GCI Network Solutions Ltd

ForgeRock Identity by Nasstar

ForgeRock Identity by Nasstar. Businesses must synchronise customer information across different systems and applications to create a single digital identity for every customer. Only then can they deliver an uninterrupted omnichannel
customer experience that is seamless, smooth and secure.

Features

• Identity Management
• Access Management
• Single Platform
• Biometrics
• Multi Factor Authentication
• Contextual Signal Collection
• User Driven Analytics
• Identity Governance

Benefits

• Increased Time to Market
• Improved User Experience
• Secure Registration
• Feature Rich applications
• Single Sign On
• Increased Performance
• Compliance and Governance

£0.60 to £2.50 a unit

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@nasstar.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

405393898026939

Contact

Mike Ayres
03450030000
tenders@nasstar.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: N/A
• System requirements:
  • Windows PCs-Windows 10
  • Chrome V76, Firefox ESR68, Edge V42
  • Mac OSX, Chrome V76, Firefox ESR68
  • Chromebook-Chromium V73
  • Chrome V76

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: SLA's to be agreed with customer in regards to Service Incidents and/or Service Requests based upon associated priority.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We are adaptable to client requirements - we welcome discussion on support requirements.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: N/A
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Nasstar will work with customer to define exit management process in alignment to contract. Nasstar can provide all required data via standard directory formats depending on customer requirement. Custom formats can also be supported at additional cost.
• End-of-contract process: Nasstar utilise our Exit Management process which is agreed with the customer as part of contractual agreement. This process defined the methodology as well as the required artefacts that must be provided in line with contract end.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: N/A
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: N/A
• Accessibility standards: None or don’t know
• Description of accessibility: N/A
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: API Connectivity allows integration between Identity platforms and third party service providers.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: Nasstar provide customer specific bespoke IAM services based upon customer requirements. Service are designed and built based upon targeted user volumes therefore systems are built to support expected capacity.

Analytics

• Service usage metrics: Yes
• Metrics types: Availability; Response SLA; Resolution SLA
• Reporting types: Regular reports

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Ping Identity

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Our service would be a bespoke Identity Platform built in alignment to customer requirements there would be no self-service user data export as standard. This would need to be fully defined as part of customer requirements.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: 99.99%
• Approach to resilience: Nasstar designs our services to be fully resilient by utilising public cloud architecture. Service resiliency is a baseline requirement used to ensure that our services meets the customers specific requirements.
• Outage reporting: Service Outages are managed via our Major Incident Management process

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: Support access controls are managed via IAM user roles that are aligned to our support teams. E.g Application Support, Cloud Support as well as our architecture and build teams have full defines user access restrictions and controls in place which are aligneed to the respective teams.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: United Registrar of Systems
• ISO/IEC 27001 accreditation date: 14/6/21
• What the ISO/IEC 27001 doesn’t cover: The Registered Scope is as follows: Information security management system for the delivery of communications and associated technologies, products and services provided by the Group.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: SAQ-D self assessment
• PCI DSS accreditation date: 12/05/2023
• What the PCI DSS doesn’t cover: Nasstar’s PCI self-assessment covers all aspects of its Live Agent and IVR payment solution used by our customer to transit card payments from their customer to their merchant banks / payment service providers in a PCI
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO27018
  • PSN
  • ISO20000
  • ISO27017
  • CISPE Code of Conduct Certification

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Nasstar Policies:; ; Cyber Security Management Framework; Data Protection Framework; Nasstar Password Policy ; Nasstar Glocal Information Security, Data Protection and Privacy Policy; Nasstar Sure Remote Working Policy

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Configuration Items (both hosted CI's as well as key apllication CI's) are hosted within our CMDB. ; ; All CI's are managed throughout their lifecycle via our Change Management process which is ISO 9000/20000 accredited.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: N/A
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: N/A
• Incident management type: Supplier-defined controls
• Incident management approach: Nasstar’s Incident Management Policy is designed to ensure suitable and appropriate processes, procedures and controls are in place embedded within operational functions of the business, to respond to and effectively manage incidents through to full resolution. This approach enables Nasstar to ensure that the interests of the business, its customers, partners and key stakeholders are protected at all times.; Nasstar adopt the Plan, Do, Check, Act principle to its Incident Management Policy, as with its wider Business Management System, to deliver a defined, managed, reviewed and where applicable; continually improved approach based on real time experience and key lessons learned

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Scottish Wide Area Network (SWAN)
  • Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Nasstar is committed to creating innovative Technology with a positive impact by working with your organisation to ensure that opportunities under the contract deliver agreed Policy Outcomes and Model Award Criteria. Nasstar is committed to becoming Net Zero by 2050. Nasstar commits to working with your organisation to ensure that opportunities under the contract deliver agreed Policy Outcomes and Model Award Criteria. Nasstar understand our buyers have commitments in this area and will work with them at implementation stage. We routinely work to ensure delivery of meaningful positive input in this important area. Our initial discovery workshop will include a clear method statement stating how we will achieve Policy outcomes and how our commitment meets the Award Criteria, a timed project plan and process (detailing how we will implement agreed commitments and by when), and how we will monitor, measure and report on our commitments/the impact of our proposals. Related to ‘Fighting climate change’ we will focus on implementing effective measures to deliver any/all of the following benefits through the contract: • MAC 4.1 Deliver additional environmental benefits in the performance of the contract including working towards net-zero greenhouse gas emissions. • MAC 4.2 Influence staff, suppliers, customers, and communities through the delivery of the contract to support environmental protection and improvement which as part of our Social Value Commitment, this product offering will also be integrated into the company's Continuous Improvement Plan and will be scrutinised to identify, monitor, measure and achieve the MAC 4.2 measures. Example reporting metrics of benefits delivered under the contract may include: People-hours spent protecting/improving the environment under the contract, Number of green spaces created under the contract, reduction in emissions of greenhouse gases, reduction in water use, and reduction in waste to landfill.

  Covid-19 recovery

  Nasstar commits to working with your organisation to ensure that opportunities under the contract deliver agreed Policy Outcomes and Model Award Criteria. Nasstar understand our buyers have commitments in this area and will work with them at implementation stage. We routinely work to ensure delivery of meaningful positive input in this important area. Our initial discovery workshop will include a clear method statement stating how we will achieve Policy outcomes and how our commitment meets the Award Criteria, a timed project plan and process (detailing how we will implement agreed commitments and by when), and how we will monitor, measure and report on our commitments/the impact of our proposals. Related to ‘Covid-19 recovery’ we will focus on implementing effective measures to deliver any/all of the following benefits through the contract: • MAC 1.1: Creation of employment, re-training, and other return to work opportunities for those left unemployed by COVID-19, particularly new opportunities in high-growth sectors. • MAC 1.2: Support for people and communities to manage and recover from the impacts of COVID-19, including those worst affected or who are shielding. • MAC 1.3: Support for organisations and businesses to manage/recover from the impacts of COVID-19, including where new ways of working are needed to deliver services. • MAC 1.4: Support for the physical and mental health of people affected by COVID-19, including reducing the demand on health and care services. • MAC 1.5: Improvements to workplace conditions that support the COVID-19 recovery effort including effective social distancing, remote working, and sustainable travel solutions Example reporting metrics of benefits delivered under the contract may include: Number of FTE employment for those made redundant due to COVID-19, people-hours supporting local community integration related to COVID-19, and percentage/number of the supply chain to have implemented the 6 standards in the Mental-Health-at-Work commitment.

  Tackling economic inequality

  Nasstar commits to working with your organisation to ensure that opportunities under the contract deliver agreed Policy Outcomes and Model Award Criteria. Nasstar understand our buyers have commitments in this area and will work with them at implementation stage. We routinely work to ensure delivery of meaningful positive input in this important area. Our initial discovery workshop will include a clear method statement stating how we will achieve Policy outcomes and how our commitment meets the Award Criteria, a timed project plan and process (detailing how we will implement agreed commitments and by when), and how we will monitor, measure and report on our commitments/the impact of our proposals. Related to ‘Tackling Economic Inequality’ we will focus on implementing effective measures to deliver any/all of the following benefits through the contract: • MAC2.1: Create opportunities for entrepreneurship and help new organisations grow. • MAC2.2: Create employment/training opportunities for people who face barriers to employment, are located in deprived areas, and in industries with known skills shortages or high growth sectors. • MAC2.3: Support educational attainment including training schemes • MAC 3.1: Create a diverse supply chain including new businesses/entrepreneurs/start-ups/SMEs/VCSEs/mutuals. • MAC 3.2: Support innovation and disruptive technologies throughout the supply chain to deliver lower cost, higher quality goods/services. • MAC 3.3: Support the development of scalable and future-proofed new methods to modernise delivery and increase productivity. • MAC 3.4: Demonstrate collaboration and a fair/responsible approach to working with supply chain partners. • MAC 3.5: Demonstrate action to identify/manage cyber security risks in the delivery including in the supply chain. Example reporting metrics of benefits delivered under the contract may include: Number of FTE employment/apprenticeship/training opportunities created, learning interventions delivered, start-up/SME/VCSE/mutuals opportunities awarded, and relevant supply chain metrics e.g. Cyber Essentials certification and adoption of NCSC 10 steps.

  Equal opportunity

  Nasstar commits to working with your organisation to ensure that opportunities under the contract deliver agreed Policy Outcomes and Model Award Criteria. Nasstar understand our buyers have commitments in this area and will work with them at implementation stage. We routinely work to ensure delivery of meaningful positive input in this important area. Our initial discovery workshop will include a clear method statement stating how we will achieve Policy outcomes and how our commitment meets the Award Criteria, a timed project plan and process (detailing how we will implement agreed commitments and by when), and how we will monitor, measure and report on our commitments/the impact of our proposals. Related to ‘Equal opportunity’ we will focus on implementing effective measures to deliver any/all of the following benefits through the contract: • MAC 5.1: Demonstrate action to increase the representation of disabled people in the contract workforce. • MAC 5.2: Support disabled people in developing new skills relevant to the contract, including through training schemes resulting in recognised qualifications • MAC 6.1: Demonstrate action to identify/tackle inequality in employment, skills, and pay in the contract workforce. • MAC 6.2: Support in-work progression to help people, including those from disadvantaged/minority groups, to move into higher-paid work by developing new skills relevant to the contract. • MAC 6.3 Demonstrate action to identify/manage the risks of modern slavery in the delivery of the contract, including in the supply chain. Example reporting metrics of benefits delivered under the contract may include: Percentage/number of FTE disabled/under-represented people employed as a proportion of the total FTE including apprenticeships/training schemes, percentage/number of companies in the supply chain to have committed to the five foundational principles of good work, percentage of supply chain mapping completed, and people-hours devoted to supporting victims of modern slavery.

  Wellbeing

  Nasstar commits to working with your organisation to ensure that opportunities under the contract deliver agreed Policy Outcomes and Model Award Criteria. Nasstar’s Wellbeing policies are aligned to the UK Government’s Good Work Plan (satisfaction, fair pay, participation and progression, well-being, safety and security, voice and autonomy). Nasstar understand our buyers have commitments in this area and will work with them at implementation stage. We routinely work to ensure delivery of meaningful positive input in this important area. Our initial discovery workshop will include a clear method statement stating how we will achieve Policy outcomes and how our commitment meets the Award Criteria, a timed project plan and process (detailing how we will implement agreed commitments and by when), and how we will monitor, measure and report on our commitments/the impact of our proposals. Related to ‘Wellbeing’ we will focus on implementing effective measures to deliver any/all of the following benefits through the contract: • MAC 7.1: Demonstrate action to support health and wellbeing, including physical/mental health, in the contract workforce. • MAC 7.2: Influence staff, suppliers, customers, and communities through the delivery of the contract to support health and wellbeing, including physical and mental health. • MAC 8.1: Demonstrate collaboration with users and communities in the co-design and delivery of the contract to support strong integrated communities. • MAC 8.2: Influence staff, suppliers, customers, and communities through the delivery of the contract to support strong, integrated communities. Example reporting metrics may include: Percentage/number of the supply chain to have implemented measures to improve the physical and mental health and wellbeing of employees including the 6 standards in the Mental Health at Work commitment and mental health enhanced standards in ‘Thriving at Work’, and people-hours supporting local community integration e.g. volunteering/community-led initiatives and Mental Health First Aiders.

Pricing

• Price: £0.60 to £2.50 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@nasstar.com. Tell them what format you need. It will help if you say what assistive technology you use.