Intelogy Limited

COLIN ® as a Service (Press Office collaboration software)

COLIN® is an AI-infused secure online collaboration tool specifically designed for use by UK Government Press Offices. It benefits press officers by providing accurate up to date information to external requests from media outlets; an audit trail of conversations with journalists; and increases efficiency amongst the Media team.

Features

• Real-time data collaboration of press office data
• Tagging and advanced searching of press office records
• Integrated AI: draft Q&As, releases, lines, responses and more
• Auto-compilation of daily forecast records
• Contacts library of journalists for regular interactions.
• Virus scanning of uploaded assets
• Advanced Media Office task management
• Azure AD integration
• Integration with Roxhill Media contact management software possible

Benefits

• Rapid secure storage and retrieval of interactions with journalists.
• Centralised management of call logs, interview bids, forecasts and more.
• Advanced collaboration and drafting features.
• Workflow management for press officers providing accurate and consistent lines.
• Simple user interface - no training required.
• Mobile device optimised.
• Evergreen design - multiple free updates throughout contract.
• Used by majority of UK central government media offices.

£10 to £93 a licence a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrew.tomlins@intelogy.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

266363105065687

Contact

Andrew Tomlins
02037473506
andrew.tomlins@intelogy.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Being a cloud service, the system relies on access to the internet. All modern browsers are supported . ; ; For multi-factor authentication, access to a mobile phone, office phone or the Microsoft Authenticator app is required.
• System requirements:
  • Each user must have purchase a separate COLIN license.
  • Each user must have a modern web browser.
  • Each user must have access to the internet.
  • User needs a secondary form of authentication (mobile, phone, app).

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our help desk operates on UK Office hours only. Our response times are based on the following priority levels (as defined by the ticket raiser):; P1 – (Urgent) - 2 hours response; ; P2 – (High) - 4 hours response; ; P3 – (Normal) - 10 hours response; ; P4 – (Low) - 10 hours response times.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: We provide UK Office Hours support as per below:; P1 – (Urgent) - 2 hours response; ; P2 – (High) - 4 hours response; ; P3 – (Normal) - 10 hours response; ; P4 – (Low) - 10 hours response times. ; ; We provide a technical account manager and a cloud support engineer as part of the response team.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: - on site workshop / demo (free if within the M25, otherwise travel expenses charged) OR up to 2 x remote webinar sessions to on board users. ; - "Quick start guide" for new users.; - early access to a free demo site for user familiarisation
• Service documentation: No
• End-of-contract data extraction: All data is stored in a SQL database and a backup can be provided OR a CSV files with associated attachments can also be provided.
• End-of-contract process: At the end of the contract, the customer is offered an extract of the stored data (in SQL format) and then the instance of the system will be deleted from the hosting platform. There is no cost for this service.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Rich text editing of items such as forecasts is not possible via the mobile client.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: There is customisation of default templates for various types of records throughout the system. ; There is customisation of the portal homepages.; Buyers can configure the use of various types of records as required.

Scaling

• Independence of resources: The system is designed so that all types of scaling are possible. Other instances of the system are stored on different Azure VM servers and therefore other clients should not affect the specific organisation contracted to use COLIN. If more resources are required then higher performance ratings can be applied to the service. The application has been designed so that that throttling of requests is controlled so that one user's request does not block another user's processes.

Analytics

• Service usage metrics: Yes
• Metrics types: A monthly or weekly report of data is provided to the system owners.
• Reporting types: Regular reports

Resellers

• Supplier type: Reseller (no extras)
• Organisation whose services are being resold: Press Office Solutions Limited

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: At the end of the contract, the customer is offered an extract of the stored data in SQL format or CSV
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XML
  • SQL

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We mirror Microsoft Azure's availability guarantee and will directly pass on any refunds provided by Microsoft if service levels fall below their publicly stated levels (99.9%).; https://azure.microsoft.com/en-gb/support/legal/sla/summary/
• Approach to resilience: The Microsoft Azure platform provides a 14 day restore to point in time. ; Further information is available on request.
• Outage reporting: The following is available to us:; - a public dashboard https://azure.microsoft.com/en-gb/status/; - an API; - email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Management interfaces are limited to select users only (defined as "Senior Managers" and Intelogy support staff). ; ; Support channels are limited to the same subset of people.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Less than 1 month

