Data Services

Service scope

Software add-on or extension: No
Cloud deployment model: Private cloud
Service constraints: None.
System requirements: Browser Compatibility: Edge, Firefox, Chrome, Safari

User support

Email or online ticketing support: Email or online ticketing
Support response times: Email support is offered and depending on the priority level of the support required response times will vary between 30 minutes and 2 hours. Response times are different at weekends and can range between 4 to 8 hours.
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: No
Onsite support: Onsite support
Support levels: Support is included in the cost of the system.
Destin Solutions provide telephone support during normal office hours (9:00am to 5:00pm – Monday to Friday). Email support is also provided both during and out of office hours.

The initial point of referring an incident is via telephone to the appointed Account Manager. All calls are logged and immediately directed to an appropriate technical representative. Destin Solutions will respond to the initial contact within 1 hour and will attempt to resolve the issue within 2 hours.

Further information is contained within our Incident Management Process Flow document.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: A full service on-boarding process is rolled out, when a new client is signed up. A trainer will be provided and use a 'train the trainer' approach so new users can be on-boarded quickly by the Council, long after the solution has been implemented. The client can set up their own users for the solution and manage their own user accounts, assigning different access levels dependent on role. We recommend the client appoints their own system administrator early on in the on-boarding process.
The solution also includes a web based user guide, which is accessible within the web portal.
Service documentation: Yes
Documentation formats: HTML

PDF
End-of-contract data extraction: Destin Solutions can manually extract and provide that data as it stands at that point in time. Costs associated with end-of-contract data extraction are based on an hourly rate of £100 per hour.
End-of-contract process: At the end of the contract all customer data is immediately removed from Destin Solutions servers. All data stored by authorities is stored on logical drives which at contract termination can be erased using the following algorithms: DOD5220M/ CESG HMG, NIST 800-88.

Costs associated with data deletion are based on an hourly rate of £100 per hour.

Using the service

Web browser interface: Yes
Supported browsers: Microsoft Edge

Firefox

Chrome

Safari
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: Our mobile service offers optimised viewing experiences across different mobile platforms however all functionality offered within the desktop service is also available on the mobile service.
Service interface: Yes
User support accessibility: WCAG 2.1 AA or EN 301 549
Description of service interface: SharePoint front end is used to provide presentation and management interfaces for the service via the web.
Accessibility standards: WCAG 2.1 AA or EN 301 549
Accessibility testing: Our solution is based on Microsoft SharePoint technology all of which has been extensively tested by Microsoft to ensure it meets the latest web accessibility needs and standards. As outlined extensively in their support documentation SharePoint provides; the ability to get colour contrasts right, add alternative text and so on – all the items users will typically see on many accessibility checklists. In addition, SharePoint is tested thoroughly to make sure that, people can use the sites without a mouse. Users can move around any SharePoint page and use any button or command by using only the keyboard. SharePoint also facilitates; alternatives to visuals (images, icons, etc.), and descriptive text for all images, such as alternative text (alt text). Creation of larger typefaces that make text easier to read, and black or high-contrast text. A predictable tab order and landmarks on a web page that enable the user to build a mental picture of the page so they can stay oriented and not lose track of where they are. Simple backgrounds without patterns behind text on web pages. Alternatives to colour to convey important information such as ensuring hyperlinks that are highlighted by colour are also underlined and so on.
API: No
Customisation available: Yes
Description of customisation: Customisations can be carried out by Destin Solutions on behalf of the client, the user's themselves cannot customise the service. Customisations can be made on the type of reports a customer can view. The solution can also be customised to suit a clients branding and logo requirements and guidelines.

Scaling

Independence of resources: Response times of different users are continuously monitored and if they go above certain parameters during normal use of the system, resources will be increased to reduce this back down to acceptable levels.

The system is also designed to prevent "queries of death" from being run, in any case, memory and CPU use of queries being run are continuously monitored so that if a query is hogging resources it can be shut down.

Analytics

Service usage metrics: Yes
Metrics types: User administrators can monitor the following metrics on usage:
• Total visits
• Total Pages viewed
• Total Bytes Downloaded

These are summarised by Month, Week, Day and by User.
Reporting types: Regular reports

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: No
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least once a year
Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest: Encryption of all physical media
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation
Equipment disposal approach: In-house destruction process

Data importing and exporting

Data export approach: All electronic transfers of data must be carried out using an encrypted channel. In normal operation, customers are expected to provide sensitive data electronically using agreed protocols. Destin Solutions provide a FTPS server secured with a GlobalSign SSL certificate for this purpose which meets Advanced Encryption Standards. We are also flexible enough to apply other secure methods which the Council may already be using subject to them meeting our criteria.
Data export formats: CSV

Other
Other data export formats: PSV
Data import formats: CSV

Other
Other data import formats: PSV

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)

IPsec or TLS VPN gateway
Data protection within supplier network: TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability: The service is available 9:00am to 6:00pm Monday to Friday. Between these core working hours stated, availability of service is 99.99%.

Planned upgrade and support work is always carried out, outside of core working hours to minimise the impact on service availability
Approach to resilience: Available on request.
Outage reporting: Service outages are reported by email alert.

