Meritec Low Code Digital Platform - ESB
Rapid process, case management and application design tool with a powerful business rules engine for agile application deployment and process automation to improve service delivery and offer cost reductions. Designed for self-sustainability, it’s robust, flexible and highly scalable. Automate services of any size and scale including integrations to key systems.
Features
- Enterprise digital platform to design business critical technical applications
- Agile system development and deployment using powerful rules based engine
- Workflow engine to automate business decisions, tasks and process flows
- Ready built applications and customisable technical applications
- Spatial referencing support and mapping provider support
- Rapid application development environment within a low code digital platform
- Electronic document store and search functionality on any process
- Integrate systems via integration hub to synchronise data across organisation
- Custom dashboards show key business intelligence information
- Active Directory Integration via LDAP, ADFA or Azure AD
Benefits
- Efficient workflow engine allows for system consolidation and cost reduction
- GPS and AddressBase Premium integrations available
- Data and applications stored in Tier3+ UK Data Centres
- Multiple system consolidation through integrations further boosts workflow optimisation
- Graphical interface for enhanced usability enables rapid application development
- Easily map customer journey digitally to deliver enhanced service performance
- Intuitive Low-Code development environment requires minimal training for process design
- Flexible scalability and agile scalability prepares teams for organisational change
- Range of query reporting tools provides clear business intelligence
- Off line working capability and full mobile working capability
Pricing
£29,800 an instance a year
- Education pricing available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
1 8 0 1 5 1 0 5 7 6 2 8 1 8 1
Contact
Meritec Limited
Adam Wilkinson
Telephone: 01756 699204
Email: adam.wilkinson@meritec.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
- Meritec will perform non-essential updates on a defined schedule, normally outside of standard working hours. Customers will be given at least 2 weeks’ notice where possible of scheduled maintenance tasks. Essential updates, e.g. security patches, would be installed at the first available opportunity, to be agreed with the customer.
- System requirements
- No specific requirements
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Support response times:
Priority level/ Response Time - 1) 30 minutes 2) 1 hour 3) 4 hours 4) 1 day. By agreement for weekends and bank holidays. - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
• Standard support level per SLA included in service cost
• Alternative levels of support by agreement
• A service manager is part of our standard service - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Online
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- A wide variety of formats and platforms are supported for secure export. Meritec can provide a "data out" policy if required.
- End-of-contract process
-
• All client data returned to client
• All client access deactivated
• Relevant secure processes fully applied
• Above at standard cost
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- None
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
- Our service interface exposes SOAP & XML web services. The Integration Hub interfaces with any common API platform.
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- We have performed interface testing with client users adopting a combination of CMS features, expert template design and external tools including the inbuilt accessibility checker within TinyMCE.
- API
- Yes
- What users can and can't do using the API
- Core functions through web services. User authentication. Document upload. Key metrics retrieval. Service requests cannot be configured directly through the API but can be called via the API once configured on the platform. Changes can be made through the API via web-service calls. Configured service requests can be called via the API but not setup via it.
- API documentation
- Yes
- API documentation formats
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
• All aspects of the system are open to various levels of customisation such as branding, functionality, user permissions and integrations.
• Customers can use configuration tools
• System Admin are granted access to configuration tools, and if they so wish these can be granted to other selected or all other users.
Scaling
- Independence of resources
- Meritec SAAS service is supplied on the basis of guaranteed resources. This translates into a solution that is guaranteed to scale when you need it to, rather than when there's resource available to.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
• System availability
• Response times
• Unscheduled outages
• Incident response times
• Incident resolution times - Reporting types
- Regular reports
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Supplier-defined controls
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- A wide variety of formats and platforms are supported for secure data export
- Data export formats
-
- CSV
- Other
- Other data export formats
- Data import formats
-
- CSV
- Other
- Other data import formats
- XML
Data-in-transit protection
- Data protection between buyer and supplier networks
- Private network or public sector network
- Data protection within supplier network
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
-
• Service Availability 99.9% (uptime) per month
• Service Availability Window 7*24 hours (all days) – 24 hours a day
• Response time for accessing screens - Should be within 3 seconds (at a minimum) 99% of the time
• Response time for searches Response time for basic system searches for information and return of results system should be within 5 seconds 97% of the time
Meritec will work with each of our customers on an individual basis to determine if a recompense model is required to meet the needs of the specific council or public department/ organisation.
We strive to exceed, wherever possible, our SLA targets for service levels. In the unlikely event of failure to meet our SLA targets we would invoke the agreed process which would award an appropriate level of service credits by way of compensation. - Approach to resilience
- Available on request
- Outage reporting
- Email alerts
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
- Access is restricted via rights and roles permission settings within the relevant area and channel. Often times these are linked to a Directory services such as MS AD.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
- Other
- Description of management access authentication
- Our service is role based. Administrator access can only be assigned by another administrator. Access is via username and strong/secure password.
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- QMS International Limited
- ISO/IEC 27001 accreditation date
- 4/11/2019
- What the ISO/IEC 27001 doesn’t cover
- There are no exclusions in Meritec ISMS Statement of Applicability (Annex A) ISO 27001:2013 covers all aspects of Information Technology Security.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
- Cyber Essentials
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
• Meritec rigorously applies its comprehensive Information Security Management System (ISMS) – copy available on request.
• Reporting structure is ISMS Manager to Technical Services Director to Director of Service Delivery.
• Policies are applied by staff with continuous monitoring
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
Meritec Change Management process adheres to ITIL guidelines. Any Change in Meritec IT environment is processed through Change Control system. A change is logged on the system with following information:
Change Description including the asset number of affected equipment; When Changed; Change Duration; Risk analysis; Regression plan; Security Implications; Change Technician. Details of change are emailed to all Stakeholders. Change is approved or rejected by CAB or its nominee. Technician updates the change stating if change was successful or not. All Meritec IT equipment is recorded on the Asset Register and any change is reflected in the Asset Register. - Vulnerability management type
- Undisclosed
- Vulnerability management approach
-
Meritec:
• monitors information systems to detect attacks and/or signs of potential attacks, including unauthorised network local or remote connections.
• deploys monitoring devices strategically within information technology environment to collect information security events and associated information.
• protects information obtained from intrusion-monitoring tools from unauthorised access, modification, and deletion.
• monitors inbound and outbound communications traffic to/ from the information system for unusual or unauthorised activities or conditions.
• heightens the level of information system monitoring activity whenever there is an indication of increased risk to Meritec operations, individuals and assets. - Protective monitoring type
- Undisclosed
- Protective monitoring approach
- Our Protective Monitoring processes comprise a set of control alerts and reports that provide feedback to those with responsibility for monitoring and addressing compromises. This includes such information security control activities as inspecting firewall logs, investigating operating system security alerts and monitoring Intrusion Detection Systems (IDS). Our Protective Monitoring also includes putting in place mechanisms for collecting ICT log information and configuring ICT logs in order to provide an audit trail of security relevant events of interest. Compromises and incidents are immediately logged, analysed and rectified.
- Incident management type
- Undisclosed
- Incident management approach
- The Meritec ITIL compliant support desk called ServicePoint is responsible for receiving requests and notifications regarding user help and support. Incidents are allocated unique identification and calls are monitored and if necessary escalated as appropriate. The output report(s) provided by ServicePoint provide part of the preparations that the Service manager will use at the next Service Management meeting. Given due authorisation levels it is possible for cllient staff/management to access the calls database and enquire directly regarding status, progress, etc.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
- Public Services Network (PSN)
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Wellbeing
Fighting climate change
Meritec are committed to addressing the climate crisis and as such have put a number of measures in place to address this as a business. For example, we only buy power for our offices from 100% renewable sources, we open our offices less frequently and encourage remote working and have developed our own internal Sustainable Futures e-awareness course that all employees are mandated to take annually.Wellbeing
Meritec take the wellbeing of our valued employees, partners, and customers extremely seriously. We pride ourselves on being a caring employer and enjoy very low staff turnover. We regularly arrange social events including activities to raise money for charities and other worthy causes. We have developed our very own Mental Wellbeing E-Awareness course in conjunction with David Beeney (Breaking the Silence) that all our staff are required to take at least annually and can access throughout the year. We have a number of staff incentives aimed at wellbeing including PerkBox and regular social events.
We currently have an e-awareness course named ‘Focus On – Equality and Diversity’ and are very fortunate to have a diverse workforce that enjoy working in a caring environment. In the past the whole company committed to the “March for Mental Health” initiative whereby all employees were encouraged to get out and walk as much as possible and log their steps & images of their walks on social media – this was a great initiative that had great engagement across the company whilst also raising £1,170 for the ‘Darby Rimmer Foundation’ and ‘State of Mind.’
Meritec would be delighted to offer a discount on our Mental Wellbeing E-awareness Course for any customers taking this G-Cloud service.
Pricing
- Price
- £29,800 an instance a year
- Discount for educational organisations
- Yes
- Free trial available
- No