This G-Cloud 10 service is no longer available to buy.

The G-Cloud 10 framework expired on Tuesday 2 July 2019. Any existing contracts with Viewdeck Consulting Limited are still valid.
Viewdeck Consulting Limited

Document Management as a Service (VDMS) ​​​​​​GC10-SAS-DMS1

The Viewdeck Document Management service VDMS uses a leading open source document management/enterprise content platform. The service provides secure and controlled access to documents, images, and metadata across the organisation. It improves efficiency with powerful storage, search and filtering features, as well as advanced capabilities for structured and unstructured artifacts.

Features

  • Easy to use, Document/Content management with integration and version control.
  • Resilient High Availability capabilities to support business needs.
  • Full Text Search across structured and unstructured data.
  • Standard and bespoke reporting, with configurable user views.
  • Configurable metadata and integrated process management.
  • Secure Internal Enterprise capability or Shared Agency Service.
  • Shared Internal and public portal to enable collaboration.
  • Web based, allowing disjointed remote teams to work together.
  • Open Source solution, that is easy and intuitive to use.
  • Scalable and Secure, Role Based access at individual data level.

Benefits

  • Safe, secure and simple to use.
  • Integrate Teams, Users, Customers across Internal and External zones.
  • Enterprise Content Management, Auditability, Roles based Access.
  • Cross Agency cooperation, Extend team out to the field.
  • Adaptable to meet existing business processes.
  • Simple no client software required for deployment.
  • Scalable to very large concurrent teams.
  • Secure Server platform, production ready for Publice, Tier1 Services.
  • Suitable for Public, Private and Shared Cloud environments.
  • Works with UKCloud, Azure, AWS and private clouds.

Pricing

£425 a user a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@viewdeck.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 10

Service ID

8 2 5 9 5 1 1 6 2 7 4 2 1 0 1

Contact

Viewdeck Consulting Limited Glenn Hardy
Telephone: 0203 384 3350
Email: gcloud@viewdeck.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
A Viewdeck Patch Server is a requirement to provide a patch service and Virus/Rootkit signatures upgrades.
A Viewdeck Log Server is a requirement to provide event monitoring for the service.
A Viewdeck Monitor Service is required to provide availability and host health check monitoring.
Backup Solution providing secure offline remote cloud based storage is required. The Viewdeck Backup Service provides a suitable service.
The Secure Mail Server with connectivity to the secure administration mailbox providing alerting and reporting from the hosts.
Secure Remote Administrator Access via a suitable secure network. This will vary depending on the hosting environment
System requirements
  • Viewdeck Patch Server for patch and Virus/Rootkit signatures upgrades
  • Viewdeck Log Server for event monitoring for the service
  • Viewdeck Monitor Service for availability and host health check monitoring
  • Backup Solution providing secure offline remote cloud based storage
  • The Viewdeck Backup Service provides a suitable service
  • The Secure Mail Server with connectivity to secure administration mailbox
  • Providing alerting and reporting from the hosts.
  • Secure Remote Administrator Access via suitable secure network.
  • This will vary depending on the hosting environment

User support

Email or online ticketing support
Email or online ticketing
Support response times
Mmediate Automatic response. Email Response 'SLAs' is supported for P3 P4 and P5's during normal working hours. All P1's and P2's should be logged via email, and immediately escalated via the help line. Weekend response to email tickets is available as an additional service.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), 7 days a week
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), 7 days a week
Web chat support accessibility standard
WCAG 2.0 A
Web chat accessibility testing
Web chat accessibility testing
Our knowledge has come from market research provided by the Slack community.
Onsite support
Onsite support
Support levels
Viewdeck follows a traditional P1-P5 problem management prioritisation and response model, providing integration and escalation as you would expect to deliver to the agreed service levels. P1 Total loss of service. P2 Some loss of service. P3 Small loss of service or work around. P4 Tasks are made more difficult, but are not impossible to complete. P5 Interferes with non-operational use. All P1 and P2 events are allocated an Incident Manager to see and manage incidents through to successful resolution, providing SPOC, regular reporting, and coordination between various resolver groups. Standard support is Mon-Fri 9-5:30pm. P1’s and P2’s are supported 24 hours a Day, 7 Days a week as standard. Additional extended hours of support are available, either for 8am-8pm Monday-Saturday , or 24 hours x 7 days Week. All services can take advantage of the 24 hour per day web and telephone service, although only P1’s and P2’s will be responded out of supported hours. Additional pricing for these services is based on the product, with further details in our pricing guide. All Viewdeck Services include an Account Manager to manage service issues, and provide a SPOC for clients.
Support available to third parties
No

Onboarding and offboarding

Getting started
Viewdeck offer assistance to getting stated

Self taught CBT training is available as part of the service

Additional fixed price packages for other training is also available on request at extra cost
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
On end of contract, Viewdeck can supply the users information extracted from the system in native format or configuration files, including XML/JSON format.

