DEF Software Limited

MasterGov Site Monitoring

The Sites Monitoring module has been written specifically to compliment Minerals and Waste monitoring. The module manages all monitoring of the site whether it be Minerals, Waste or a Council development. As related cases can be linked to a site, DC history can be accessed from the site record.

Features

• Full application life cycle
• Integrated workflow
• GIS and Gazetteer integration
• Fully integrated with Planning, Building Control, Local Land Charges
• Mobile and remote working
• Online public facing components
• Industry standard technologies
• Built-in Document Management (DMS)
• Auditing tools
• Real time reporting (including statutory)

Benefits

• Intuitive interface
• Device agnostic
• APIs available
• Microsoft Azure hosting
• Single source of truth
• Self-service online public interface
• Reduces internal IT costs
• Kept abreast of legislative changes
• Part of a suite of land & property software
• Developer led support putting customers first

£39 a user a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gc@def.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

357296467412234

Contact

Graeme Cooke
01915358400
gc@def.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: The platform is restricted by IP range white list to secure from attack.
• System requirements: HTML5 compliant browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support will be made available to the client under an annual agreement. This support will be made available via the published helpdesk contact routes and will be available: Monday-Friday, 8.30am – 5:30pm. UK working hours, excluding UK Bank Holidays.; ; Response times depend upon severity of the issue and are as follows:; Urgent - 4hrs; High - 4hrs; Medium - 2 working days; Low - 1 working week
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: DEF operate a single support model. ; ; DEF shall provide rectification of faults found in the Software. Faults shall be defined as deviations from the agreed specification. Where no specification pertains to a given identified fault, a discussion shall be entered between the authority and DEF where an agreement shall be reached on whether this is an enhancement or a fault.; ; The authority shall notify DEF of any problems found, using an agreed procedure. This shall involve the written logging of problems on a standard form. Any verbal notification (for example in urgent or out of hours cases) shall be confirmed in writing as soon as possible.; ; Should DEF become aware of faults affecting the operability of the installed Software, DEF undertakes to inform the authority as soon as possible, and to provide a resolution within the agreed timeframe for the identified faults consistent with the categorisation specified within this SLA. Faults that are identified but do not affect the operability of the software will be listed at the next maintenance release of the software that addresses these faults.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: DEF will deliver a show and tell session to all users initially to encourage buy in of the solution. Onsite admin training is provided via several workshop sessions to allow the customer to gain the skills required for customisation. Full end user training will be provided to all users ahead of go live.; ; Training will be delivered either in person at the customers premises or via Microsoft Teams.
• Service documentation: Yes
• Documentation formats: Other
• Other documentation formats: Wiki
• End-of-contract data extraction: At the end of the contract DEF will provide the customer with a SQL Server BAK file and file extract of all associated documents from the DMS.
• End-of-contract process: At the end of the contract DEF will deliver data and associated documents back to the customer. Upon doing this all data documents held by DEF will be destroyed.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: The API is mainly used as conduit for the traffic between the back office MasterGov system and public facing online components. Customers can use it to update the back office database with data captured from their own e-forms. It can also be used by CRM solutions to display system data.
• API documentation: No
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Customers can:; - add merge fields; - build templates for document production; - create custom fields; - add user roles; - update all drop down lists; - create workflow processes; - add layers to GIS; - create mobile working job templates; ; The above customisation is all managed within the MasterGov client without the need for IT skills.; ; System admin users would manage customisation.

Scaling

• Independence of resources: DEF operate a load balancing system with enough server resource to ensure that if all expected users were on a once there would be sufficient capacity.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Never
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be exported in a variety of formats using either the Query Builder or using MasterGov reporting (SSRS).
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • SQL Bak file
  • Shape file
  • Microsoft Excel
  • XML
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • SQL Server Bak file
  • Shape file

