EVIDEN TECHNOLOGY SERVICES LIMITED

National Emergency Hub

National Emergency Hub provides a hub and spoke, instantaneous, secure, and resilient incident record messaging service between the Computer Aided Dispatch (CAD) systems used by enrolled emergency services. It exploits the MAIT (Multi-Agency Incident Transfer) protocol a cloud service designed to securely route MAIT Standards compliant incident data between (CAD)

Features

• High Availability with hot standby Disaster Recovery fallback
• Scalable by volume of messages and number of connected entities
• Error handling built in for malformed or un-routable messages
• Uses British APCO approved XML schema validation- MAIT1c and MAIT1d
• Supports TCP/IP 1.2 and HTTPS SOAP connections
• Minimal set up via VPN client
• Hosted in the UK Azure cloud instances
• Comprehensive audit capability for fault finding investigations and evidence gathering
• Simple flat fee pricing structure / agreed volume –upgrade ease
• Supported by experienced Service Desk operating in line with ITIL

Benefits

• Life-saving allowing faster deployment of emergency services assets
• Efficient freeing up contact centre time to handle more calls
• Cost effective reduces ISP charges to a single Internet connection
• Easy interaction between emergency CADs
• Less prone to inaccurate information being pass between CAD’s

£2,500 a licence a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at NEAP-Presales@atos.net. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

218799006267672

Contact

Lisa Fitzgerald
+447815611447
NEAP-Presales@atos.net

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements: Ability to deploy small footprint VPN client into Users CAD

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Service support is available 8am-6pm 5 days a week and out of hours for Priority 1 incidents
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: No
• Support levels: 2nd/3rd line engineering support by telephone for priority 1 incidents 24/7/365; 2nd/3rd line engineering support for incidents 8am – 6pm Monday-Friday ; Application support 8am – 6pm Monday-Friday ; 156 support calls included per licence per year, additional calls charged in line with the G-Cloud SFIA rate card for the resources involved.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Engineering support is available to trial the service, set up testing and troubleshoot connectivity to prove the service prior to switching to production environment.
• Service documentation: Yes
• Documentation formats:
  • ODF
  • PDF
  • Other
• Other documentation formats: MS Word
• End-of-contract data extraction: Not necessary, the service does not store client data. Extraction of message logs could be arranged if required.
• End-of-contract process: The routing service stops, no additional charge

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: Yes
• Compatible operating systems: Windows
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Supports TCP/IP 1.2 and HTTPS SOAP connections for easy connectivity in accordance with MAIT specifications
• Accessibility standards: None or don’t know
• Description of accessibility: Users are not required to interface with this service, it is a system to system routing technology
• Accessibility testing: Users are not required to interface with this service, it is a system to system routing technology
• API: Yes
• What users can and can't do using the API: Users are not required to interface with this service, it is a system to system routing technology. API defined in MAIT specification.
• API documentation: Yes
• API documentation formats:
  • ODF
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: The service scales automatically in line with demand, it is a feature of the cloud-based architecture behind the service

Analytics

• Service usage metrics: Yes
• Metrics types: Number of messages routed and rejected in the reporting period; Number of incidents raised and their resolution status
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Other
• Other data at rest protection approach: Data does not “rest” in the system, it is received and routed to a destination and stored only momentarily for the purpose of format checking before being overwritten.
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Not relevant for this service
• Data export formats:
  • CSV
  • Other
• Other data export formats: MS Excel
• Data import formats:
  • CSV
  • Other

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: The application we provide to the client creates a VPN back to the MAIT hub in Azure, Atos also manage the hub in Azure via a VPN connection.
• Data protection within supplier network: Other
• Other protection within supplier network: No client data touches the Atos network

Availability and resilience

• Guaranteed availability: The solution is based upon Azure Cloud with resilience built into the solution. SLA’s on compute mirror that of Microsoft Azure
• Approach to resilience: Dual redundant systems with automatic failover – further details on request
• Outage reporting: If the router and its hot standby failed then receipts for messages sent would be generated and senders would hence be aware of the fault.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
• Access restrictions in management interfaces and support channels: N/A
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: EY CertifyPoint
• ISO/IEC 27001 accreditation date: 10/12/2021
• What the ISO/IEC 27001 doesn’t cover: Scope may be provided upon request.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Blackfoot UK Ltd
• PCI DSS accreditation date: 11/12/2021
• What the PCI DSS doesn’t cover: No non-covered scope. Scope may be provided upon request.
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
• Information security policies and processes: Group wide and local in country security policies as referenced from our Information Security Management System operated in accordance with and certified under ISO27001

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Atos operates a full ITIL compliant change process including configuration management, security management and release management.; All changes are assessed for potential security impact and tested with external penetration tests being commissioned for any material security impacting change for external validation.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Software is maintained within N-1 of latest versions using quarterly patch releases Majority of the service is based upon Cloud PaaS. Any IaaS compute will be patched as and when Operating system patches are released.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: All data in encrypted at rest, only approved compute can communicate between each other. Standard Azure monitoring and alerting is placed within the solution notifying our support team
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incidents whether system-generated or user reported are recorded by the first line service desk where they are triaged. P1 incidents get an immediate response, all other incidents are responded to next working day.; Incident reporting is covered under monthly service reporting

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Atos commits to net-zero carbon emissions by 2028, setting one of the highest decarbonization standards for its industry. Global climate change is something for which we are all responsible. Conscious of the role we can play, Atos initiated a pioneering and ambitious environmental program 12 years ago. We remain committed to working to manage the challenges which climate change brings, now and in the future. As stated in our “raison d’être”, the ambition of Atos is to enable its customers, employees and members of society to live, work and develop sustainably, in a safe and secure information space.” Atos, has now committed to achieve net-zero carbon emissions by 2028, a date which is 22 years ahead of the ambitious aim of the UN Paris Agreement on Climate Change to limit the global warming of the planet to 1.5°C compared to pre-industrial levels (net-zero by 2050). This decision expands Atos’ ambitions on decarbonization even further, positioning decarbonization as a core element of its growth strategy and the Company as the decarbonization leader in its industry. The Atos Environmental Program will support these new climate change-related targets and goals through a variety of initiatives: to achieve ISO 140001 certification at our major offices and datacenters, improve the average power usage efficiency of our datacenters, decrease energy intensity, reduce business travel impacts as well as offer sustainable fully carbon-compensated services and new solutions to help Atos clients in improving decarbonization practices Progress on achieving the targets is publicly available. Not only are Atos’s Group Management Committee and the Board of Directors regularly informed of the progress made towards these targets, but Atos also operates incentive schemes for top managers to work to achieve these carbon targets, including the set-up of an internal carbon pricing impacting business results.
• Equal opportunity:

  Equal opportunity

  The Company is committed to advancing Equality, Diversity & Inclusion as a key feature in all its activities and is fully committed to the elimination of unlawful and unfair discrimination. To this end, Atos has adopted an Equality, Diversity & Inclusion Policy. Atos proactively seeks to drive an inclusive culture which promotes diversity of thought. We have a number of diversity & inclusion initiatives as part of our strategy. The Company aims to provide a working environment and culture which recognises and values differences between employees and to build a culture that values openness, fairness, and transparency. This Policy will be implemented across the Company, in all policies and procedures. This will include, but is not limited to: conditions of service, benefits and facilities and pay, recruitment, training and development, promotions, performance management process including appraisal systems etc. We say that our strategy is built around 8 pillars: 1. Inclusive leadership (e.g. embed Diversity & Inclusion in all development and talent programmes focused on our future leaders), 2. Employee lifecycle (e.g. ensure hiring managers undertake Diversity & Inclusion training), 3. Diversity networks, 4. Role models & supporters, 5. Monitoring & analytics, 6. Inclusive policies & benefits (e.g. removal of non-essential gendered language), 7. Clients & suppliers (e.g. encourage client facing staff to regularly update clients on the Diversity & Inclusion activity happening within Atos) and 8. Community engagement. Our commitment to Diversity & Inclusion has led us to be recognised in several high-profile awards including; 1. UK Best Employer for Race – Business in the Community 2018. 2. Gold accredited for Armed Forces Covenant. 3. Times Top 50 Employer for Women 2020 and 2021. 4. Shortlisted for HRD award in Diversity & Inclusion at HRD Summit 2019. 5. Ranked #40 in the Stonewall UK Top 100 Employers list for 2020.

Pricing

• Price: £2,500 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at NEAP-Presales@atos.net. Tell them what format you need. It will help if you say what assistive technology you use.