Fujitsu Services Limited

Fujitsu Cloud Remote POST Services

Fujitsu will provide a highly resilient Remote POST Service platform for ITSO Part 11 services, certified to UK Department for Transport ITSO standards (v2.1.4). The service enables public/private transport authorities and device/application suppliers to introduce the purchase, collection and activation of ITSO-based tickets into their smart ticketing schemes easily.

Features

• Supports all ITSO smart media (CMD) and ticket types (TYP/PTYP).
• Provides a Fulfilment API to smart ticketing Retail channel clients.
• Provides a Collection API to smart ticketing Retail channel clients.
• Provides a Pass Activation API permitting ticket activation before travel.
• Provides centralised ITSO ISAM management/control via Fujitsu Cloud HOPS.
• Supports card and product hot-list and action-list management.
• Supports non-disruptive software upgrades to avoid loss of service.
• Enterprise-class infrastructure provides outstanding stability, resilience and 24/7 availability.
• Supports integration and pre-production environments for phased integration/scheme testing.
• Provides comprehensive Fulfilment, Collection and Pass Activation reports.

Benefits

• Integration to ITSO v2.1.4 accredited Part-11 service.
• Sample Client libraries and simple API facilitating rapid integration.
• Centralised ITSO product catalogue to allow for rapid service integration.
• Reduced cost through use of a highly scalable shared service.
• Removes complexity of managing ISAMs from the ITSO scheme operator.
• Removes scheme-specific POST2HOPS integration risk by using Fujitsu Cloud HOPS.
• Offers immediate direct fulfilment/collection of products/tickets to ITSO scheme operators.
• Offers indirect purchase/collection times of <10 minutes to scheme operators.
• Supported by UK Technical Support Teams operating 24×7.
• No service downtime during service upgrades.

£0.00 a unit

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at government.frameworks@fujitsu.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

122842207371951

Contact

Sam Skinner
07867829234
government.frameworks@fujitsu.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements: NFC-enabled device

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Automated Response Within 15 Minutes. Call resolution time governed by agreed service levels.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: The Cloud Remote POST support levels including:-; ; % Service Level Availability ranging from 95%; ; Service Desk availability is as follows: -; Mon - Saturday 07:00 - 17:00 and; Sunday 10:00-16:00
• Support available to third parties: No

Onboarding and offboarding

• Getting started: As part of the onboarding process, partners are provided with the following support:; i) A Java-based reference client that contains java documentation, sequence diagrams and reference client.; ii) Service configuration specification and implementation.; iii) Technical/integration test support is available (extra charge).
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Not applicable
• End-of-contract process: The partner/scheme is removed from the service configuration.; Any outstanding ITSO ticket fulfilment requests are removed from the system.

Using the service

• Web browser interface: No
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The service is accessed via an API. Customers are provided with a Java based Reference client that include sample client code to assist with integration to and use of the service. The same java reference client code can be used on both desktop and mobile platforms.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The service provides an API that permits clients to:; ; i) Request to Fulfil a new ITSO ticket to a smartcard.; ii) Request to Fulfil a top-up to an existing ITSO ticket on a smartcard.; Iii) Cancel an existing fulfilment request.; iv) Delete one or more ITSO tickets from a smartcard.; v) Read/Collect/Load an ITSO ticket/top-up onto a smartcard (both direct fulfilment request & action list).; vi) Download the active ITSO Product Catalogue of the products/tickets available for fulfilment by that specific client within the Remote POST Service.
• Accessibility standards: None or don’t know
• Description of accessibility: The service is accessed programmatically via a SOAP-based API. There is no user interface available to external users of the service.
• Accessibility testing: None, There is no user interface available to external users of the service.
• API: Yes
• What users can and can't do using the API: Users are onboarded to the service that provides three environments:; ; i) Integration - this enables generic product/offering partner integration with the service.; ; II) Pre-production - enables staging scheme integration for specific smart ticketing scheme with staging equipment/device.; ; iii) Production enables live integration for smart ticketing schemes.; Partners are provided with a Java client reference library that to assist with integration/use of the service API.; Technical/Engineering assistance is also available if required.; The scope of ITSO product changes available to specific partners/schemes is controlled via the service product catalogue deployed for that specific partner/smart ticketing scheme.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The scope of 'ITSO product changes' available to specific partners/schemes is controlled via the service product catalogue deployed for that specific partner/smart ticketing scheme.; ; Future changes to the service product catalogue can be accommodated via change control.

Scaling

• Independence of resources: The Fujitsu Cloud Remote POST Service is a virtual cloud service which can scale to meet customer demand. Capacity assessment as part of the service onboarding process and ongoing Fujitsu network monitoring ensures the Cloud Remote POST service capacity meets the agreed service capacity needed for the connected customer base.

