VINCI LEGAL LIMITED

Omnitrack

Compliance workflow software to manage data collection, follow-up, approvals and reporting.

Features

• Aggregate data
• Automate reminder emails
• Create dynamic dashboards
• Build and edit forms
• Download reports
• Flag high-risk submissions
• Automate processes
• Flexibility

Benefits

• Collaborate across different functions
• Mitigate risk
• Evidence due diligence
• Ensure compliance
• Evidence your audit trail
• Enforce best practice

£5,000 to £100,000 an instance

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@vinciworks.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

287600410204836

Contact

Joseph Lavi
0208 815 9308
enquiries@vinciworks.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: No
• System requirements: Internet

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within one business day
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Customers benefit from unlimited support as part of their subscription by phone or email. We have technical implementation teams dedicated to each client
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We have an implementation team that helps the client get set up and configure the systems to their specific requirements.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: The have a final submissions report.
• End-of-contract process: Data extract and reporting followed by data deletion. This is all included in the price of the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: N/A
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Access to the API is granted with all subscriptions. API can be accessed by admin users with appropriate permissions. The API is protected. All common administrative actions including managing users and data is available via API.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Omnitrack is a flexible service offering full customisation of all compliance workflows.

Scaling

• Independence of resources: Highly redundant hosting and service infrastructure with auto-scaling.

Analytics

• Service usage metrics: Yes
• Metrics types: System performance metrics
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: They can export using the UI or via API into Excel
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • Xls
  • Xlsx
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Xls
  • Xlsx

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Uptime over 99.9%. Our SLA can be seen here: https://vinciworks.com/sla
• Approach to resilience: All Omnitrack hosting and infrastructure is available in multiple availability zones. Active monitoring and logging with real-time alerts are in place. Additional network and application security in place to ensure resiliency.; ; Data is backed up extremely frequently and full disaster recovery plans are tested on a regular schedule. The entire hosting infrastructure and data can be rebuilt and recovered from scripts.
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: We operate a strict principle of least privilege access control with strong authentication and authorisation technical controls in place.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: The Standards Institution of Israel
• ISO/IEC 27001 accreditation date: 20/11/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Full set of policies audited as part of ISO 27001. All staff and relevant contractors sign security policies which form condition of employment.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Robust change management process including Secure Development Lifecycle Policy which covers all stages of development, testing and release of new features and products. Strong IT and personnel controls to ensure robust IT architecture.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Monitoring for new vulnerabilities, protection for all assets which are centrally managed by the organisation.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Penetration testing performed yearly. Platforms using the latest version. RSS blog that reports potential vulnerabilities (CVE feed) using the NIST website. If a compromise is noticed, implement patch immediately, make necessary upgrades. Send out communication to any affected parties same day.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We have a business continuity plan that makes provision for incident response. Users can report incidents via phone, email (ticketing system) or via the website. Incidents are written up and made available for relevant parties.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We have a strong ESG programme in place with committed targets including carbon-neutrality. We place strong emphasis on the environmental impact of our work and our supply chain with a programme sponsored by senior management and financial investors as well as organisation-wide awareness.; ; VinciWorks is a leading provider of online training on the topics of sustainaibility and climate change to organisations in the UK and around the world.

  Equal opportunity

  Diversity, equality and inclusion are deeply held values at VinciWorks. Those values drive us to create products that help organisations promote ethical and inclusive workplace culture. They also instruct our corporate mission to create a safer, fairer and more honest world.; ; VinciWorks is an international company of talented individuals who are able to find fulfilment and growth opportunities at VinciWorks for many years. Over 71% of staff identify with multiple nationalities. At least seven ethnicities are represented by VinciWorks staff with no more than a third of staff identifying with any one particular ethnicity. VinciWorks has gender parity, with a 50-50 female-male split in the organisation. Eight percent of staff identify as disabled, with two-thirds of those staff limited in their day-to-day activities because of their disability. VinciWorks is more representative of sexual orientation than the national average.; ; VinciWorks is a leading provider of online training on the topics of equality, diversity and inclusion to organisations in the UK and around the world.

  Wellbeing

  VinciWorks supports family and carers with flexible working and a self-managed holiday policy, making it a great place for people to balance work and family. ; ; Ensuring inclusion and wellbeing is a never-ending process and we are proud of our progress and we will continue to push our far-reaching goals. As a company, we know that our best work happens when we create a culture at work with diverse representation and where everyone feels supported and well.; ; VinciWorks is a leading provider of online training on the topics of mental health and wellbeing to organisations in the UK and around the world.

Pricing

• Price: £5,000 to £100,000 an instance
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: A sandbox of the system tailored to your use case for an agreed time period.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@vinciworks.com. Tell them what format you need. It will help if you say what assistive technology you use.