risk. Security zones that separate systems based on their communication and protection needs minimize security risks while allowing information flows to continue even in the face of failures and security incidents.
Virtual firewalls are between each network zone to secure and control traffic flow between subnets to provide segmentation.
Certificates are are used to secure communication between many internal components of the solution. Most are included and Trust stores are used to secure communications between external customer services where relevant.
Availability and resilience
Objective ECM is a hosted application which is available to users on a 99.5% per month basis Service Availability Target as standard, based on Support Hours. Service Availability Target means the ability for Objective’s monitoring provider probe to return success (critical services are available), except during scheduled maintenance windows.
Objective reserves a right to conduct scheduled downtime to ensure the environment is stable and the application is operational and up-to-date. Scheduled downtime will, where practicable, be notified to users in advance and scheduled on a weekend or after normal working hours to minimise any inconvenience. Objective also reserves a right to conduct unscheduled downtime in an emergency to safeguard the application e.g. from the presence of a virus or other damaging code.
|Approach to resilience||
Physical Resilience is delivered by the Cloud provider to a world leading standard and backed by Service Level Agreements.
Objective designs the service on top of the Cloud infrastructure to meet the service levels required. These requirements may vary.
Backups allow for restore in a variety of situations including data loss, infrastructure loss or corruption.
Appropriate connectivity is achieved through joint workshops.
|Outage reporting||Objective System Administrators receive Email and SMS alerts and have internal dashboards, and will raise an incident with the customer.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||Service management via bastion hosts and use of a VPN|
|Access restriction testing frequency||Less than once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||ACS Registrars|
|ISO/IEC 27001 accreditation date||15/07/2015|
|What the ISO/IEC 27001 doesn’t cover||
The scope of Objective's accreditation covers the following:
The protection of data for the provision of specialist information management software solutions and services around content collaboration and process management to the corporate and public sector. Assets protected include all organisation data client data required for the delivery of services and supporting physical and cloud based IT infrastructure. Assets protected are within the physical locations internal networks external connectivity and remotely managed services within the control of Objective Corporation UK Ltd. in Accordance with Statement of Applicability Ver 1.3
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||
|Other security governance standards||CyberSecurity Essentials|
|Information security policies and processes||
All Objective staff in the UK are responsible for conforming to the security manual in all their work. The procedures which make up the Information Security Management System (ISMS) define specific responsibilities.
The Objective UK Information Security Manager, who reports directly to the General Manager UK, is responsible for the ISMS design and development, liaison with external advice and guidance (e.g. interest groups, product user groups). He is responsible for:
• owning the ISMS and ensuring that it presents an integrated set of policies and controls which support Objective’s information security policy
• establishing information security objectives to support the policy, and controlling their achievement
• ensuring that any failures, events or improvement opportunities relating to information security are recorded and addressed as appropriate (including retention of records as required)
• maintaining the ISMS components in accordance with agreed improvements, and ensuring that they are implemented correctly
• ensuring that any resources required to support information security are identified and requested
• monitoring the system's effectiveness through audits and other measures
• ensuring compliance with the requirements of ISO 27001
• ensuring staff awareness of information security
• maintaining knowledge of information security good practice.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Change and configuration management procedures are followed to track service components throughout their lifecycle to ensure the network remains operational and stable at all times.
No changes may be made to the IT infrastructure without the Systems Administrator’s approval.
The Systems Administrator reviews and risk assesses changes for potential security impact and mitigates and manages appropriately before deployment onto live system environments.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Incidents are raised in response to threat identification and managed on a risk impact assessed basis and prioritised for response.
Patches are deployed and managed in accordance with defined processes with emergency patch processes defined for dealing with high impact / high priority incidents.
Potential threats and threat actors are monitored and regularly reviewed as part of the regular review process.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
A multi-layered strategic approach exists to protect the data, network and laptop/desktops from Internet borne threats that uses:
• Anti-virus and malware scanner software on laptops/desktops and servers to protect against virus and malware infections
• Email filtering to prevent email based attacks delivered in the form of incoming spam mail.
• A firewall regulates inbound and outbound traffic to protect against potential threats.
• Operating systems software is updated to address known vulnerabilities.
Tickets are raised in response to an incident and prioritised for response based on risk assessment.
|Incident management type||Supplier-defined controls|
|Incident management approach||Users report and raise incidents through the Support Portal and tickets are raised to progress incidents. Each ticket is reponded to with details of root cause of the incident together with incident resolution details identified.|
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||Yes|
|Price||£23 per user per month|
|Discount for educational organisations||Yes|
|Free trial available||No|