Regulatory Publishing Platform
TSO has built a fully managed publishing platform. Its software components can vary to meet different specific requirements and budgets. It is compatible with the requirements of regulators and providers of best practice professional guidance. The platform can be delivered through different commercial models i.e. SaaS and subscription-based model.
Features
- Ability to create tailored and use standard APIs
- Single source publishing
- Adaptive infrastructure
- Accessibility Compliance
- AI enabled search capability
- OCR capability
- Comprehensive Metadata Management
- Intuitive and collaborative editing environment
- Print ready outputs
- User centred design and service development
Benefits
- Content delivered in formats that users' require
- Improve data quality and reusability
- Enhance user experience
- Consistency of information for users and machines
- Improve searchability
- NLP & AI friendly
- Enhanced user engagement through clearer communications
- Autoscaling and Elastic Load Balancing
- Enhanced visibility of your content
- Easy to use
Pricing
£180,000 an instance a year
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
3 3 4 9 1 8 2 8 3 8 7 0 5 1 6
Contact
TSO - The Stationery Office
Bid Team
Telephone: 07548372034
Email: tsobidteam@williamslea.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Public cloud
- Private cloud
- Service constraints
- N/A
- System requirements
- Modern Web Browser
User support
- Email or online ticketing support
- Yes, at extra cost
- Support response times
- To be decided with buyer.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AAA
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Yes, at an extra cost
- Web chat support availability
- 24 hours, 7 days a week
- Web chat support accessibility standard
- WCAG 2.1 AAA
- Web chat accessibility testing
- To be decided with buyer.
- Onsite support
- No
- Support levels
-
A standard set of service level agreements exist for the platform, however these are customisable based upon customer need and costing specific to the scale and usage of the service.
Any contract would be supported by both an account manager, technical lead and our technical support teams to support the client.
Customer support teams can also be provided for public enquiry's where this is appropriate, particularly around authentication and transactions. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Online training can be provided where required to ensure that content editors have full confidence in their understanding of the interface.
User documentation will additionally be provided to help - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Data will be provided in one or more of the structured formats within the service either as the standard data formats or any bespoke formats created during the contract.
- End-of-contract process
- An exit plan will be included with any contract
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- System is built as mobile first responsive website.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AAA
- Description of service interface
- The service is displayed via web technologies and can be access with any standards compliant web browser
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- Automated user testing is carried out and verified by third parties
- API
- Yes
- What users can and can't do using the API
-
Retrieve documents in different representations
Carry out searches - API documentation
- Yes
- API documentation formats
- Open API (also known as Swagger)
- API sandbox or test environment
- No
- Customisation available
- Yes
- Description of customisation
-
The visual design of the interfaces can be fully customised to user requirements, through a comprehensive theming layer.
Editing of regulatory content editing can be customised based upon document analysis to provide a structured interface.
Appropriately permissioned users can edit website content.
For all content bespoke editing and approval workflows can be created and optimized.
Scaling
- Independence of resources
- The service is designed to scale with demand to ensure that user requests can be answered in a timely manner, the service is performance tested to ensure that the system will remain responsive within the expected demand of the service, with the architecture designed to be simple to scale beyond these levels as required.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Service Uptime
Usage Analytics
Transaction reporting (where appropriate) - Reporting types
-
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
- Physical access control, complying with another standard
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Data can be made available through APIs to allow for direct access for the users. In addition any non-public data such as reporting can be made available in a variety of formats for the client.
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- HTML
- XML
- JSON
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- XML
- JSON
- HTML
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- A standard SLA of 99.98% is offered for the availability of public facing services. Service credits would be given where availability does not meet this standard
- Approach to resilience
-
Horizontal scaling used to ensure that there is a high-degree of fault tolerance. Redundant systems in place to allow for short RTO and RPOs.
More details available on request. - Outage reporting
-
Email alerts to support and operations teams, with escalation via email to key individuals.
