Q-SOLUTION LIMITED

Secure Messaging as a Service

A Secure Messaging Service hosted within public cloud and built using AWS native cloud serverless technologies allowing for high autonomous scaling. Enables Public Sector bodies to exchange sensitive (up to OFFICIAL SENSITIVE) data securely across the Public Services Network (PSN), PSN Protected and Internet.

Features

• Secure Message based routing for SOAP, MQ, FTP/S, HTTP/S
• Internet and PSN connectivity options
• Security controls embedded into the design to the highest standards
• Content based message routing
• Message persistence and error Handling
• Online MI and alerting via Slack, email, SMS, GOV.UK notify
• Anti Malware for data at rest
• 99.95% availability
• Built to scale serverless architecture
• Assessed against Article 28 - GDPR Data Processor

Benefits

• Assured message delivery
• Implementing in-transit and at rest malware scanning
• Message persistence
• Data encryption based on AWS KMS (AES-256) secures your data
• 100% native cloud technologies ensuring the service is scalable
• Full messaging auditing available at the touch of a button
• Payment per message
• Removes burden of customer technical debt
• Internet connectivity option using mTLS certificate authentication
• Allows organisations to independently migrate from PSN to Internet

£0.01 to £0.08 a transaction

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@q-solution.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

177687253236221

Contact

Kevin Hoskins
07966 306058
contact@q-solution.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: The following are the current limitations of the service. We do however encourage customers to review these pages and the dashboard for changes made to the service as we aim to continually improve the capacity, availability and overall service provision.; ; Individual message sizes are limited to 6Mb; ; Message throughput is restricted to 1000 messages per second based on message sizes of 100k
• System requirements:
  • PSN Protected access for sending and receiving systems
  • Internet option requires messaging system support for mTLS certificate authentication

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 4 hours, Monday to Friday, 8am to 6pm excluding UK Public Holidays
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support hours for the service desk is between 8am and 6pm, Monday to Friday excluding UK Public Holidays. Protective Monitoring and System Monitoring however operates 24/7/365 and will generate alerts throughout this period in the event of any priority incidents occurring. Agreement on how these incidents outside of core hours are resolved will be agreed during the on-boarding process
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We have a detailed onboarding process that supports users and that can be provided upon request. The process details how users are provisioned onto the service and details the levels of support Q-Solution provides.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: This will be detailed in the On Boarding and Off boarding process documents provided to the customer and will align to the latest Data Protection Standards
• End-of-contract process: Details of any additional costs will be provided in the Off Boarding procedures. However, as a SaaS service, there would typically not be expected any additional costs for Off Boarding

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: User access to the service is through AWS Quicksight. Please refer to the latest AWS reference for Quicksight
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Supports RESTful and JSON. Core API functionality exists and Q-Solution will work with the customer in creating the customer specific API requirements and associated routing
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Customers are able to customise the API to suit their business needs with common service such as Protective Monitoring, System Monitoring, network connectivity in place.

Scaling

• Independence of resources: There are only limited areas of shared services e.g. ingress and egress proxies, with all other services serverless/independent. For these shared services, our design maximises the use of all AWS Availabilities Zones, Application Load Balancing and Auto Scaling Groups to ensure any increases or spikes in capacity have no detrimental impact on the services or customers. The service is monitored 24/7 with alerting to Q-Solution and customer service desks as required.

Analytics

• Service usage metrics: Yes
• Metrics types: Application Monitoring - Message per hour/day, messages to/from systems, max, min and avg message sizes, messages by type.; Service Levels - delivery times, system availability, incident response times, incident durations
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: We have a detailed Access Control Policy as well as Malware and Encryption policy, subjected to annual security review that details our approach to securing customers data at rest. These can be provided to the customer upon request
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data held on the Secure Messaging Service is considered OFFICIAL SENSITIVE. Q-Solution will support any requirements to export data as part of the On Boarding Process
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Service levels for availability during core hours are 99.9%. Outside of core hours, availability is 99.5%. Further details of SLAs and KPI's are provided during the On Boarding process
• Approach to resilience: The service is designed and built to be entirely cloud native and serverless. Detailed information on the design for resilience of the solution can be provided during the On Boarding process and subject to confidentiality provisions
• Outage reporting: Email alerts and a customer facing dashboard

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Username or password
• Access restrictions in management interfaces and support channels: Only support staff with SC clearance have access. Access is restricted to individuals accredited machines. Support staff required password and MFA. Account activity is protectively monitored and alerted. Staff have a single master account for logging in and 'Assume Role' into other accounts enable fine grain authentication and access on a 'needs to know' basis.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 17/04/2024
• What the ISO/IEC 27001 doesn’t cover: Please refer to the formal BSI Certificate of Registration and our Statement of Applicability available on request
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Annual Check Approved ITHC
  • PSN Protected Code Of Connection

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Our Security Working Group oversees the implementation, maintenance and improvement of our ISO27001:2022 Information Security Management System (ISMS). This ISMS encompasses numerous process, policies and procedures including Information Security Policy, Acceptable Usage Policy, Statement of Applicability (SOA), Risk Assessment, Secure Development Policy, MMAE Policy, Business Continuity Policy and Plan and Change and Configuration Management among many others.; Additionally we have an independent IT Health Check (ITHC) performed by a CHECK Team annually and are certified to Cyber Essentials Plus (CES+)

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All software and infrastructure components are built through Infrastructure as Code, stored within a secure and backed up repository. As well as peer reviews through PR's the CI/CD Pipeline implements a number of security detection techniques to prevent compromised code being deployed into the environments
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We have a separately documented vulnerability management process that can be shared with customers upon request covering areas such as Monitoring, Threat Detection, Security Alerting, Compliance, Audit Logging, SIEM, Patch Management and anti malware
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We have a separately documented Protective Monitoring process that can be shared with customers upon request covering areas such as Monitoring, Threat Detection, Security Alerting, Compliance, Audit Logging and SIEM
• Incident management type: Supplier-defined controls
• Incident management approach: We have a comprehensive documented approach to both Incident and Problem Management. This information, in the form of PDF can be provided to customers on request

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Public Services Network (PSN)

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  The infrastructure supporting this service uses a serverless architecture in public cloud with autoscaling. Compute resources such as processor, memory and storage are minimised by automatically scaling down at times of low usage. Hosting the solution in public cloud results in efficiencies as infrastructure is shared across all of the cloud providers customers in that region.; ; This approach leads to a reduction in power usage and cooling requirements compared with a traditional infrastructure using either physical machines at a data centre, or virtual machines at a cloud provider.; ; The service also benefits from the progressive environmental sustainability program of the public cloud provider hosting the service, resulting in a positive impact on climate change.

Pricing

• Price: £0.01 to £0.08 a transaction
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@q-solution.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.