Astrea is a configurable Web based application for enabling a variety of organisations to manage their cases with the aid of task lists and calendar reminders. It acquires and processes information on a case, manages document filing, generates new documents based on customisable templates and allows public inquiries.
- Role Based Security Model
- RESTful Data Access Interface and System generated Web forms
- Digital signatures for legal validity of documents
- Management dashboard for KPI's and alerting
- Cryptography and web authentication using PKCS standards
- Remote access from multiple devices
- Open data standards (XML, ODT, RESTFul) providing data extraction processes
- Hosted SaaS solution offers a system availability of 99.98%
- Scalable architecture allowing system to grow with the organisation
- Platform is fully compliant to GDPR
- Full-text document search
- Intuitive and self-explanatory user interface
- Built in Localisation for User Interface
- Personal agenda integrated with events generated by the system
- Users can adopt new procedures and workflows through open BPMN
- View and manage documents according to specific confidentiality rules
- Perform daily tasks by replacing manual processes with automated workflows
- Automated reminders for tasks approaching their deadline
- Full audit data in an exportable format (XML, CSV)
- User management of document templates and workflows
£7 to £55 per unit
- Education pricing available
- Free trial available
Net Service Information Technology Ltd.
+44 (0)20 7631 9037
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|System requirements||Anti-virus technology for virtual machines|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
All requests for support will be answered within 1 working business day.
Support is available Monday to Friday from 9am to 5pm GMT. This can be extended by negotiation.
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.0 A|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Tier 0 - Self-help (wikis, FAQs, training handbooks, ...)
Tier 1 - Intended to deal with basic customer issues
Tier 1 staff handle straightforward and simple problems, adopting basic troubleshooting methods such as verifying physical layer issues,
resolving username and password problems, uninstalling/reinstalling basic software applications, verifying proper hardware and software set up and helping users navigate application menus
Tier 1 staff are responsible for
- collecting and recording information (computer name, screen/report name, error/warning messages, ...)
- determining the customer’s issue
- sorting through the possible solutions available
Tier 2 - More in-depth technical support level delivered by staff who are more experienced on a particular product or service
Tier 2 staff are responsible for
- investigating more complicated issues
- assisting Tier I staff
Tier 2 staff perform onsite installations/replacements of various hardware components, software repair, diagnostic testing.
Tier 3 - Highest level of support
Tier 3 staff are responsible for
- searching and developing solutions to new issues
- designing and developing one or more solutions
- evaluating them in a test environment
- implementing and delivering the best solution
- assisting Tier I/Tier II staff
Tier 3 staff comprise original or current developers of the product.
|Support available to third parties||Yes|
Onboarding and offboarding
- onsite training
- online training (video clips)
- user documentation
|End-of-contract data extraction||
At any moment, users can export their data into an open standard XML file that can be easily imported in every relational database management system.
This is in particular true when users want to change the service package they are using.
|End-of-contract process||No standard activity is considered at the end of the contract. Specific activities can be taken into account upon request. These activities can be included in the contract since its going into effect.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||The differences lie just in the user interface. On mobile user interface, to enhance user experience, large forms are split into a sequence of multiple forms with a limited number of graphical components.|
|Accessibility standards||WCAG 2.0 A|
|Accessibility testing||Users with visual and aural impairments were recruited and requested to access our GUI (Graphical User Interface) standard modules, in order to improve and validate them, on the basis of their feedback.|
|What users can and can't do using the API||
Through the API's, users can
- update service settings (only administrative users)
- upload documents
- start/stop workflows, complete specific tasks
- search and retrieve stored information, according to their confidentiality privileges.
Various standards are available (e.g. JSON, JSONP, Rest)
|API documentation formats||
|API sandbox or test environment||No|
|Description of customisation||
Authorised users can customise
- workflow diagrams by using Business Process Models & Notations (BPMN) language
- document templates by using an open standard word processor
|Independence of resources||System resources are scalable.|
|Service usage metrics||Yes|
Number of page accesses per unit time (page access frequency).
Average time spent on a page.
|Reporting types||Reports on request|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Supplier-defined controls|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||‘IT Health Check’ performed by a CHECK service provider|
|Protecting data at rest||
|Data sanitisation process||No|
|Equipment disposal approach||In-house destruction process|
Data importing and exporting
|Data export approach||At any moment, authorised users can export their data into an open standard XML file by invoking the related menu items.|
|Data export formats||
|Data import formats||
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
99.98 %, assured by contractual commitment.
Users are refunded by a primary insurance company.
|Approach to resilience||
Redundancy involves any kind of vital device: communication lines, power sources, network devices, servers, storage devices, ...
All devices are provided with two independent power supplies connected to two independent sources.
Servers supporting production services are arranged in a cluster of 8 nodes with automatic balancing and fault tolerance mechanisms.
All servers and network devices are powered by an uninterruptible power source (UPS) ensuring a 20 minute range.
If an outage lasts more than 5 minutes, a generator automatically starts. The latter has a range of 25 hours under an absorption equalling 3/4 of its full powering capacity.
UPS batteries are periodically checked by letting them discharge completely and measuring their range.
|Outage reporting||Outages leading to the generator activation (the ones lasting more than 5 minutes) send email and SMS alert messages to clearly identified staff members who are responsible for monitoring business continuity.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||No restrictions.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||Between 1 month and 6 months|
|Access to supplier activity audit information||No audit information available|
|How long system logs are stored for||Between 1 month and 6 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||TÜV Italy|
|ISO/IEC 27001 accreditation date||10/01/2014|
|What the ISO/IEC 27001 doesn’t cover||Nothing|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
We ensure both physical and logical security on software and data in our datacenter.
Physical access is monitored for all rooms containing servers, network devices, power plant branches, HVAC plant nodes and branches, communication lines, backup physical supports. Only authorised staff are allowed in. The others (both employees and visitors) can access those rooms only under the supervision of authorised staff. Every access is automatically logged.
Whoever wants to access a logical resource must authenticate by providing a couple of credentials (user identifier and password). Every access is automatically logged. Users are granted the access privileges of the user class they belong to.
Accesses outside company premises (e.g. remote working) are allowed via Virtual Private Network (VPN) only for a limited number of users. The privileges are limited to what is strictly required by the user's role.
Users must modify their password upon the first access. The latter must be complex enough and must be changed at least every three months. User accounts are blocked after three consecutive unsuccessful attempts of accessing the system. User accounts that remain unused for more than a given amount of time are blocked too.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
System Management team keep themselves constantly updated about the vulnerabilities detected in the software we run to deliver our services.
As a consequence, policies of change management and security improvement are constantly maintained.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
System Management team keep themselves constantly updated about the vulnerabilities detected in the software we run to deliver our services. According to their criticality, the corresponding patches are applied immediately, weekly or monthly.
Information about software vulnerability is retrieved directly at its producer or at specialised Web sites.
Periodically, we ask some suppliers to carry out penetration tests to assess our network vulnerability (open ports, insecure configurations, ...) and act accordingly, on the basis of the test oucome.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
We consider the following types of incidents:
- development and test software environments stop being available
- servers and network devices stop being available
- stored information loses its integrity
Software environments are implicitly checked by the staff who uninterruptedly operate on them. They are requested to promptly signal any potential problem.
Servers and network devices periodically undergo automatic checks to detect any drop in responsiveness.
Automatic data integrity checks are periodically performed to ensure information has not got corrupted.
Every kind of incident is assigned a detailed procedure intended to resolve it.
Our Recovery Point Objective is 1 hour.
|Incident management type||Supplier-defined controls|
|Incident management approach||
We have predefined procedures in place to tackle
- loss or theft of mobile devices and equipment
- server room blaze
- server room equipment breakdown
- data loss
- software environment integrity loss
Users inform the Security Manager who activates the right human resources within the Security Team.
Security Team maintain an incident log where they report every incident and the actions undertaken to work it out, in order to analyse them and improve the current procedures. It is disclosed only upon explicit request.
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||Yes|
|Price||£7 to £55 per unit|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||The free trial version is fully operational and is provided for 6 months.|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|