Objective Corporation Limited

Objective Nexus an ECM/EDRM service

Objective Nexus brings together key Content Solutions to store, govern and manage your information. Integration into Teams ensures corporate governance is applied. Powerful business processes empower users and automates workflow enabling you to take meaningful actions. Meanwhile, your information is protected with military-approved levels of security.

Features

• Enterprise Content Management & Information Governance
• Document and Records Management
• Business Process Automation, Workflow and Process Governance
• Drawings Management, Document Imaging and Redaction
• Governance for Microsoft Teams
• Advanced search capabilities
• Mobile and Offline Working
• Integration with Email, Office, Teams and Line of Business Systems
• Access via Mobile, Browser and Tablets
• Case Management

Benefits

• Manage Information assets through their lifecycle at lower cost
• Connects content to people and the people they work with
• Delivers a simple, fast and personal experience that can scale
• Manage all content; both electronic and physical
• Accessible via Web, Mobile, Email, Microsoft 365, and LoB systems
• Pre-configured file plans for SCARRS and LGCS
• Web-based application supported with all modern browser interfaces
• An accredited solution with data sovereignty in the UK
• Allows for collaboration and search across all content
• Automates core business processes across organisations and external stakeholders

£173.55 a user a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mat.graves@objective.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

268794227431413

Contact

Mat Graves
+44 (0)118 2072300
mat.graves@objective.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Customisation involving simple reconfiguration is supported, however any design alteration or the addition of third party applications must be declared for impact assessment. Whilst there are no limitations to customisation of the out of box functionality that Objective can support, all customisation must be scoped to understand the impact on security, service management and resource. ; ; Typically all maintenance schedules will be performed out of core office hours weekdays or over weekends.
• System requirements:
  • Installed client for system configuration and administration
  • Optional client download for optimised browser experience
  • Connectivity from customer to Cloud tenancy
  • Integration with other customer systems may be beneficial e.g. Exchange

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Online ticketing Support 24/7
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Standard Support Hours are 09:00 to 17:00 Monday to Friday Excluding Public Holidays.; ; Enhanced support is available including 07:00-19:00 and 24/5.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The Objective Nexus solution will be installed and configured by Objective Professional Services prior to delivery of the solution to the customer.; ; Data cleansing prior to data migration is available as a separate option, and if selected, this will form part of the on-boarding process.; ; A project plan will be agreed between the parties based on the requirements for the system, with an associated timeline. Regular reviews of both the project plan and demonstrations of the functionality will be included, as will a training plan that accommodates administrators, super users and end users. ; ; Following a successful acceptance test by key users, the system will be handed over to the customer.; ; The Objective Consultants will be available for a period after the go-live, and will do a warm handover to the Technical Support and Account Management teams.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Objective will export content from the hosted environment as follows:; • In order to receive the information, the customer will be responsible for creating their own hosted environment account with sufficient capacity to hold the dataset and provide Objective access.; • Objective will place a copy an export of the database and Objective document store in this area and provide a notification for the customer that this task has been completed. ; • Objective will maintain the original instance for a period of 30 days from export, upon which time it will be deleted.; • Once the data has been extracted, Objective will instruct the data centre to remove the Customers Objective instance. This will include removal of data volumes, snapshots and backups which will be permanently deleted from the hosted environment.
• End-of-contract process: Should the customer elect to terminate the contract, then written notice must be given according to the terms of the contract. Objective will migrate out content. The Account Manager will coordinate with our Professional Service team to perform the migration process at an additional cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Objective Nexus supports a responsive user experience. The Nexus browser will resize automatically based on the available screen space on the device.; Note the install is for a plug-in to enhance the user experience but is not a mandatory requirement. All users can access the service by a browser only.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: How users setup the service: The service is setup on behalf of the customer.; How users can make changes through the API: The service offers various routes to facilitate either a deep two way data exchange or a reference based loose coupling of systems.; Objective’s web services API provides a full range of “SCRUD” (Search, Create, Read, Update and Delete) services for content creation and consumption as well as other services for workflow interaction and session and transaction management.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: What can be configured and customised:; Many elements of the solution can be configured - this includes business specific elements such as the file plan, content types, business system preferences and business processes through Workflow.; ; Beyond configuration the solution can be customised for Integrations with 3rd party systems and for Integrations via Web Services and APIs and form UIs.; ; How users can customise?; ; Authorised users can configure the solution via the user interface or by using various utilities.; ; Technical users (or Objective technical consultants) can customise using the provided Web Services and APIs.; ; Who can customise?; Business specific elements can be configured by administrator users. Workflow can be configured by workflow administrator users.; Customisation involving simple reconfiguration is supported, however any addition of third party applications must be declared for impact assessment. Technical users (or Objective technical consultants) can also customise using the provided Web Services and APIs.