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Public key authentication (including by TLS client certificate)

Dedicated link (for example VPN)

Username or password
Access restrictions in management interfaces and support channels: Accounts given to staff should only have access to the minimum information and resources that are necessary for their job role. Members of staff which from time-time need to perform operations with elevated permissions will be provided with one or more elevated accounts to be used only when necessary to perform those tasks.

High privilege accounts must only be used when accounts of lower rights will not perform the tasks required.

Log management software is used to audit access to critical systems and detect inappropriate or suspicious access-related events including use of high privilege accounts.
Access restriction testing frequency: At least every 6 months
Management access authentication: 2-factor authentication

Public key authentication (including by TLS client certificate)

Dedicated link (for example VPN)

Username or password

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users have access to real-time audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: CDL Group Limited
ISO/IEC 27001 accreditation date: 08/02/2024
What the ISO/IEC 27001 doesn’t cover: Sales and marketing activity are not covered within the scope of the certification.
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: No
Cyber essentials plus: No
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: Ultimate responsibility for information security rests with the Managing Director of Destin Solutions, but on a day-to-day basis the Data Security Manager is responsible for implementing the policy and related procedures.

Line Managers are responsible for ensuring that their permanent/ temporary staff and contractors are aware of:-
- The information security policies applicable in their work areas
- Their personal responsibilities for information security
- How to access advice on information security matters

All staff shall comply with information security procedures including the maintenance of data confidentiality and data integrity. Failure to do so may result in disciplinary action.

Line managers are individually responsible for the security of their physical environments where information is processed or stored. Each staff member is responsible for the operational security of the information systems they use.

Each system user shall comply with the security requirements that are currently in force, and shall ensure the confidentiality, integrity and availability of the information they use is maintained to the highest standard.

Contracts with external contractors allowing access to the organisation’s information systems are in operation before access is allowed. These contracts ensure that staff or sub-contractors of the external organisation comply with all appropriate security policies.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: We use a continuous integration methodology with respect to development and as such have a fully automated and reproducible build and test cycle. Changes to system components are checked into our configuration management system and developers test their changes on a local build environment which mirrors the production build environment. If the build is successful then the changes are incorporated into the continuous integration build. Part of the automated test scripts also ensure the security of the system by simulating the effects of users with different access levels running queries against the system.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: Windows Server Update Services (WSUS) is used to manage the patching of all the machines and configured to download the latest patches and updates for all components of the solution. WSUS also enables implementation and automation of a patch release strategy and allows us to monitor the number of machines a patch has been deployed to. We monitor relevant forums and official releases about any potential problems with the patch. If none are noted WSUS is updated to approve the patch to the appropriate servers during the next release cycle.
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: Our networks are protected by Intrusion Protection Systems (IPS) to identify, block and log the following common network attacks:
• Ping of Death
• IP half scan
• Port Scan
• Ping of Death
• Land
• DNS attacks

Our IPS is configured to scan and drop IP packets that contain IP options that are indicative of suspicious and potentially malicious behaviour.

We use Dell Intrust log management software which enables real-time notification of critical events through email alerts and automatic responses to certain events such as disabling a user account. Response times depend on priority level.
Incident management type: Supplier-defined controls
Incident management approach: We use an incident management process flow chart. Users report incidents by phone, email or the portal interface. Incidents are then identified, logged, categorised and prioritised. Following incident diagnosis and resolution incidents are closed subject to users agreeing to the closure. Incidents are fully documented and an incident record is kept . Incident reports are available to customers whom have been impacted by the incident on request, via email, and typically outline the information detailed above.

Secure development

Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks: No

Social Value

Fighting climate change
Tackling economic inequality
Equal opportunity
Wellbeing

Fighting climate change

Employees all primarily work from home minimising unnecessary travel, reducing carbon footprint. Employees encouraged to only keep documentation digitally reducing any requirement for printing and unnecessary use of paper.

Tackling economic inequality

Promote the use of working with smaller local businesses where possible to support our own business needs. Actively look to recruit interns and graduates to help skill up employees just starting out in their career. Implementation of appraisal schemes for employees, to more quickly identify when staff pay and bonuses should be reviewed.

Equal opportunity

Recruit people on the basis of skill, knowledge and capabilities, regardless of background, age, ethnicity, gender and disabilities. Committed to being an equal opportunities employer.

Wellbeing

Home working risk assessments are carried out and we encourage employees to identify the tools and mechanisms that could be provided by us as employers to make their working life more comfortable. We actively encourage regular breaks away from screens, ask that lunch and food breaks are not done in front of the computer screen and that employees take proper down time during the working day and give themselves headspace to think about or engage in other activities.
We have produced a lone worker policy which focuses on measures to reduce the risks of lone working. As part of our benefits package we also offer private healthcare to all staff and within this staff have access to a health and wellbeing hub that provides access to a variety of useful and valuable information including videos from experts on a wealth of different topics. The package also includes an Employee Assistance Programme with 24/7 telephone support helping employees to overcome any issues which may be limiting their ability to perform. Structured counselling is also included to help with any mental health issues, employees may be facing.

Pricing

Price: £1 to £7 a unit a year
Discount for educational organisations: No
Free trial available: No

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Data Services

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents