Unisys Limited

Unisys Information Management System (IMS)

Unisys Information Management System (IMS) provides a configurable, modifiable, highly secure framework supporting law enforcement, case management, records management, criminal justice, digital asset management, disclosure, visualisation, intelligence management, resource scheduling, booking and assignment, providing law-enforcement and other agencies with efficient procedures, collaboration, data quality, analysis and value for money.

Features

• Extensible, configurable low code framework with comprehensive law enforcement functionality
• Case, Records and Intelligence Management, Resource Scheduling/Booking within one application
• Entity Model simplifies data input and retrieval for operational staff
• Provides investigators with analytical, mapping, temporal and association/link analysis
• Commercial or Open Source platform, simplified external system integration
• Options include Digital Asset Management, Resource Scheduling, Booking, Assignment
• Completely configurable data model, security, rules and workflow
• Supports intelligence, crime management, screening, work allocation and management
• Meets requirements for complex criminal justice procedures and disclosure (Case)
• Optional Public Portal provides officers/citizens remote information submission capabilities

Benefits

• Improves targeting of crime and criminals
• Improves the security of, and access to, sensitive information
• Enables the seamless sharing of information with other agencies
• Configuration approach improves responsive to changing business requirements
• Delivers a modular approach and a configurable level of capabilities
• Reduces operational costs through open source and application driven efficiencies
• Improved public engagement via secure public facing portal
• Provides investigators with analytical tools enhancing their predictive policing
• Optional Graph Visualisation module allows advanced visualistion for all users
• Optional configurable Public Portal allowing citizen collaboration, information/attachment capture

£1,532 to £2,117 a user a year

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at cloudstore@unisys.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

109873640919344

Contact

Simon Arnold
+44(0)7808391153
cloudstore@unisys.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements: See Service Description

User support

• Email or online ticketing support: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Ranges from 8 to 6 (Mon-Fri) to 24/7 depending on option chosen. For further details, please see service description
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: See Service Description
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: See Service Description
• End-of-contract process: See Service Description

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: IMS has a series of native web services (SOAP and some Rest) allowing external solutions to interfacing with the application allowing the creation, read, update, delete and search of entities. The web services include authentication to ensure access is from an authorised user/service.
• Accessibility standards: None or don’t know
• Description of accessibility: Application is designed to be accessible but has not been accredited to the WCAG standards.
• Accessibility testing: None
• API: Yes
• What users can and can't do using the API: IMS provides an API as a set of SOAP and Rest based services into the solution allowing the creation, read, update, search and deletion of information. The services provide a set of capabilities in the system which depends on the security level of the "token" passed in the interface. The service also support bulk information upload via formatted batch files
• API documentation: Yes
• API documentation formats:
  • PDF
  • Other
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: IMS allows the configuration of numerous parameters, users roles, markers, tags, custom fields and the content of all drop down lists which are used for input of specific data within forms entry.; ; Users can also build there own reports through the IMS query builder and provide word document templates for the production of output forms from the system; ; Users can also execute and save searches, which can then be shared with other solution users.

Scaling

• Independence of resources: See Service Description - Capacity

Analytics

• Service usage metrics: Yes
• Metrics types: See Service Description

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: See Service Description
• Data export formats:
  • CSV
  • Other
• Other data export formats: XML
• Data import formats:
  • CSV
  • Other
• Other data import formats: XML

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection within supplier network: Assured by CESG-assured components.

Availability and resilience

• Guaranteed availability: See Service Description
• Approach to resilience: See Service Description
• Outage reporting: See Service Description

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
  • Other
• Other user authentication: Assured by independent testing of implementation
• Access restrictions in management interfaces and support channels: Cloud Management Environment (CME) separation is achieved at Management, Network, Hypervisor and Storage Layers.; ; The CME does not have access to the tenant’s environment within the platform. ; ; CME is responsible for monitoring and managing the cloud platform, but does not monitor guest OSs.; ; At network layer, data is separated by VLANs from virtual machines to the physical network switching infrastructure. ; ; Inter VLAN traffic flow is protected by a firewall. ; ; Management of Hypervisor Layer hosts and the VMs are separated; traffic to the hypervisor host is physically separated by using different network adaptors and switches to those serving tenant VM traffic.
• Access restriction testing frequency: Less than once a year
• Management access authentication:
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 14/10/21
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • CESG certification to IL3
  • Police Assured Secure Facility