Scaling

• Independence of resources: The solution is single tenant, it has the ability to autoscale to meet the fluctuations in demand

Analytics

• Service usage metrics: Yes
• Metrics types: Regular reports provided.; Dashboard updated on a daily basis.; ; Metrics include application usage analytics for example top user document creations etc.; ; Reports on Incident Service Level Targets and Availability Target Levels.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Less than once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Other
• Other data at rest protection approach: Physical access controls from the Cloud platform.; ISO 27001 accredited procedures are in place to protect data at rest.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be analysed at any time through reporting capabilities, and can be exported if so desired using standard reporting features. Should addition bulk data services be required, this can be arranged through Objective Professional Services.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • Native document format
  • PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XML
  • Database Table
  • Native Document Format

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Isolated Security Zones within the network is an effective strategy for reducing many types of risk. Security zones that separate systems based on their communication and protection needs minimize security risks while allowing information flows to continue even in the face of failures and security incidents. ; Virtual firewalls are between each network zone to secure and control traffic flow between subnets to provide segmentation.; Certificates are are used to secure communication between many internal components of the solution. Most are included and Trust stores are used to secure communications between external customer services where relevant.

Availability and resilience

• Guaranteed availability: Objective Nexus is a hosted application which is available to users upward of 99% per month as standard, based on Support Hours. Service Availability Target means the ability for Objective’s monitoring provider probe to return success (critical services are available), except during scheduled maintenance windows.; Objective reserves a right to conduct scheduled downtime to ensure the environment is stable and the application is operational and up-to-date. Scheduled downtime will, where practicable, be notified to users in advance and scheduled on a weekend or after normal working hours to minimise any inconvenience. Objective also reserves a right to conduct unscheduled downtime in an emergency to safeguard the application e.g. from the presence of a virus or other damaging code.
• Approach to resilience: Physical Resilience is delivered by the Cloud provider to a world leading standard and backed by Service Level Agreements.; Objective designs the service on top of the Cloud infrastructure to meet the service levels required. These requirements may vary depending on customer requirements, ; further details/options can be provided upon request.
• Outage reporting: Objective System Administrators receive Email and SMS alerts and have internal dashboards, and will report any incident with the customer.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Service management via bastion hosts and use of a VPN
• Access restriction testing frequency: Less than once a year
• Management access authentication:
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: July 2018
• What the ISO/IEC 27001 doesn’t cover: The scope of Objective's accreditation covers the following: ; ; The protection of data for the provision of specialist information management software solutions and services around content collaboration and process management to the corporate and public sector. Assets protected include all organisation data client data required for the delivery of services and supporting physical and cloud based IT infrastructure. Assets protected are within the physical locations internal networks external connectivity and remotely managed services within the control of Objective Corporation UK Ltd. in Accordance with Statement of Applicability Ver 1.3
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO27018
  • Cyber Security Essentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: CyberSecurity Essentials
• Information security policies and processes: All Objective staff in the UK are responsible for conforming to the security manual in all their work. The procedures which make up the Information Security Management System (ISMS) define specific responsibilities.; ; The Objective UK Information Security Manager, who reports directly to the General Manager UK, is responsible for the ISMS design and development, liaison with external advice and guidance (e.g. interest groups, product user groups). They are responsible for:; • owning the ISMS and ensuring that it presents an integrated set of policies and controls which support Objective’s information security policy; • establishing information security objectives to support the policy, and controlling their achievement; • ensuring that any failures, events or improvement opportunities relating to information security are recorded and addressed as appropriate (including retention of records as required); • maintaining the ISMS components in accordance with agreed improvements, and ensuring that they are implemented correctly; • ensuring that any resources required to support information security are identified and requested; • monitoring the system's effectiveness through audits and other measures; • ensuring compliance with the requirements of ISO 27001; • ensuring staff awareness of information security; • maintaining knowledge of information security good practice.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Change and configuration management procedures are followed to track service components throughout their lifecycle to ensure the network remains operational and stable at all times. ; ; No changes may be made to the IT infrastructure without the Systems Administrator’s approval. ; ; The Systems Administrator reviews and risk assesses changes for potential security impact and mitigates and manages appropriately before deployment onto live system environments.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Incidents are raised in response to threat identification and managed on a risk impact assessed basis and prioritised for response.; ; Patches are deployed and managed in accordance with defined processes with emergency patch processes defined for dealing with high impact / high priority incidents. ; ; Potential threats and threat actors are monitored and regularly reviewed as part of the regular review process.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: A multi-layered strategic approach exists to protect the data, network and laptop/desktops from Internet borne threats that uses: ; • Anti-virus and malware scanner software on laptops/desktops and servers to protect against virus and malware infections ; • Email filtering to prevent email based attacks delivered in the form of incoming spam mail. ; • A firewall regulates inbound and outbound traffic to protect against potential threats.; • Operating systems software is updated to address known vulnerabilities. ; ; Tickets are raised in response to an incident and prioritised for response based on risk assessment.
• Incident management type: Supplier-defined controls
• Incident management approach: Users report and raise incidents through the Support Portal and tickets are raised to progress incidents. Each ticket is reponded to with details of root cause of the incident together with incident resolution details identified.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • Scottish Wide Area Network (SWAN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity

