Skip to main content

Help us improve the Digital Marketplace - send your feedback

SYSTEMES ET TELECOMMUNICATIONS LTD

START PaaS

For emergency services control rooms to receive emergency calls, manage incidents, communicate with resources in the field and store information relating to incidents

Features

  • Command and Control
  • Computer Aided Dispatch
  • Integrated Common Communication System
  • Control Room Solution
  • Incident Management and Dispatch System
  • Geographical Information System
  • Incident Reporting System
  • Emergency Medical Services Software
  • Mobile Data Terminal
  • Management Information System

Benefits

  • Software licenses included
  • Antivirus included
  • Supervision included
  • Self contained system

Pricing

£50,000 to £100,000 an instance a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at d.mallet@systel-sa.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

4 3 7 0 7 9 3 5 0 9 9 5 9 5 7

Contact

SYSTEMES ET TELECOMMUNICATIONS LTD Damien Mallet
Telephone: 07495471066
Email: d.mallet@systel-sa.com

Service scope

Service constraints
Offering is for a minimum contractual term of 5 years.
It is the buyer's responsibility to provide the operational data (including mapping data subject to licences) at no cost to the supplier.
The buyer ought to provide the user workstation hardware (however supplier has an option to provide workstations at additional cost).
The buyer ought to manage the provision of telephone lines to the cloud hosting site(s).
System requirements
  • IP-Sec link with fire stations
  • Telephones lines (SIP)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Due to the nature of the service we provide, we have 24/7 on-call technicians who will be contactable in the event of outages or major issues out of hours.
The response times are agreed with the buyer, with the pricing of the service depending on the level of SLA desired.
Questions raised are usually picked up Next Business Day and the response timeframe aligned to the agreed SLA.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
To provide
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Systel will work with the buyer organisation to provide the required knowledge and training to configure and use the system. Systel has a dedicated team of multilingual trainers who will deliver both onsite and online training. The system also comes with an extensive set of user documentation which is available online. The training will consist of functional and technical elements
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
WinHelp (.chm)
End-of-contract data extraction
Users can either query the Datawarehouse themselves to retrieve historical data or Systel can provide a one-time extract of both the operational database and the Datawarehouse and share with the buyer
End-of-contract process
A one-time data extract is included
Closure of the access and destruction of all the data is included

Using the service

Web browser interface
Yes
Using the web interface
Most modules of the Command and Control solution are web based and can be accessed using a web browser with Role Based Authentication and Single Sign-On. The system also relies on an application that requires to be accessed through a Virtual Desktop Infrastructure. The system data and configuration can be administered using the interfaces.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
Systel has implemented the WCAG 2.0 guidelines within its product development organisation, adhering to the AA level by default. The internal process document describes the methodology the software developers at Systel ought to follow and provides them with the required guidance. At the unit test stage, the adherence to the guidelines is audited.
It is important to note that WCAG are guidelines only and that specific requirements (if they exist) have to be discussed and agreed between the buyer and Systel, due to the particularity of the Command and Control software (and its limitations as a result) as well as the uniqueness of the ways of working within a fire service Operational Control Room.
Web interface accessibility testing
The implementation of assistive technology is usually managed in collaboration with the buyer due to the nature of the operations in a Emergency Service Control Room
API
No
Command line interface
No

Scaling

Scaling available
No
Independence of resources
The system is sized based on worse case operational scenario which is tested during the implementation phase.
The service provisioned for the buyer is only used by the buyer organisation and not shared with other buyers (due to the nature of the system)
Usage notifications
Yes
Usage reporting
  • Email
  • Other
Other usage reporting
Alerts in the supervision user interface
Support team to contact buyer

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
Database utilisation
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Databases
  • Virtual Machines
  • Network configuration
Backup controls
As part of the service, the supplier controls what backups are performed, in line with industry standard for this type of system.
Datacentre setup
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
Internal networks are separated (VLANs and firewalls).
Systel uses the 3-tier architecture security model

Availability and resilience

Guaranteed availability
Refer to Service Definition Document
Approach to resilience
Available on Request
Outage reporting
User dashboard through supervision service

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Support teams have a dedicated link to a support bastion to manage and administer the system
Access restriction testing frequency
Less than once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
ISO22301 (pending)

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Information security policies are formally maintained and distributed throughout SYSTEL. The responsible personnel reviews the security policies yearly and acquires appropriate management approval for revised versions created during the review process.

We have implemented the following security policies:
• Information security policy
• Access control policy
• