CenturyLink Communications UK Limited

Lumen Public Protection Unit Database (PPUD)

The Public Protection Unit Database (PPUD) is an accredited Casework Management System for the management of Offenders and related Probation, Parole and Mental Health processes. Includes a full Document and Dossier management system and complex workflow processes. The license for this software is owned by the Ministry of Justice (MOJ).

Features

  • Document Management
  • Workflow Management
  • Casework Management
  • Dossier Management
  • Customer Relationship Management

Benefits

  • Work across departmental boundaries
  • Collaborate on documents
  • Share information between organisations
  • Share information with external users
  • Monitor and improve service delivery
  • Report and track information

Pricing

£855 to £2,321 a unit a day

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ashley.manning@Lumen.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

2 5 8 6 7 5 6 4 5 2 1 2 6 1 7

Contact

CenturyLink Communications UK Limited ashley.manning@Lumen.com
Telephone: 07827881863
Email: ashley.manning@Lumen.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
This service offering is purely to provide the hosting and support for an instance of PPUD. Licensing will need to be managed separately with the software owner.
System requirements
  • The system runs on Microsoft Windows Server
  • Internet Information Services (IIS) version 6.0 or above.
  • .NET Framework version 4.5
  • ASP.NET
  • SQL Server 2008 or above.

User support

Email or online ticketing support
Email or online ticketing
Support response times
We aim to respond to support tickets on the same or next day unless urgent in which case a 2 hour response time is applied.
This does not include weekends.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Onsite support
Support levels
Default option for contracts:
Professional Level Support: -
• Access to forums, documentation, white papers, best practice guides (24/7).
• Unlimited break/fix (24/7).
• Tier 1 Support (24/7) via Ticketing.
• Tier 2 Support via Ticketing System (24/7) triaged by a pool of shared engineers.
• Response time to tickets: Less than 60 minutes by a pool of shared engineers.
• Chat support (24/7) / phone support (24/7).
• Price graduated, based on monthly spend.
Enterprise Level Support: -
• Access to forums, documentation, white papers, best practice guides (24/7).
• Unlimited break/fix (24/7).
• Tier 1 Support (24/7) via Ticketing.
• Tier 2 Support via Ticketing System (24/7) triaged by a designated engineer (if on shift), or a pool of shared engineers.
• Response Time to tickets: Less than 30 minutes by a designated engineer (if on shift), or a pool of shared engineers.
• Chat support (24/7) / phone support (24/7).
• Price graduated based on spend, plus price per designated support shift.
Support is included with all pricing options.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
This process will be managed by Lumen in cooperation with the client's team to enable the migration of existing documents and mapping of processes into the new workflow model. Lumen will provide user documentation and can also provide cascade training support.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Lumen can export SQL Server backups at no additional cost.
End-of-contract process
Lumen will export data in an agreed and supported format. Migration to a new system is not provided under this contract. Additional consultancy to help understand that model is at additional cost.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Firefox
  • Chrome
Application to install
No
Designed for use on mobile devices
No
Service interface
No
User support accessibility
None or don’t know
API
No
Customisation available
Yes
Description of customisation
Workflows are customisable, all standard lists of values can be adjusted and online help is user editable.
This is only available to high level admin users.

Scaling

Independence of resources
Performance levels depend on the hosting plan chosen for the service. Typical hosting solution is on dedicated cloud infrastructure which mitigates the risk of system performance degradation from other sources.

Analytics

Service usage metrics
No

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
The system supports and includes a variety of reports that users can run to extract data. However, a user cannot perform a full system data export, this function can be performed via Lumen support team.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Service Level Agreements are subject to the hosting plan.
Approach to resilience
Resilience depends on the hosting plan chosen for the service. Lumen offers several cloud hosting options under G-Cloud 11 supporting resilience options including load balancing and fail over within the same or between multiple UK data centres.
Outage reporting
Resilience depends on the hosting plan chosen for the service. Lumen offers several cloud hosting options under G-Cloud 11 supporting resilience options including load balancing and fail over within the same or between multiple UK data centres.

Identity and authentication

User authentication needed
Yes
User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
When new PPUD users are created, they are assigned a permission level and a team. This permission level includes the level of management access the user has. Managers/administrators cannot create or promote users to a higher permission level than their own. External users accessing data via the Web Access Module (WAM) can only log onto the system if they have been granted WAM access by a PPUD administrator. These WAM users have restricted access to cases that they have been "associated to" by a caseworker using PPUD. This WAM access can be amended at any time by the PPUD administrator.
Access restriction testing frequency
At least every 6 months
Management access authentication
Dedicated link (for example VPN)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Schellman (formerly BrightLine)
ISO/IEC 27001 accreditation date
30/06/2017
What the ISO/IEC 27001 doesn’t cover
ISO27001:2013 does not cover customer servers or Lumen services, however, these services heavily rely on the data centre security which is covered by ISO27001:2013.
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
29/06/2015
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
N/A
PCI certification
Yes
Who accredited the PCI DSS certification
Schellman
PCI DSS accreditation date
25/10/2017
What the PCI DSS doesn’t cover
Specific customer environments – The certification is of Lumen as a service provider. The ROS and AOC are available on request.
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
  • PSN Supplier Certified
  • PSN Customer Certified

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Lumen have a set of commercial policies and procedures, making up the ISMS, which underpin the majority of Information Security. In addition, where there is an identified mismatch to HMG requirements, there is a dedicated 'HMG Specific' policy in the UK. These were designed in line with NCSC guidance and good practice.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Change and Configuration Management is carried out in line with ITIL Best Practices.
Configuration Items are tracked from build to disposal. Changes to CIs are captured by network/server automation tools, or, where not possible, via manual updates after implemented Changes. There is a dedicated HMG Change Manager, Change Management Process and IT Service Management tool set. All changes must follow the Change process and have an associated Change record. Apart from preapproved (Standard) Changes, all other Changes are reviewed in the weekly Change Board.
Software is developed with a security-first mindset and tested for security during development, testing and deployment.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Change and Configuration Management is carried out in line with ITIL Best Practices.
Configuration Items are tracked from build to disposal. Changes to CIs are captured by network/server automation tools, or, where not possible, via manual updates after implemented Changes. There is a dedicated HMG Change Manager, Change Management Process and IT Service Management tool set. All changes must follow the Change process and have an associated Change record. Apart from preapproved (Standard) Changes, all other Changes are reviewed in the weekly Change Board.
Software is developed with a security-first mindset and tested for security during development, testing and deployment.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Lumen abide by their Information Security Framework which is designed to protect Lumen information assets from threats, whether internal or external, deliberate or accidental.
Lumen review threats/risks annually and respond to incidents immediately, post event Lumen recovery steps include follow up actions that protect the compromised system/data from future similar attacks.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Lumen abide by their Information Security Framework which is designed to protect Lumen information assets from threats, whether internal or external, deliberate or accidental.
Lumen review threats/risks annually and respond to incidents immediately, post event Lumen recovery steps include follow up actions that protect the compromised system/data from future similar attacks.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Yes
Connected networks
Public Services Network (PSN)

Social Value

Fighting climate change

Fighting climate change

Lumen makes environmental management and responsibility a priority and complies with environmental laws, regulations and ordinances through proactive programs that benefit the company, employees, customers and shareholders. The Environment Health and Safety team assesses and reviews current operational procedures, monitors regulations, and collaborates with internal groups and interested parties to develop practices and procedures that support compliance with applicable laws and regulations. Beyond that. Lumen’s business practices seek to promote a sustainable approach, whether it is through our procurement processes, our commitment to renewable energy supplies or our work to support our customers sustainability targets.

Lumen understands the importance of environmental responsibility and actively reviews operational impact on the environment and takes steps to reduce its environmental footprint. Lumen’s environmental impact is not only important for the protection of the planet, but also vital for the well-being of employees. Sustainability Employee Engagement is a proactive way for employees to make suggestions and help identify ways that Lumen can further protect the planet and employee well-being.

Lumen’s Environmental, Social and Governance (ESG) Report provides a snapshot of how Lumen supports environmental sustainability, promotes social well-being of its people and customers, and follows best practices. Read Lumen’s ESG report, available on request or from the Lumen website, to discover the company’s environment and sustainability efforts to continue in our purpose of furthering human progress through technology.

Lumen has its business processes and methodologies independently certified, Environmentally to ISO14001, Energy Usage to ISO5001 and the Carbon Disclosure Project (CDP) rating was A-.

Pricing

Price
£855 to £2,321 a unit a day
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ashley.manning@Lumen.com. Tell them what format you need. It will help if you say what assistive technology you use.