  Fighting climate change

  Fighting climate change; Objective’s mission is to create software that makes a difference. Using Objective software, thousands of public sector organisations are shifting to being completely digital. Where our customers can work from anywhere; with access to information, governance guaranteed, and security assured. Innovation is our lifeblood. We invest significantly in the ongoing development of our products to deliver outstanding solutions to the public sector and regulated industries. The result – stronger national and community outcomes, and accountability that builds trust in government. Through the delivery of these projects, our services greatly reduce the number of physical documents (which end up as paper waste), whilst greatly improving the efficiencies of document processes – in turn allowing them to provide greater services to the public with the same or reduced amount of taxpayer funding. Objective Corporation UK Limited (Objective UK) is committed to achieving Net Zero emissions by 2050. A copy of our Carbon Reduction Plan can be viewed on our website.

  Equal opportunity

  Equal opportunity; We recognise the value that different backgrounds, experiences and perspectives can bring to the business, and we oppose all forms of unlawful and unfair discrimination or victimisation. Objective’s Commitment: • To create an environment in which individual differences and the contributions of all our people are recognised and valued. • Selection for employment, promotion, training, or any other benefit will be based on aptitude and ability. • Every employee is entitled to a working environment that promotes dignity and respect. • Training, development, and progression is available to all employees. • To promote equality and diversity in the workplace. • To regularly review all our employment practices and procedures to ensure fairness. Diversity and Inclusion: We continuously strive to create a workplace that’s dynamic, diverse, and full of talent. A testament to this commitment was being certified as a Great Place to Work in 2023. We focus on purpose in everything we do, and offer our people continuous professional development, financial stability, flexibility, and an inclusive environment. Diversity, Equity and Inclusion (DEI): Our workforce reflects a diverse range of backgrounds, ensuring an inclusive and equitable environment. We are dedicated to fostering a culture that celebrates differences and promotes equal opportunities for all. DEI at Objective is not just a tick-box exercise, it’s a business imperative. We launched our 2023 DEI strategy to support further growth and creativity. Beyond this, we celebrate the diversity of our people through regular events during the year. Women Rising Programme: Launched in 2023, this is a holistic leadership and professional development programme. Open to all women, whether they are a manager or an individual contributor, it is designed to empower women and provide participants with the tools, knowledge, and inspiration so they can excel.

Pricing

• Price: £173.55 a user a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mat.graves@objective.com. Tell them what format you need. It will help if you say what assistive technology you use.