API endpoints showing overall service availability
Identity and authentication
- User authentication needed
- No
- Access restrictions in management interfaces and support channels
-
Access to management interfaces is contolled with secure authentication processes including MFA, where possible Single Sign-on is used.
Support channels are access through Industry standard secured service management portals. - Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Dedicated link (for example VPN)
- Username or password
- Other
- Description of management access authentication
- Different elements of the service use specific technologies to restrict the access including all of the above checked options for different elements of the service.
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- UKAS
- ISO/IEC 27001 accreditation date
- 02/04/2025
- What the ISO/IEC 27001 doesn’t cover
- N/A
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
- ISO 22301
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
ISO/IEC 27001:2013: Information Technology – Security Techniques
– Information Security Management Systems.
ISO/IEC 27017:2015: Information Technology – Security Techniques
– Code of Practice for information security
controls based on ISO/IEC 27002 for cloud
services.
CYBER ESSENTIALS PLUS: Cyber Essentials verified self-assessment with an additional technical audit, an on-site or remote assessment, and internal and external vulnerability scans conducted
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- We align to ITIL v3 processes
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- We use third party monitoring 24x7 to notify any vulnerabilities we use the provided information to apply patches and updates.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- We use third party monitoring 24x7 to notify any vulnerabilities we use the provided information to apply patches and updates.
- Incident management type
- Supplier-defined controls
- Incident management approach
- Via Jira helpdesks which align to ITIL processes
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Equal opportunity
- Wellbeing
Fighting climate change
TSO, as part of the Williams Lea Group, has an ESG (Environmental, Social and Governance) programme. The Beyond Business programme ensures ethical and environmental accountability, thoughtful actions in the community and opportunities for development.
Our climate change commitments include:
Developing and establishing sustainable, inclusive and digital practices for the future.
Using cloud hosting solutions for more efficient use of computing resources.
Annual social value reports.
Robust supplier onboarding policies and procedures.
Aligning our ESG strategy to the UN Global Compact Sustainable Development Goals: Good Health and Wellbeing (3); Diversity, Equity and Inclusion (5, 10); Decent Work and Economic Growth (8); Climate Action (13)Equal opportunity
TSO, as part of the Williams Lea Group, has an ESG (Environmental, Social and Governance) programme. The Beyond Business programme ensures ethical and environmental accountability, thoughtful actions in the community and opportunities for development.
Our equal opportunity commitments include:
Employing a User-Centred Design (UCD) approach to service development.
Ensuring accessibility of our products and services.
Robust supplier onboarding policies and procedures.
Policies that explicitly prohibit discrimination and initiatives that encourage diversity.
Mandatory Diversity, Equity and Inclusion and Anti-harassment and discrimination training
Modern slavery statement and policies.
Diversity data monitoring.
Disability confident employer.
An Employee Assistance Programme and Employee Benefits Scheme to provide support for employees.
Flexible working arrangements.
Aligning our ESG strategy to the UN Global Compact Sustainable Development Goals: Good Health and Wellbeing (3); Diversity, Equity and Inclusion (5, 10); Decent Work and Economic Growth (8); Climate Action (13)Wellbeing
TSO, as part of the Williams Lea Group, has an ESG (Environmental, Social and Governance) programme. The Beyond Business programme ensures ethical and environmental accountability, thoughtful actions in the community and opportunities for development.
Our wellbeing commitments include:
An Employee Assistance Programme and Employee Benefits Scheme to provide support for employees.
Flexible working arrangements.
Positive promotion and reward for socially beneficial and responsible behaviour.
Employing a User-Centred Design (UCD) approach to service development.
Aligning our ESG strategy to the UN Global Compact Sustainable Development Goals: Good Health and Wellbeing (3); Diversity, Equity and Inclusion (5, 10); Decent Work and Economic Growth (8); Climate Action (13)
Pricing
- Price
- £180,000 an instance a year
- Discount for educational organisations
- No
- Free trial available
- No