Objective Corporation Limited

Objective Keystone for Collaborative Authoring, Consultation & Engagement

Objective Keystone provides an integrated collaborative environment to develop policies and strategic plans utilising best practice content; provide a unified workspace, publishing and delivery services; and facilitate the involvement of stakeholders through real-time consultation, collaboration and engagement with local communities. Includes Collaborative Authoring and Stakeholder Engagement. Local Development Plans.

Features

  • Consultation and Engagement Platform with Stakeholder Database
  • Document Creation, Collaboration, Versioning and Multi-Authoring
  • Dynamic Document and Web Publishing
  • Integration through API with CRM and Line of Business Systems
  • Consultaion Portal including mobile support
  • Comprehensive reporting on all event based consultations incluidng surveys/polls
  • Community Library of reusable best practice content for Government Agencies
  • One click publishing including PDF, AAA-HTML and XML
  • Templated design features allowing re-use and high quality publishing
  • Support Local Development Plans, Local Transport Plans and Water WRMP19

Benefits

  • Manage the way strategic documents are created, co-authored and managed
  • High quality Organisation brand compliant content & Publishing
  • Manage the entire lifecycle for Policy Development and Strategic Plans
  • Manage the legislative process for Local Plans and Water WRMP19
  • Manage consultations, stakeholder submissions and analysis of engagement
  • Single consultee database to allow consultaion and engagement across Government
  • Proven largest Government Gloud for Consultation and Engagement for LAs
  • Multi-channel Engagement with Local Communities, Citizens, Businesses and Stakeholders
  • Integrate Social Media Policy into Statkeholder Engagement

Pricing

£9800 per unit per year

Service documents

Framework

G-Cloud 11

Service ID

8 0 0 4 1 7 1 2 1 5 1 3 6 1 1

Contact

Objective Corporation Limited

Mat Graves

+44 (0)118 2072300

mat.graves@objective.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Objective Portfolio of Products including ECM, EDRM and Connect
Cloud deployment model
  • Public cloud
  • Community cloud
Service constraints
All planned downtime/maintenance is restricted to weekends or late at night when demand for the service is expected to be low. Notification is provided in advance to all customers to allow them time to plan any activity around the scheduled downtime
System requirements
  • Stakeholder Engagement roles require JavaScript
  • Modern Browser support - see Service Definition for further details
  • PDF Reader Required

User support

Email or online ticketing support
Email or online ticketing
Support response times
Full Service Details are contained within the Keystone Support Handbook
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Standard Support Hours are 09:00 to 17:00 Monday to Friday Excluding Public Holidays. Enhanced support is available including 07:00-19:00 and 24/5.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Objective offer a range of implementation services, which are defined in the Services Service Definition. The Basic package covers the basics of system set up and ‘super user’ training, while the Advanced Package adds a layer of Consultation Institute (CI) accredited consultancy and assistance to enable best practice alongside the use of the Objective software as well as options for direct assistance to design and deliver consultation events and/or collaborative documents.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
If a customer chooses to terminate their contract a three month notice period is required. At the end of this period:
• users will be deactivated
• the DNS will be deleted
• customer data will be deleted
Customers can export their data from the system using the following tools provided by the system:
• Stakeholder Management
• Run reports for consultees and comments
• Save as XML / CSV / HTML format
• Export Documents and supporting files
• Collaborative Authoring
• Export as zip file - individual XML content files plus images for documents
• Export as Entire PDF
Customers can use the service to carry out this work themselves or alternatively Professional Services can be engaged to carry out this work on a fee basis as per G-Cloud 9 SFIA Rate Card
End-of-contract process
Each party’s right to terminate is addressed in the Objective Connect terms and conditions of use. Objective also has limited suspension rights as follows:
Objective may take the Application offline or filter or block the Customer’s access, without derogating from its right to terminate this Agreement and without liability for repudiation if:
1. the Customer fails or neglects to pay any outstanding invoice within seven (7) days of the date of a written demand for payment by Objective;
2. Objective is authorised or directed to suspend the Service by a government, administrative, regulatory and/or law enforcement agency to do so;
3. for the purpose of Scheduled Maintenance;
4. the presence of a Virus threatens the integrity of the Application, Customer Data and/or hosted environment; and
5. the Customer is reasonably believed to have undertaken any prohibited actions.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
No
Service interface
No
API
Yes
What users can and can't do using the API
Collaborative Authoring and Stakeholder Management can be used without any development or integration. It is however possible to integrate to our solutions using our Web Service API or via our RESTful HTTP interface. The Collaborative Authoring/Stakeholder Management web browser client uses these interfaces to make the application work. This means that any data set or function that is available within the application can be made available (subject to security and licensing) to other third-party applications.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
Custom defined Meta Data by the customer
Customer branding for integration with customer's website with Objective support
Template branding for Collaborative Authoring with Objective support

Scaling

Independence of resources
We have an operational team that pro-actively monitors and plans demand and hence ensures the elasticity of the Keystone solution. In addition, capacity management is performed for the application through the defined architecture, sizing and predicted customer demand through a multi-tenanted solution.