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 07/02/2017
• CSA STAR certification level: Level 2: CSA STAR Attestation
• What the CSA STAR doesn’t cover: The certification covers the underlying Azure platform but not the application.
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We hold Cyber Essentials Plus certification as an organisation.; We are working towards ISO27001 standard, therefore all our security governance procedures are aligned to that. We set up all our systems on a least trust basis so only people who need access are provided it and only to the level required. Only a small subset of staff have admin access. Our support staff have undergone background checks by a third party (DBS).
• Information security policies and processes: We are working towards ISO27001 accreditation so we adopt the "Plan-Do-Check-Act" (PDCA) model, which is applied to all Information Security Management Systems (ISMS).; ; We have a set of policies defined at a Board level and all staff are contracted to follow them. They are available via our internal ISMS and any breeches of policies should be reported to our Operations Director who will decide on the course of action. Our policies are reviewed and adapted annually. All changes are highlighted to staff via internal meetings.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes are applied via standard processes. i.e. ; ; A set of potential changes are assessed for inclusion in a point release of a new version. Assessment of risk, value to the end users, technical feasibility and complexity are taken into account and changes batched into priorities as a result. Changes are conducted on an internal development environment and tested with pre-defined scripts. The changes to application or configuration are then deployed by an authorised platform administrator to a staging environment, tested and signed off by a product manager, before repeating the process on a production environment in Azure.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Intelogy have configured the service through Azure Security Center to have constant monitoring and logging turned on for all nodes (web VMs and databases). ; ; Any high priority threats are notified to our platform team instantly and action will be taken if possible and applicable at the soonest opportunity.; ; In addition, customers can access the following public status page:; https://azure.microsoft.com/en-gb/status
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Yes, we have a defined process for common events:; ; 5.2 Detection; ; * Identification and reporting of the incident.; ; * Incident details must be captured.; ; * Categorization of incident.; ; * Classify the incident. High, Medium, Low; ; * Identification of stakeholder who all should be involved for managing the incident; ; 5.3 Response; ; * Preventive action of the incident minimize the re-occurrence of the incident; ; * Corrective Action; ; 5.4 Analysis; ; * Data collection; ; * Root Cause Analysis of the incident; ; 5.5 Report; ; * Preventive action of the incident minimize the reoccurrence of the incident; ; * Learning communicated to either whole organisation and stakeholders
• Incident management type: Supplier-defined controls
• Incident management approach: Users can report incidents via phone, email and the helpdesk service. ; ; Detection; ; * Identification and reporting of the incident.; ; * Incident details must be captured.; ; * Categorization of incident.; ; * Classify the incident. High, Medium, Low; ; * Identification of stakeholder who all should be involved for managing the incident; ; Response; ; * Preventive action of the incident minimize the re-occurrence of the incident; ; * Corrective Action; ; Analysis; ; * Data collection; ; * Root Cause Analysis of the incident; ; Report; ; * Preventive action of the incident minimize the reoccurrence of the incident; ; * Learning communicated to either whole organisation and stakeholders

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  As well as encouraging less travel to work and use of physical consumables (like paper), the main way that our cloud services can help reduce carbon emissions is by lowering the energy consumption of IT infrastructure. ; ; According to a study by Microsoft, cloud computing can reduce the energy use and carbon footprint of IT operations by up to 93% compared to traditional on-premises data centres. This is because cloud providers can optimize the utilisation of their servers, use more efficient cooling systems, and leverage renewable energy sources. By contrast, on-premises data centres often have low utilization rates, inefficient cooling systems, and rely on fossil fuels for power generation. By moving to the cloud, businesses and individuals can save energy and reduce their environmental impact.

Pricing

• Price: £10 to £93 a licence a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: A full version of the system is available to each organisation after an initial qualification discussion for a period of 6 weeks.
• Link to free trial: Demo version of site available on request

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrew.tomlins@intelogy.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.