CenturyLink Public Protection Unit Database (PPUD) as a Service
The Public Protection Unit Database (PPUD) is an accredited Casework Management System for the management of Offenders and related Probation, Parole and Mental Health processes. Includes a full Document and Dossier management system and complex workflow processes. The license for this software is owned by the Ministry of Justice (MOJ).
Features
- Document Management
- Workflow Management
- Casework Management
- Dossier Management
- Customer Relationship Management
Benefits
- Work across departmental boundaries
- Collaborate on documents
- Share information between organisations
- Share information with external users
- Monitor and improve service delivery
- Report and track information
Pricing
£1 to £1,000,000 a unit a month
Service documents
Request an accessible format
Framework
G-Cloud 11
Service ID
8 1 2 5 2 8 9 2 3 9 1 5 1 8 6
Contact
LUMEN TECHNOLOGIES UK LIMITED
ashley.manning@Lumen.com
Telephone: 07827881863
Email: ashley.manning@Lumen.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
- This service offering is purely to provide the hosting and support for an instance of PPUD. Licensing will need to be managed separately with the software owner.
- System requirements
-
- The system runs on Microsoft Windows Server
- Internet Information Services (IIS) version 6.0 or above.
- .NET Framework version 4.5
- ASP.NET
- SQL Server 2008 or above.
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
We aim to respond to support tickets on the same or next day unless urgent in which case a 2 hour response time is applied.
This does not include weekends. - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Onsite support
- Support levels
-
Default option for contracts:
Professional Level Support: -
• Access to forums, documentation, white papers, best practice guides (24/7).
• Unlimited break/fix (24/7).
• Tier 1 Support (24/7) via Ticketing.
• Tier 2 Support via Ticketing System (24/7) triaged by a pool of shared engineers.
• Response time to tickets: Less than 60 minutes by a pool of shared engineers.
• Chat support (24/7) / phone support (24/7).
• Price graduated, based on monthly spend.
Enterprise Level Support: -
• Access to forums, documentation, white papers, best practice guides (24/7).
• Unlimited break/fix (24/7).
• Tier 1 Support (24/7) via Ticketing.
• Tier 2 Support via Ticketing System (24/7) triaged by a designated engineer (if on shift), or a pool of shared engineers.
• Response Time to tickets: Less than 30 minutes by a designated engineer (if on shift), or a pool of shared engineers.
• Chat support (24/7) / phone support (24/7).
• Price graduated based on spend, plus price per designated support shift.
Support is included with all pricing options. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- This process will be managed by CenturyLink in cooperation with the client's team to enable the migration of existing documents and mapping of processes into the new workflow model. CenturyLink will provide user documentation and can also provide cascade training support.
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- CenturyLink can export SQL Server backups at no additional cost.
- End-of-contract process
- CenturyLink will export data in an agreed and supported format. Migration to a new system is not provided under this contract. Additional consultancy to help understand that model is at additional cost.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 9
- Internet Explorer 10
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Opera
- Application to install
- No
- Designed for use on mobile devices
- No
- Service interface
- No
- API
- No
- Customisation available
- Yes
- Description of customisation
-
Workflows are customisable, all standard lists of values can be adjusted and online help is user editable.
This is only available to high level admin users.
Scaling
- Independence of resources
- Performance levels depend on the hosting plan chosen for the service. Typical hosting solution is on dedicated cloud infrastructure which mitigates the risk of system performance degradation from other sources.
Analytics
- Service usage metrics
- No
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
- Physical access control, complying with another standard
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- The system supports and includes a variety of reports that users can run to extract data. However, a user cannot perform a full system data export, this function can be performed via CenturyLink support team.
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- Legacy SSL and TLS (under version 1.2)
- Data protection within supplier network
- Legacy SSL and TLS (under version 1.2)
Availability and resilience
- Guaranteed availability
- Service Level Agreements are subject to the hosting plan.
- Approach to resilience
- Resilience depends on the hosting plan chosen for the service. CenturyLink offers several cloud hosting options under G-Cloud 11 supporting resilience options including load balancing and fail over within the same or between multiple UK data centres.
- Outage reporting
- Resilience depends on the hosting plan chosen for the service. CenturyLink offers several cloud hosting options under G-Cloud 11 supporting resilience options including load balancing and fail over within the same or between multiple UK data centres.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- 2-factor authentication
- Access restrictions in management interfaces and support channels
- When new PPUD users are created, they are assigned a permission level and a team. This permission level includes the level of management access the user has. Managers/administrators cannot create or promote users to a higher permission level than their own. External users accessing data via the Web Access Module (WAM) can only log onto the system if they have been granted WAM access by a PPUD administrator. These WAM users have restricted access to cases that they have been "associated to" by a caseworker using PPUD. This WAM access can be amended at any time by the PPUD administrator.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
- Dedicated link (for example VPN)
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Schellman (formerly BrightLine)
- ISO/IEC 27001 accreditation date
- 30/06/2017
- What the ISO/IEC 27001 doesn’t cover
- ISO27001:2013 does not cover customer servers or CenturyLink services, however, these services heavily rely on the data centre security which is covered by ISO27001:2013.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- 29/06/2015
- CSA STAR certification level
- Level 1: CSA STAR Self-Assessment
- What the CSA STAR doesn’t cover
- N/A
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- Schellman
- PCI DSS accreditation date
- 25/10/2017
- What the PCI DSS doesn’t cover
- Specific customer environments – The certification is of CenturyLink as a service provider. The ROS and AOC are available on request.
- Other security certifications
- Yes
- Any other security certifications
-
- PSN Supplier Certified
- PSN Customer Certified
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- CenturyLink have a set of commercial policies and procedures, making up the ISMS, which underpin the majority of Information Security. In addition, where there is an identified mismatch to HMG requirements, there is a dedicated 'HMG Specific' policy in the UK. These were designed in line with NCSC guidance and good practice.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Change and Configuration Management is carried out in line with ITIL Best Practices.
Configuration Items are tracked from build to disposal. Changes to CIs are captured by network/server automation tools, or, where not possible, via manual updates after implemented Changes. There is a dedicated HMG Change Manager, Change Management Process and IT Service Management tool set. All changes must follow the Change process and have an associated Change record. Apart from preapproved (Standard) Changes, all other Changes are reviewed in the weekly Change Board.
Software is developed with a security-first mindset and tested for security during development, testing and deployment. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Change and Configuration Management is carried out in line with ITIL Best Practices.
Configuration Items are tracked from build to disposal. Changes to CIs are captured by network/server automation tools, or, where not possible, via manual updates after implemented Changes. There is a dedicated HMG Change Manager, Change Management Process and IT Service Management tool set. All changes must follow the Change process and have an associated Change record. Apart from preapproved (Standard) Changes, all other Changes are reviewed in the weekly Change Board.
Software is developed with a security-first mindset and tested for security during development, testing and deployment. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
CenturyLink abide by their Information Security Framework which is designed to protect CenturyLink information assets from threats, whether internal or external, deliberate or accidental.
CenturyLink review threats/risks annually and respond to incidents immediately, post event CenturyLink recovery steps include follow up actions that protect the compromised system/data from future similar attacks. - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
CenturyLink abide by their Information Security Framework which is designed to protect CenturyLink information assets from threats, whether internal or external, deliberate or accidental.
CenturyLink review threats/risks annually and respond to incidents immediately, post event CenturyLink recovery steps include follow up actions that protect the compromised system/data from future similar attacks.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
- Public Services Network (PSN)
Pricing
- Price
- £1 to £1,000,000 a unit a month
- Discount for educational organisations
- No
- Free trial available
- No