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The solution has a guaranteed availability of 99.9%.
• Approach to resilience: The data centre is provided by Microsoft and this information is available on request.
• Outage reporting: DEF use email alerts to notify users of any outages.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Management interfaces are restricted based upon permissions configured within the MasterGov system. Support channels are restricted on user ID and password. Access to MasterGov is restricted using IP range white lists which are enforced with firewall and Microsoft Azure network security group rules.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Schellman & Company
• ISO/IEC 27001 accreditation date: 03/01/2022
• What the ISO/IEC 27001 doesn’t cover: The Microsoft Azure platform which is used.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 19/06/2020
• CSA STAR certification level: Level 3: CSA STAR Certification
• What the CSA STAR doesn’t cover: Anything not provided by Microsoft.
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: DEF has an Information Security & Data Protection Policy which details the policies and processes for the business. The policy document outlines the key processes and reporting channels. All staff have to sign to indicate that they have read and understand the policy. Any breach of the policy must be reported to a director. Any employee, or subcontractor, found to have breached the policy will be subject to disciplinary action.; ; The policy covers GDPR, sensitive personal data, information security, access requests and data security. The policy also covers the communication path for any losses of data.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: As the hosting platform is managed by Microsoft they manage changes to core infrastructure. DEF however manage changes to operating system updates. This is done on an agreed schedule with maintenance periods communicated to customers.; ; In terms of the DEF authored software, every change is logged in a source code management system and all changes detailed into comprehensive release notes which are sent to customers.; ; Only infrastructure changes impact security and each change is accessed on a case by case basis by our technical architects with, where applicable, input from Microsoft.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: DEF follow recommendations from Azure Security Centre on performing vulnerability assessments on the Azure virtual machines, container images, and SQL servers.; ; DEF use third-party solutions for performing vulnerability assessments on network devices and web applications. When conducting remote scans, DEF do not use a single, perpetual, administrative account. Credentials for the scan account are protected, monitored, and used only for vulnerability scanning.; ; DEF use Azure "Update Management" to ensure the most recent security updates are installed on Windows VMs. Although these are applied in schedule maintenance windows, DEF will provide urgent updates as required.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: DEF ingest logs via Azure Monitor to aggregate security data generated by endpoint devices, network resources, and other security systems. Within Azure Monitor, DEF use Log Analytics Workspace(s) to query and perform analytics, and use Azure Storage Accounts for long-term/archival storage.; ; DEF enable Diagnostic Settings on Azure resources for access to audit, security, and diagnostic logs. Activity logs, which are automatically available, include event source, date, user, timestamp, source addresses, destination addresses, and other useful elements.; ; If the compute resource is owned by Microsoft, then Microsoft is responsible for monitoring it.
• Incident management type: Supplier-defined controls
• Incident management approach: Security Centre assigns a severity to each alert to help prioritize which alerts should be investigated first. The severity is based on how confident Security Centre is in the finding or the analytic used to issue the alert as well as the confidence level that there was malicious intent behind the activity that led to the alert.; ; Security incident contact information will be used by Microsoft to contact DEF if the Microsoft Security Response Centre (MSRC) discovers that the data has been accessed by an unlawful or unauthorized party. Review incidents after the fact to ensure that issues are resolved.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  The DEF Software Limited environmental management policy is a framework for managing all aspects of the company’s impact on the community and environment as a whole. Its main aims are to reduce our negative impact and maximize environmental return within the areas of carbon footprint, recycling, electrical equipment recycling, energy and natural resource usage and travel. In detail, successful characteristics driven by this policy include:; ;  All company vehicles are petrol / hybrid (going full electric at next refresh).;  Public Transport is utilised wherever reasonably possible.;  Car Sharing is in place for staff members.;  Home working is encourage for all staff.;  We recycle 100% of our paper, appropriate metals and plastics.;  We utilise an ECO friendly building (Council owned) as our sole premises.;  We employ motion based lighting in our office space.;  We only utilise 100% recycled paper in all of our marketing collateral, which is accredited and compliant with the FSC.;  We adhere rigorously to the Government advice on the recycling of electrical goods.;  We PDF and email all written communication where the recipient has agreed that route.;  All printer cartridges and ribbons are recycled via an organisation that also makes a donation to charity.; ; DEF’s environmental philosophy;;  To consider LM3 when purchasing products / services for DEF.;  Increase the awareness of environmental responsibilities among staff.;  Operate environmentally sound waste management procedures.;  Promote energy saving activities and make effective use of resources in development, sales and service.
• Tackling economic inequality:

  Tackling economic inequality

  DEF make every effort to support local businesses in a bid to boost the local economy. DEF outsource all non-core competences which includes accounting, legal and specialist IT support. All these services go to local companies with a 5-mile radius of DEF HQ. As an SME DEF do not have huge expenses but when the business does need to purchase goods they will always look locally first. In the past 12 months DEF have purchased office furniture, printed materials and internet connectivity all from local companies.; ; DEF maintains a register of local community participation and engagement and staff are actively encouraged to participate in community events, some recent highlights from this report are as follows:; • money to Sure Start for Christmas gifts, ; • sponsored a safety first campaign at a local school; • purchased a games console for a local children’s ward, ; • sponsored a junior football team,; • provided funds to allow a local graduate to carry out foreign aid work.; ; Additionally, the company makes an annual donation to its charity of choice. This year the company has chosen to donate to the Grace House Appeal - http://www.gracehouse.co.uk/ which is a local short break and respite care home for children and young people.; ; One member of staff is recruited into The Territorial Army (TA) and the company allows the individual additional leave time to fulfil his TA duties. The company is growing organically year and year and hope to be able to do more within the community.
• Equal opportunity:

  Equal opportunity

  DEF Software Limited seeks to employ a workforce which reflects the diverse community at large because DEF Software Limited values the individual contribution of people irrespective of sex, age, marital status, disability, sexuality, race, colour, religion, ethnic or national origin.; ; All employees will be treated with dignity and respect. DEF Software Limited will use its best endeavours to provide a working environment free from unlawful discrimination, harassment or victimisation on the grounds of sex, age, marital status, disability, sexuality, race, colour, religion, ethnic or national origin.; ; DEF Software Limited recognises its legal obligations under the Race Relations Act, Sex Discrimination Act, The Equal Pay Act, and the Disabled Persons Act and the Disability Discrimination Act.; ; DEF Software Limited undertakes to review periodically its selection criteria and procedures to maintain a system where individuals are selected, promoted and treated solely on the basis of their merits and abilities.; ; DEF Software Limited will not tolerate acts which breach this policy and all instances of such behaviour or alleged behaviour will be taken seriously, fully investigated and may be subject to the disciplinary procedures of DEF Software Limited.
• Wellbeing:

  Wellbeing

  Employees at DEF Software Ltd benefit from flexible working arrangements, where working from home can suit the individual and to improve the work / life balance of all of our employees. Several staff take advantage of this in caring for elderly relatives and both new-born and children of a schooling age. This includes everything working varying hours in the working day to only working certain days in the week.; ; DEF also provide a private health care provision to all employees.

Pricing

• Price: £39 a user a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Basic access to a demo instance of MasterGov to allow customers to check communications and evaluate the product.; ; No data migration, training or other DEF services are provided.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gc@def.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.