Analytics

• Service usage metrics: Yes
• Metrics types: Provided as standard end of month service performance report.
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Not applicable
• Data export formats: Other
• Other data export formats: Not Applicable
• Data import formats: Other
• Other data import formats: Not Applicable

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: Not Applicable
• Data protection within supplier network: Other
• Other protection within supplier network: Not applicable

Availability and resilience

• Guaranteed availability: The Fujitsu Cloud Remote POST service is provided on a 99.5% service level availability measure on a rolling month-by-month basis with a service credit regime to compensate for poor performance.
• Approach to resilience: The Fujitsu Cloud Remote POST service has a secondary (DR) services to provide service resilience in the event of a system disaster.
• Outage reporting: Outages are reported to our service desk and engineers via dashboards and alerts which include email, Slack channel updates and text messages. ; The Fujitsu Service Desk will inform customers (by email and phone) directly in the event of an unplanned system outage.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: Customer do not have access to the service management interfaces.; User access to support channels is controlled via username and password.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Bureau Veritas
• ISO/IEC 27001 accreditation date: 06/01/2022
• What the ISO/IEC 27001 doesn’t cover: Anything that is not included within the scope of the ISO 27001 certification is not covered.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: NCC Group
• PCI DSS accreditation date: 03/11/2021
• What the PCI DSS doesn’t cover: Elements of the service that are not involved in the storage, processing or transmission of payment data are not covered by the PCI DSS certification.
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: ITSO v2.1.4 certification.

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO 27001; ISO 9001; ISO 14001

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Fujitsu operates its own change management process, reviewed and assessed at a monthly Change Advisory Board (CAB). Product and Change managers plan and track the new releases and changes over their lifecycle.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Fujitsu operates a continuous threat assessment process for its business from software security violation monitoring (using Nexus), network vulnerability scanner (using solar winds) and annual pen testing using external security agencies.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Fujitsu operations working closely with infrastructure monitoring and review identified security issues and weaknesses. These are graded against an agreed criticality scale and those items identified as critical are schedule for resolution and owned by head of department. For example identified software security vulnerabilities are automatically scanned, scored and addressed as part of the continuous improvement policies
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Management responsibilities and procedures are in place to ensure a quick, effective, and orderly response to information security incidents. ; Fujitsu has a hierarchical Information Security Organisation with a documented Incident Response and Forensic Investigation plan. ; Information security incidents and events are reported through appropriate and defined management channels. All employees, contractors and third-party users of information systems/services are required to note and report any observed or suspected weaknesses in systems/services.; ; Security Incidents are logged on a restricted access platform which generates notification to management team. All incidents are compiled and periodically trended, analysed for discussion at the monthly Security meeting.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Fujitsu operates a Dual Delivery approach to Social Value (SV). Our Responsible Business Programme, developed on the principles of the Public Sector (SV Act 2013) delivers our corporate employee and community programme. Running parallel to the corporate programme, we deliver bespoke client-facing SV programmes within each call off contract. Programmes are fully aligned to the requirements of PPN06/20. Using our co-creation process, we undertake both local and national initiatives, jointly developed with clients and partners, that ensure Economic, Social and Environmental benefit to communities.

  Covid-19 recovery

  Fujitsu operates a Dual Delivery approach to Social Value (SV). Our Responsible Business Programme, developed on the principles of the Public Sector (SV Act 2013) delivers our corporate employee and community programme. Running parallel to the corporate programme, we deliver bespoke client-facing SV programmes within each call off contract. Programmes are fully aligned to the requirements of PPN06/20. Using our co-creation process, we undertake both local and national initiatives, jointly developed with clients and partners, that ensure Economic, Social and Environmental benefit to communities.

  Tackling economic inequality

  Fujitsu operates a Dual Delivery approach to Social Value (SV). Our Responsible Business Programme, developed on the principles of the Public Sector (SV Act 2013) delivers our corporate employee and community programme. Running parallel to the corporate programme, we deliver bespoke client-facing SV programmes within each call off contract. Programmes are fully aligned to the requirements of PPN06/20. Using our co-creation process, we undertake both local and national initiatives, jointly developed with clients and partners, that ensure Economic, Social and Environmental benefit to communities.

  Equal opportunity

  Fujitsu operates a Dual Delivery approach to Social Value (SV). Our Responsible Business Programme, developed on the principles of the Public Sector (SV Act 2013) delivers our corporate employee and community programme. Running parallel to the corporate programme, we deliver bespoke client-facing SV programmes within each call off contract. Programmes are fully aligned to the requirements of PPN06/20. Using our co-creation process, we undertake both local and national initiatives, jointly developed with clients and partners, that ensure Economic, Social and Environmental benefit to communities.

  Wellbeing

  Fujitsu operates a Dual Delivery approach to Social Value (SV). Our Responsible Business Programme, developed on the principles of the Public Sector (SV Act 2013) delivers our corporate employee and community programme. Running parallel to the corporate programme, we deliver bespoke client-facing SV programmes within each call off contract. Programmes are fully aligned to the requirements of PPN06/20. Using our co-creation process, we undertake both local and national initiatives, jointly developed with clients and partners, that ensure Economic, Social and Environmental benefit to communities.

Pricing

• Price: £0.00 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at government.frameworks@fujitsu.com. Tell them what format you need. It will help if you say what assistive technology you use.