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Client Information Security policy (IS) incorporates Unisys Corporate IS policy. Adherence and compliance to both of these policies, for delegates engaged in providing the IMS services, is mandatory requirement to joining the team. ; ; All delegates are security vetted and are provided annual Security briefings. ; ; Compliance, renewals and Joiners & Leavers registers are reviewed, monitored and reported on quarterly bases. ; ; Ad-hoc unannounced spot checks are also carried out by the Security Authority who is responsible for managing and reporting on all service related Information Security incidents. ; ; Further, delegates are also presented with the IMS Service SyOps as well as the individual client SyOps that details how the system meets and delivers the G Cloud Security Principles. ; ; Delegates roles and responsibilities are defined by the processes and procedures outlined in the accompanying SOPS documentation. ; ; IMS Service Catalogue details the Security Risk Incident and Emergency Security Incident management procedures. ; ; The IMS service Security Authority has a dotted line into the Unisys UK CIO and has a seat on the Corporate Security Governance board.; ; Unisys operates an anonymous incident and dispute reporting scheme.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: IMS is managed against a set of processes and procedures in place for every Unisys product.; ; All artefacts are held in a version control and fault tracking repository which ensures all components are tracked through their lifetime; ; Changes are assured by independent validation of assertion
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: At the infrastructure level, the IMS infrastructure is protected by perimeter security provided by a combination of, different vendor, Physical and Virtual Firewalls.; ; Intrusion Detection System (IDS), such as SNORT, would provide perimeter security.; ; A SIEM solution (such as SolarWinds or LogRythm) would provide the required proactive Security incident or event monitoring services to detect potential threats.; ; Periodic Vulnerability Scans would be performed to check for any new vulnerabilities that may be detected in the wild or may have crept into the live service.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The infrastructure would utilises network IDS such as SNORT to monitor network traffic and alert on malicious activity. ; ; Security information and event management (SIEM) software would collate and analyse the logs on the environment to proactively detect compromised vulnerabilities. ; ; On UKPSC these tools have been configured to analyse and alert on all 12 Protective Monitoring Controls described in the UK Governments Good Practice Guide 13 document.; ; BAU Ops team monitor the UKPSC 24 x 7 x 52 using SolarWinds and System Centre Operations Manager (SCOM).
• Incident management type: Supplier-defined controls
• Incident management approach: During on-boarding stage, tenants are introduced to Unisys IM process that details how incidents are logged with the service desk, how to allocate priority and how incident flow takes place from being received by the appropriate resolver-groups until it is resolved.; ; The Incident severity levels are defined by the incident characteristic that are defined in the service description, which also details the process flow between Incidents and Problem record and how Incident and Problem Management tracking and reporting is performed.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • Police National Network (PNN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Our plan over the contract duration includes: (1) Using resources in an environmentally responsible manner. We will continue to invest to minimise energy usage across our buildings, the largest contributor to our UK carbon footprint. Our flexible working policy reduces both our real estate footprint and associated corporate travel. We increasingly source energy from renewable sources, and this now accounts for 30% of purchased electricity (2) Working with sustainable partners in the supply chain. We assess key partners in our supply chain using several measures including independent sustainability ratings from EcoVadis. We seek to grow relationships with suppliers with formal ESG policies and those who are building out their ESG programs. (3) Fostering environmental responsibility among our employees (4) Reducing or eliminating the use of hazardous substances (5) Sustaining effective product recycling and reclamation programs, and (6) Continual improvement of our environmental performance. We set a 20-year target in 2006 to reduce our Scope 1 and Scope 2 Greenhouse Gas (GHG) emissions by 75%, and achieved that goal in 2021, 5 years ahead of schedule. Current objectives are to reach net zero GHG emissions for Scope 1 and Scope 2 sources by 2030 and to explore viable options to address residual, harder to abate Scope 1 and Scope 2 emissions. These include potential technological developments or tools such as renewable energy credits to address Scope 2 emissions and carbon credits to support climate mitigation activities beyond our value.

  Covid-19 recovery

  Unisys is an equal opportunities employer, focused on building a diverse workforce that represents the communities we live in and serve. Our flexible working policy supports the COVID-19 recovery effort, enabling effective social distancing, and supporting remote working. We support and have equitable processes for retraining and career development. Our Employee Development Plan features annual goal and performance reviews, training, and career development to give employees opportunities to achieve personal and professional goals. All Unisys associates have access to the Unisys University, which has over 50,000 training artefacts covering technical and soft skills development. Technology courses include in-demand areas such as cloud-based technologies and cybersecurity. We also care about supporting the physical and emotional wellbeing of our employees and provide a highly flexible benefits package with a wide range of leisure, lifestyle and wellbeing benefits for employees and their families. Awareness of these benefits are promoted by assigned wellness officers, who encourage employees to use the resources available. The wellness team also set regular challenges to promote fitness and the benefit of connecting with the environment.

  Tackling economic inequality

  Our flexible working policy supports the creation of employment opportunities particularly for those who face barriers to employment and/or who are located in deprived areas. Our ability to offer home-based roles opens up job opportunities to suitable candidates in all locations, and not just those in commuting distance of a Unisys office. The cloud and security services in scope of this contract cover in demand and high growth technologies. Throughout the duration of this contract, Unisys associates will gain practical experience and highly desirable and transferable skills in the design and delivery of services these high-demand and high growth sectors. This will enhance their opportunity for career development and advancement within or outside Unisys. Career and skills development is supported by an Employee Development Plan features annual goal and performance reviews, training, and career development to give employees opportunities to achieve their personal and professional goals. All Unisys associates have access to the Unisys University, which has over 50,000 training artefacts covering technical and soft skills development. Technology courses include in-demand areas such as cloud-based technologies and cybersecurity. We also have alliances with (but not limited to) Google; Apple; Oracle; Cisco; Dell; EMC; Intel; Motorola; Micro Focus; Red Hat; Symantec and VMware and have access to alliance training and certification programs to further expand the range of career development opportunities for our staff.

  Equal opportunity

  Unisys is focused on building a diverse workforce that represents the communities we live in and serve. Our objectives are to have a workforce that represents the populations we serve and to have equitable processes in place to support the recruitment, renumeration, advancement and retention of all associates. Throughout the contract Unisys will make measurable progress across all career levels to align our workforce representation with market expectations and beyond for Women and people from underrepresented groups (ethnicity/race, LGBTQIA+, people with disabilities and Veterans). An example is our annual pay equity review. Results are monitored and any issues addressed. Reported data for the 2023/24 UK gender pay gap report shows that the gap is minimal, with women earning 98p for every £1 that men earn when comparing median hourly pay. In terms of development, the skills required to deliver the cloud and security services in scope of this contract are in high-growth sectors. Throughout the duration of this contract, Unisys associates will gain practical experience and highly desirable and transferable skills in the design and delivery of services these high-demand and high growth sectors. This will enhance their opportunity for career development and advancement within or outside Unisys. Career and skills development is inclusive and supported by an Employee Development Plan. All Unisys associates have access to the Unisys University, which has over 50,000 training artefacts covering technical and soft skills development. We are committed to respecting and preserving basic human rights. Our zero-tolerance policy to any form of slavery or forced labour extends to our supply chain. We require our partners to sign and abide by the Unisys Business Partner Code of Conduct, which mandates that they comply with all applicable laws, rules, and regulations in every location where we conduct business together.

  Wellbeing

  We care about supporting the physical and emotional wellbeing of our employees and provide a highly flexible benefits package with a wide range of leisure, lifestyle, protection and wellbeing benefits for employees and their families. Details of the benefits are published on the intranet. A helpdesk is also provided to answer any questions. The package of benefits is designed to support the physical, emotional and financial wellbeing of our associates. As everyone is different, the benefits options are flexible, to enable associates to choose the best options to help achieve the perfect work-life balance. Benefits cover: (1) Leisure: Annual Gym Membership (2) Lifestyle: with childcare vouchers, holiday trading and cycle to work protection (3) Financial: with Life Assurance, Critical Illness Insurance and Group Income Protection and (4) Wellbeing: with Travel Insurance, Dental Insurance, Healthcare Plan and annual Healthcare Screen. Awareness of these benefits are promoted by local wellness officers, who encourage employees to use the resources available. These wellness teams also set regular challenges to promote fitness and the benefit of connecting with the environment. Recent examples include the annual UK Charity Hike. The 2022 event, a 27km hike in the Chiltern Hills, raised over £5,000 for mental health charity Mind UK. The 2023 25km hike in the Peak District raised £2,700 for Cancer Research UK, Mental Health Foundation and the Alzheimer’s Society. To support mental wellbeing, the Mindfulness program has daily live and recorded meditation sessions to help reduce stress and increase productivity through meditation. In addition the online Unisys University contains a number of free training courses, available to all associates, including Working Well with Others; Optimising your Workplace Wellbeing; Making the Most of Organisational Change, Forging Relationships with External Stakeholders and Difficult People: Why They Act That Way and How to Deal with Them.

Pricing

• Price: £1,532 to £2,117 a user a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at cloudstore@unisys.com. Tell them what format you need. It will help if you say what assistive technology you use.