This can be transferred to the user electronically via secure electronic transfer by arrangement with the client organisation, or via a shared secure File Transfer area. If the client has specific needs for the physical transfer of the data we would support this by additional services for the media and media transport for Data Extraction.
End-of-contract process
30 days before end of Contract, there will be client engagement to confirm the Requirements, agree a plan, any additional services needed, and the Quality Criteria for the delivery of those services to meet the Requirements.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install
No
Designed for use on mobile devices
No
Accessibility standards
WCAG 2.0 A
Accessibility testing
Accessibility testing - Our knowledge has come from service tooling manufacturers commitments and market research.
API
Yes
What users can and can't do using the API
Client (normally Technology Administrators) can access the system through a web based API. This allows the Client to gain 'Controlled' access to the key functionality of the service to support Configuration and Data Management. All Services support REST based API interfaces.
API documentation
Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Our services are based upon COTS components that are configurable for Clients via common and native interfaces. The functionality accessed by the Client allows a certain level of Business configuration within the parameters of each individual Service. Typically this is via a Web interface.
We encourage Clients to Self Service for such Configurable parameters.

Scaling

Independence of resources
All of our services are based on dedicated devices with managed contention performance to ensure no service degradation due to other user ativity.

In the event of performance degradation occurring our service management tooling would automatically trigger and incident alerting us to the problem so that immediate action can be taken to address it

Analytics

Service usage metrics
Yes
Metrics types
Full Access to service Monitoring interfaces is provided by a web interface. This give the client access to the full spectrum of system and service accessibility and availability, with optional reporting against service SLAs.

The Service Management tooling records and reports on all aspects of the Service delivery , and provides reporting against service SLAs for clients. This are provided free of charge for clients as part of the baseline service.
Reporting types
Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
The user is able to extract their data through Web Interface access management tools allowing them to download the data to their desktop, where applicable to the Service.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
XML
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • XML
  • SQL

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
The level of availability is 99.50%
Approach to resilience
Our service utilises a service provider that has multiple hosting sites with diverse routing of communications and power. We use a service configuration that makes use of these capabilities to provide a resilient service.
Outage reporting
The client would get an alert via an email should there be an outage

The client would also be able to view a service dashboard to see the status of their service

Identity and authentication

User authentication needed
Yes
User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
Access is limited via IP address of connecting devices and use of shared keyword
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
QMS International
ISO/IEC 27001 accreditation date
18/05/2018
What the ISO/IEC 27001 doesn’t cover
All aspects covered.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
CSA CCM version 3.0
Information security policies and processes
Viewdeck has a ISMS with the basis procedures to manage security such as

Information security policy and objectives
Risk assessment and risk treatment methodology
Statement of Applicability
Risk treatment plan
Risk assessment report
Definition of security roles and responsibilities
Inventory of assets
Acceptable use of assets
Access control policy
Operating procedures for IT management
Supplier security policy

Viewdeck has a nominated security officer who ensure security policies are followed and undertakes scheduled audits. The security officer reports directly to the CEO

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Viewdeck utilizes suppliers that follow certified configuration and change management procedures.

Viewdeck also uses automated configuration control and management via the Chef toolkit.

Viewdeck has its own documented procedures for configuration and change management based on ITIL. All changes are assessed and appropriate assurance steps determined for the change. All changes are tested in a dedicated environment before release to live.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
View deck undertake event logging via our SIEM. This allows security monitoring in real time of our services.

Our services also undergo regular penetration test to ensure that no vulnerabilities have emerged.

Our services are managed using automated Configuration tooling that keeps the infrastructure from being changed and lowering the risk of malicious exploration.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
All services are managed at the boundary by NIDS. Our services also provide application level logging and HIDS protection. All alerts would be forward to the clients. Depending on severity, we would respond within the SLAs of our services
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Our incident management process is based on ITIL principles

Users can log and incident via email, phone, web interface and also chat.

Incident reporting is via web interface. Additional reports can be supplied by request at additional cost.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • New NHS Network (N3)

Pricing

Price
£425 a user a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@viewdeck.com. Tell them what format you need. It will help if you say what assistive technology you use.