HORI SYSTEMS LIMITED

Custom API Development and Management

We develop application programming interfaces (APIs) on the public cloud, specifically Amazon Web Services (AWS), which enables us to deliver secured and custom endpoints. Our consultants review your existing system and requirements to ensure the deliverables are scalable and integrate neatly without experiencing downtime.

Features

• API Development Web Services —REST API, OAuth authentication, JSON, XML
• API Development and Amazon Web Services (REST and OAuth Authorisation)
• API Development Leveraging API Gateway
• REST, JSON integration and other APIs with API Development Service
• API development securely exposes APIs to mobile and client applications
• Tailor APIs for different use cases through API development
• API development includes automated performance monitoring of APIs
• API development based on AWS cloud platform features
• Full software development lifecycle for with API development
• API development includes scalable API solutions for temporary demand peaks

Benefits

• Scalable, reliable and resilient API development
• High-quality delivery with DevOps and automation with API development
• API development includes high availability of AWS hosting platform
• Custom SDK Development
• Publish APIs to multiple channels, securely with API development

£300 to £1,200 a user a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tech@horisystems.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

372926416976295

Contact

Abiodun Oketunji
07908560703
tech@horisystems.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Custom Software Development Kit (SDK) and Bespoke Software Development
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: No immediate constraints.
• System requirements:
  • Dependency that appropriate licensing is procured.
  • System requirements are dependent on each individual project.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Yes, we do provide email support to our users. If you have any queries or issues, you can reach out to us via email, and we will assure you of a response within our Service Level Agreement (SLA) timeframe of 24 to 48 hours. Please note that this SLA applies to all days, including weekends, so you can always expect a timely response, no matter when you need assistance.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We understand that support needs vary from business to business, so we offer two primary support levels to cater to our clients' requirements. ; ; 1. Standard Support: This is available to all customers at no additional cost. It includes access to our extensive online knowledge base and email support with 24-48 hours of response time. ; ; 2. Premium Support: We offer our Premium Support package for clients needing more dedicated assistance. The cost for this varies depending on the size and requirements of the business. With Premium Support, you'll receive priority email support with a faster response time within 12 hours, access to phone support during business hours, and a designated technical account manager. ; ; The technical account manager is your primary contact for any technical issues or queries. They work closely with you to understand your business's unique needs, provide personalized support, and ensure you get the most from our service.; ; Furthermore, irrespective of the support level chosen, our team of cloud support engineers is always behind the scenes, monitoring system performance and ensuring uptime for a seamless user experience.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Key on-boarding tasks include:; • Governance Model – agreement on the most suitable governance model to meet the requirements of the engagement;; • Delivery approach – agreement on whether an agile, waterfall or hybrid approach is best suited to the project;; • Elaboration – engagement with suitably empowered individuals from our Customer with whom we can capture functional and non-functional requirements;; • Commercial – finalise the commercial terms of the engagement with the Customer including agreement on delivery milestones.; ; Hori Systems provides on-site, remote/online and documented training dependant on the requirements of each individual customer.; Our standard method of training is to adopt a train the trainer approach allowing knowledge to cascade throughout the organisation to all users. This approach can be delivered on-site or remotely via video conferencing facilities. In addition, we provide User Guides specific to the needs of the individual customer and project, including details of any specific customisations agreed as part of the project scope.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: All existing and created data in relation to the services in question will remain the property of the customer. Data will be extracted in an agreed format and within agreed timescales as specified in Hori Systems Exit Plan issued at the start of each project.
• End-of-contract process: Upon service commencement, Hori Systems provides an agreed and complete Exit Plan tailored to the specific requirements of each individual customer including details of any additional costs and payment principals. All costs associated with the specified services will be articulated and approved with the customer upon project commencement.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: No

Scaling

• Independence of resources: Hori Systems provides a flexible and scalable service in order to meet the fluctuations in demand for each individual service. These services are underpinned by a set of pre-agreed SLAs with each individual customer, ensuring continuity of the services being provided.

Analytics

• Service usage metrics: Yes
• Metrics types: Service Metrics and reporting is agreed with customers in line with their individual requirements.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest: Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: In the context of API development, data export in the traditional sense is not applicable. As the API is a real-time service that provides tax-related data when requested, it does not store any user data that would require exporting. Users interact with the API to retrieve data as needed, and any storing, managing or exporting of the retrieved data, the user's systems handle.
• Data export formats: Other
• Other data export formats:
  • JSON
  • XML
• Data import formats: Other
• Other data import formats: Not Applicable

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Hori Systems provides up to 99.99% availability. All availability requirements, including SLAs are agreed with customers in line with their individual requirements.
• Approach to resilience: This information is available upon request.
• Outage reporting: Outage reporting methods include but are not limited to Public Dashboards, APIs and Email Alerts. All reporting arrangements are agreed with customers in line with their individual requirements.

Identity and authentication

• User authentication needed: Yes
• User authentication: Other
• Other user authentication: User Authentication is not specific to this service offering and will be discussed and agreed in line with each customer’s specific requirement.
• Access restrictions in management interfaces and support channels: It is standard Hori Systems policy to define and implement access restrictions in management interfaces and support channels.; with each customer’s specific requirement.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: While our security governance is not directly certified to a specific standard like CSA CCM version 3.0 or ISO/IEC 27001, we have built our service on AWS Public Cloud, which has a robust, industry-recognised, and certified security infrastructure.; ; Our approach to security governance is thorough and robust. We leverage AWS's advanced security features, such as data encryption, network security, access control, and security monitoring.; ; Even without direct certification, we strongly emphasise ongoing risk assessment, proactive threat monitoring, and swift incident response. Our team is trained in security awareness and is committed to maintaining high-security standards.
• Information security policies and processes: Our information security policy ensures all data's confidentiality, integrity, and availability in our care. This policy aligns with industry best practices and covers access control, data encryption, incident response, and regular security audits.; ; We regularly review and update our security policies and processes to adapt to evolving threats and technology landscapes. All changes are communicated promptly to all team members, and regular training sessions ensure that everyone understands their roles and responsibilities in maintaining security.; ; Reporting potential security incidents is encouraged and can be done through several channels. We have a dedicated security team, and any potential breaches or incidents are escalated to them immediately for investigation and resolution. ; ; Adherence to our security policies and processes is mandatory for all team members. Compliance is monitored and enforced by our security team, and violations are dealt with seriously, up to and including termination of employment. Our commitment to security is not just a policy but a fundamental part of our company culture.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We follow a systematic approach to configuration and change management. All our service components are tracked through a CMDB (Configuration Management Database) across their lifecycle. Change requests are performed via a Change Advisory Board (CAB). These requests are examined for potential security impacts through a systematic process involving risk assessments, peer reviews and extensive testing. Only approved changes are implemented, post which they are audited and documented to ensure traceability and accountability.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our organisation complies with several recognised standards for vulnerability management. We follow the Cloud Security Alliance's Cloud Controls Matrix (CSA CCM) v3.0, which provides a comprehensive framework for assessing the overall security risk of a cloud system. We also adhere to SSAE-16/ISAE 3402 auditing and control practices standards. In addition, our vulnerability management processes include regular system scanning, patching, and remediation alongside a thorough threat intelligence system to identify potential vulnerabilities and ensure our systems are continually secure.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Our organisation complies with several recognised standards for protective monitoring, including the Cloud Security Alliance's Cloud Controls Matrix (CSA CCM) v3.0 for a comprehensive framework to ensure the security risk of our cloud system. Further, we adhere to the SSAE-16/ISAE 3402 standards covering auditing and control practices. Our protective monitoring processes include 24/7 real-time monitoring, automated log analysis, suspicious behaviour detection, and incident response mechanisms. We use the latest tools and technology to detect and neutralise any threats, ensuring the integrity of our systems and the data they hold.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our organisation adopts multiple recognised standards for incident management. We comply with the Cloud Security Alliance's Cloud Controls Matrix (CSA CCM) v3.0, providing a comprehensive guideline for cloud infrastructure security. Additionally, we abide by ISO/IEC 27035:2011 standards for security incident management, which include mechanisms for incident detection, reporting, assessment, response, and learning. We also adhere to SSAE-16/ISAE 3402 standards covering management's operational controls. Our approach is proactive and focused on minimising impact, containing the incident, and implementing measures to prevent recurrence.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Our G-Cloud service actively fights climate change by reducing the carbon footprint associated with conducting business. As a cloud-based solution, our service eliminates the need for on-premise servers, which consume significant energy. It results in direct energy savings and reduces the indirect emissions associated with manufacturing, transporting, and disposing of hardware. Additionally, our data centres employ energy-efficient technologies and are powered by renewable energy wherever possible. We are committed to continuously optimising the energy efficiency of our operations and actively seeking opportunities to reduce our environmental impact further.

  Covid-19 recovery

  Our G-Cloud service is critical in COVID-19 recovery by enabling seamless remote work capabilities and business continuity. As a cloud-based solution, organisations can maintain operations regardless of location, reducing the disruption caused by lockdowns or quarantine measures. It also facilitates collaboration by providing secure access to data, tools, and applications from anywhere, anytime. Moreover, our scalable and pay-as-you-go model allows businesses to adapt to fluctuating demands and financial constraints, benefiting organisations recovering and restructuring after COVID-19.

  Tackling economic inequality

  Our G-Cloud service plays a significant role in tackling economic inequality by enabling affordable access to advanced technology. Our cloud service's scalability and pay-as-you-go nature make it accessible for organisations of all sizes, including small businesses and start-ups that traditionally might not have the investment capacity for high-end IT infrastructure. By offering the same high-quality resources and tools regardless of an organisation's size or financial standing, we level the playing field and enable economic growth and opportunity for a broader range of businesses.

  Equal opportunity

  Our G-Cloud service fosters equal opportunity by making advanced technology accessible to all businesses, regardless of size or location. The flexible and scalable nature of cloud computing breaks down barriers to entry, enabling smaller businesses to compete on a more equal footing with more giant corporations. Further, our commitment to diversity and inclusion in our workforce ensures that we create and deliver services that meet various needs and perspectives.

  Wellbeing

  Our G-Cloud service contributes to wellbeing by creating a more flexible, responsive, and less stressful work environment. Cloud computing allows employees to work from anywhere, providing them the flexibility to maintain a healthy work-life balance. It reduces commuting stress and allows more time for personal and family activities, thus enhancing overall wellbeing.; ; Beyond flexibility, our service also promotes wellbeing by reducing the burden of IT management. Our comprehensive support and automated updates relieve employees from daunting and time-consuming technical tasks, enabling them to focus on their core responsibilities and reducing work-related stress.; ; Furthermore, we are committed to creating a safer digital environment. We continuously invest in top-notch security measures to protect user data and privacy, providing peace of mind to our customers. Our transparent policies and procedures ensure users feel comfortable and secure using our services.; ; Our organisation prioritises employee wellbeing by fostering a positive work culture, offering wellness programs and promoting mental health awareness. We understand that a happy and healthy workforce translates into better service delivery. ; ; In summary, our G-Cloud service aims to enhance wellbeing by providing a stress-free, flexible work environment, reducing the burden of technical tasks, ensuring data security and privacy, and maintaining a healthy workforce.

Pricing

• Price: £300 to £1,200 a user a day
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tech@horisystems.com. Tell them what format you need. It will help if you say what assistive technology you use.