Analytics

Service usage metrics
Yes
Metrics types
Service Metrics include Outage reports via the Customer dashboard
From a Consultation Engagement Model - users can configure repprts on different engagement events as part of the core functionality.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Customers can export their data from the system using the following tools provided by the system:
• Stakeholder Management
• Run reports for consultees and comments
• Save as XML / CSV / HTML format
• Export Documents and supporting files
• Collaborative Authoring
• Export as zip file - individual XML content files plus images for documents
• Export as Entire PDF
Customers can use the service to carry out this work themselves or alternatively Professional Services can be engaged to carry out this work on a fee basis.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • HTML
Data import formats
  • CSV
  • Other
Other data import formats
HTML

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
Other
Other protection within supplier network
IPC and message queues

Availability and resilience

Guaranteed availability
There is a target service level of 99.8% for the application.
Approach to resilience
Our global data centre and bandwidth supplier is Peer1 Hosting. Full redundancy is implemented throughout, including traffic re-routing to guarantee our services are delivered 24/7. Our data centres have a high level of security and resilience, with 24-hour air-conditioning power, UPS with emergency generators for backup, fire detection and suppression and security measures that include active security measures. Onsite facilities include heating, ventilation, air-conditioning and UPS are all configured to N+1 standards, which means that no single point of failure exists. UPS are backed up by onsite generators.
Outage reporting
Users can see service outages reported in their application dashboard
Email alerts

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Service management via bastion hosts and use of a VPN
Access restriction testing frequency
Less than once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
ACS Registrars
ISO/IEC 27001 accreditation date
15/07/2015
What the ISO/IEC 27001 doesn’t cover
The scope of Objective's accreditation covers the following: The protection of data for the provision of specialist information management software solutions and services around content collaboration and process management to the corporate and public sector. Assets protected include all organisation data client data required for the delivery of services and supporting physical and cloud based IT infrastructure. Assets protected are within the physical locations internal networks external connectivity and remotely managed services within the control of Objective Corporation UK Ltd. in Accordance with Statement of Applicability Ver 1.3
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
All Objective staff in the UK are responsible for conforming to the security manual in all their work. The procedures which make up the Information Security Management System (ISMS) define specific responsibilities. The Objective UK Information Security Manager, who reports directly to the General Manager UK, is responsible for the ISMS design and development, liaison with external advice and guidance (e.g. interest groups, product user groups). He is responsible for:
• owning the ISMS and ensuring that it presents an integrated set of policies and controls which support Objective’s information security policy
• establishing information security objectives to support the policy, and controlling their achievement
• ensuring that any failures, events or improvement opportunities relating to information security are recorded and addressed as appropriate (including retention of records as required)
• maintaining the ISMS components in accordance with agreed improvements, and ensuring that they are implemented correctly
• ensuring that any resources required to support information security are identified and requested
• monitoring the system's effectiveness through audits and other measures
• ensuring compliance with the requirements of ISO 27001
• ensuring staff awareness of information security
• maintaining knowledge of information security good practice.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Change and configuration management procedures are followed to track service components throughout their lifecycle to ensure the network remains operational and stable at all times. No changes may be made to the IT infrastructure without the Systems Administrator’s approval. The Systems Administrator reviews and risk assesses changes for potential security impact and mitigates and manages appropriately before deployment onto live system environments
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Incidents are raised in response to threat identification and managed on a risk impact assessed basis and prioritised for response.
Patches are deployed and managed in accordance with defined processes with emergency patch processes defined for dealing with high impact / high priority incidents. Potential threats and threat actors are monitored and regularly reviewed as part of the regular review process.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
A multi-layered strategic approach exists to protect the data, network and laptop/desktops from Internet borne threats that uses: • Anti-virus and malware scanner software on laptops/desktops and servers to protect against virus and malware infections • Email filtering to prevent email based attacks delivered in the form of incoming spam mail. • A firewall regulates inbound and outbound traffic to protect against potential threats. • Anti-malware protection • Operating systems software is updated to address known vulnerabilities. Tickets are raised in response to an incident and prioritised for response based on risk assessment.
Incident management type
Supplier-defined controls
Incident management approach
Users report and raise incidents through the Support Portal and tickets are raised to progress incidents. Each ticket is reponded to with details of root cause of the incident together with incident resolution details identified.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£9800 per unit per year
Discount for educational organisations
No
Free trial available
No

Service documents

Return to top ↑