Equine Register Ltd

Equine, Livestock, Companion Animal Disease Control and Surveillance Service

An interoperable and integrated API service that allows organisations to digitally exchange data with each other, communicate with and provide animal (equine, livestock, companion animals) and location specific instructions to operators in the event of a bio- security issue or disease threat. Also supports quarantine controls.

Features

• Digital communication platform for the management of disease outbreaks.
• Disease surveillance and control
• Enables risk based targeted decisions
• Can be linked to government , enforcement and veterinary agencies
• Supports offline access
• System user access controls
• Accessible via any desktop or mobile device
• Desktop and App Service

Benefits

• Secure digital environment
• Real-time multi channel communication platform

£10,000 to £30,000 a licence a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at stephanie.palmer@equineregister.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

175917143131737

Contact

Stephanie Palmer
03330 100145
stephanie.palmer@equineregister.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Animal Traceability Service, Central Equine Database, Digital Stable
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements: Access to the internet

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Service support will be agreed with client. Typical support is Monday to Friday 9am to 5.30pm. Out of hours and weekend support can be provided at an additional cost.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: We comply with GDS standards and monitor accessibility concerns via the support centre. None raised to date.
• Onsite support: Yes, at extra cost
• Support levels: The cost for support in normal office hours is included in the license fee. Additional hours and onsite support can be provided at an additional cost. We provide a technical account manager for government contracts. Our standard service levels are as follows: Severity 1 - Loss of service 95% events responded to within 2 hours. Severity 2 - Partial loss of service or service impairment - 85% events responded to within 4 hours. Severity 3 - Potentially service affecting or non-service affecting non critical functionality - 75% events responded to within 8 hours between Mon-Fri 9-5pm.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our services are designed to be intuitive. User guides and online help are provided. Training can also be given at an additional cost.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data will be exported via CSV or SQL file/s.
• End-of-contract process: The time incurred to undertake the data extract and closure of the service would be charged on a time incurred basis subject to the G-Cloud 14 rate card.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There are no differences.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The service is accessed via a website
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: None at this time. We comply with GDS standards. We recognise the importance and are exploring avenues to assist us.
• API: Yes
• What users can and can't do using the API: These are not public facing API's. Changes to the API cannot be made without our agreement. Support will be provided via our technical team.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Look and feel of web pages and App. Enhancements to functionality could be considered. Any changes to the standard service would be at an additional cost.

Scaling

• Independence of resources: All clients are on their own separate infrastructure which scales independently.

Analytics

• Service usage metrics: Yes
• Metrics types: Metrics and format agreed with client on commencement of the contract.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: We would create an SQL or CSV file.
• Data export formats:
  • CSV
  • Other
• Other data export formats: SQL
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Service available 24/7, availability 995> We will notify client of any core-service non-availability within two hours of detection. If in any calendar month, core services availability is below 99% for circumstances within our reasonable control the client will receive a service credit on a pro-rata basis for the fees due in that month as follows; >95% @10%, 94.9- 90%@15%, >90% @25%
• Approach to resilience: This information is available upon request.
• Outage reporting: Email , SMS and phone alerts to dedicated users dependent upon severity of incident.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: User ID determines what accessibility and permissions a user has. These are determined by the business rules agreed with the client.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: AWS
• CSA STAR certification level: Level 2: CSA STAR Attestation
• What the CSA STAR doesn’t cover: Our cloud services provider us AWS. All of our data and services are hosted in AWS.
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • AWS holds ISO/IEC 27017 certification
  • AWS holds ISO/IEC 27018 certification
  • AWS holds ISO/IEC 27701 certification
  • AWS holds 22301 certification
  • AWS holds 200000-1 certification
  • AWS holds ISO 9001 certification

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We work within the standards of ISO 27001. We have dedicated DevOps engineers responsible for software and infrastructure security. We utilise AWS services. We are Cyber Essentials certified and penetration testing at least annually or on the frequency determined by the client.
• Information security policies and processes: We follow the policies defined in Cyber Essentials. The staff responsible for our security report up to the direct to who is ultimately responsible for governance. New employees are inducted in our security processes and regular reviews are undertaken and training is given to ensure compliance.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Changes are assessed for potential security impact as part of our Change Request Process. The testing cycle contains a set of security tasks.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Threats are assessed by the security team and critical patches are applied as soon as possible. We gain information about potential threats from a variety of industry sources and databases.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We identify potential compromises using a combination of system controls and processes. Tests are carried out by independent companies. When a potential compromise is identified a remediation plan is created and actioned and monitored. A resolution plan is created and actioned typically within hours of the compromise being identified. Resolution time varies according to the complexity of the compromise and monitored at the highest level within the company.
• Incident management type: Supplier-defined controls
• Incident management approach: We have a defined recovery process for every component of the service and perform root cause analysis for every incident that interrupts service. Clients and users can report incidents to the support helpdesk via phone or email. Incident reports and updates are provided to clients.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We recognise our need to help fight climate change. We have introduced hybrid working which significantly reduces the travel of our employees and has significantly reduced our use of electricity and heating in the office. The leased office premises operate a green energy policy and actively encourages the recycling of waste. We aim to use recycled products as much as we can in the office.

  Covid-19 recovery

  We recognise the impact and concerns of our workforce as a result of Covid. We have taken measures; ; • For those most vulnerable, we have identified those individuals and/or their family members who are at risk to allow them to change their place of work to home if they choose to do so; • To help physical and mental health of our employees, we have introduced hybrid working for all employees to allow them to work from home and only come to the office if required or if they wish to ; • To manage cross contamination, we have maintained the position of social distancing in the office and a policy of work from home if someone has signs of any illness; • We are constantly reviewing our policies to ensure that we are taking the most appropriate measures to protect our staff and the business.

  Tackling economic inequality

  We recognise that the digital technology sector is a high growth area. As a business we are experiencing significant rapid growth. Attracting and retaining the right staff is key for us. We also recognise the value of growing our own talent. As such this year we have introduced a pilot to help individual’s to re-skill in our sector and are actively talking with local education, community groups and the DIT on how we can do more.

  Equal opportunity

  We operate an equal opportunities policy and do not prejudice against disabled or minority groups. Our office working policy and work environment and our pilot to re-skill individuals supports our aim to offer equal opportunities to all.

  Wellbeing

  The physical and mental well-being of our staff is important to us. We have introduced this year a range of employee benefits paid for by the company that provides access to private medical health and other health services for both the employee and their families. This includes mental health support lines. ; We have also increased the minimum holiday entitlement, given every member of staff an additional day’s holiday for their birthday and introduced a flexible holiday policy to allow staff to add or reduce their holiday allocation to suit their personal needs.

Pricing

• Price: £10,000 to £30,000 a licence a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at stephanie.palmer@equineregister.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.