FORANSIC LTD

eVett - Vetting Management

eVett is a custom built vetting management database with asset tracking and supplier assurance management capabilities. The system assists vetting and security teams to process applications for clearances, manage assets, supplier assurance and the full workflow including approvals, feedback loops along with fully configurable and automated email notifications/follow ups

Features

• Vetting / Clearance Management
• Asset Tracking
• Supplier Assurance Management
• Aftercare / Annual Internal Security Check Management
• Automated Workflows - Form Approvals, Feedback To Applicant/Approvers etc
• Configurable Real Time Reporting
• Configurable Scheduled Emails
• Export / Import Records
• Full Audit Trail
• Activity Dashboard

Benefits

• Fully automated Workflow Management saving time and money, improving accuracy
• Configurable Notifications (emails) with scheduling and reminders - reduce chasing
• Configurable reporting capabilities
• Exporting / Importing Data Records
• Share data links / Export data to other business departments
• Scheduled Backups, Fully Maintenance & Supported

£10,000 an instance

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@foransic.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

112971484839906

Contact

Gavin Ford, Pasei Ansah
07788414363
info@foransic.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: The software can be used as a stand alone vetting/asset/supplier management service or can be integrated via an exposed API to integrate with existing business services
• Cloud deployment model: Community cloud
• Service constraints: The service includes quarterly maintenance updates which will require planned outages usually completed outside of office hours
• System requirements:
  • Access to the service is via any modern web browser
  • Remote Access for support and maintenance

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Different support levels are available up to:; - Questions acknowledged by automated systems within 1 hour; - Responses usually provided within 48hrs
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: As standard Foransic provides offsite support both by phone and email. ; An onsite support engineer can attend site 9-5 Monday to Friday at a negotiable daily rate
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Training can be carried out in person onsite or online
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: This is usually customised directly with the client.; All data can be extracted from different parts of the system by the client themselves or a single extraction can be arranged of all data. All data storage hardware can then be either explicitly overwritten or securely destroyed to ensure client data can no longer be accessed.
• End-of-contract process: This is usually arranged with the client to ensure any required services are included on a schedule that works for them.; Typically 3 calendar month's notice must be provided - with any outstanding service fees will be calculated on pro-rated basis.; At the end of the contract the client can export their data (or request it be provided via a secure file share or secure portable device) ready to use themselves as needed.; Data can then be overwritten and/or disks destroyed.; Additional optional services can be requested.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Standard users can access the service from their desktop, tablet or mobile. The interface automatically adapts to ensure the best experience based on the screen size. ; All functionality is available on all devices, however privileged users may find some administrative screens are best viewed on a larger desktop screen.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Users are able to configure various parts of the application including business information (name, locations etc) as well as asset types, notification content and more
• Accessibility standards: None or don’t know
• Description of accessibility: Foransic is currently working towards having eVett meet the WCAG 2.1 standard
• Accessibility testing: N/A - The interface has been tested directly with clients to meet their specifications
• API: No
• Customisation available: Yes
• Description of customisation: Many parts of the system are configurable to meet the specific working processes for each client. For each module in the system there are different configurable areas including (but not limited to): ; Vetting - available Clearance Types & Levels, Agencies, Form Fields etc; Notification - (email) recipients, content and reminder scheduling; ; Assets - Asset types, Form Fields; ; Within each of the modules the client can choose to include workflow management and configure workflow steps for approvals/signoff, feedback to users etc

Scaling

• Independence of resources: Resource usage is continually monitored by our cloud service and additional resources can be added to the system to support the demands of clients as needed.

Analytics

• Service usage metrics: Yes
• Metrics types: The reporting function of the system allows privileged users to obtain metrics on most parts of the system. This includes system access, end to end processing times etc
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Export functions are provided for each part of the system.; Users are able to selectively export any data, or request it be provided to them via secure file share or portable device.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • JSON
  • PDF
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We provide 99% availability.; If a service level were ever to not be met, we can discuss with the client on a case by case basis to determine the best course of action. A financial penalty can range from a partial fees reduction to termination of the contract.
• Approach to resilience: We offer the option of a dual (active-passive) stack.; In a single stack setup the system can be restored to the last backup in as little as 2 hrs (depending on data volumes)
• Outage reporting: The system provides an email alert to Foransic the moment the service is disrupted.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: The solution has two separate login pages.; Support users are able to login via a separate login page - where 2 factor authentication is mandated. Standard and Privileged users are only able to log in via the front end where 2FA is implemented based on the client's preference.; Access to backend functions are restricted to administrators only.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We are currently working towards ISO 27001 certification
• Information security policies and processes: We adapt our Information Security policy to match that of the client. This includes ensuring the secure storage, role based access and secure data destruction policies comply with whichever process the client requires.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All system files and code are stored and version controlled through Github,; Any requests to make changes are assessed by Foransic prior to implementation - any pertinent findings fed back to the client.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: The system includes a Web Application Firewall (WAF) which in addition to live protection, blocking connections and scheduled scans, continuously monitors for threats and outdated components. Immediate alerts & notifications are sent to Foransic when issues are identified
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The system includes a Web Application Firewall (WAF) which continuously provides live application protection, identifies and blocks connections, runs scheduled scans, monitors for threats and identifies updates available to components; ; If any alerts are received, issues are assessed and their severity categorised. Any urgent issues are addressed immediately, others are included in the next quarterly maintenance update
• Incident management type: Supplier-defined controls
• Incident management approach: Users can report any issues via either the inbuilt feedback tool (Usersnap), email or phone.; Once an issue has been assessed or resolved the client is provided with an incident report including details of the issue raised, root cause, resolution implemented, and any future actions to be carried out.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  The solution supports and makes use of services from small businesses and independent consultants. Foransic employs people from all communities including ethnic minorities

Pricing

• Price: £10,000 an instance
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@foransic.com. Tell them what format you need. It will help if you say what assistive technology you use.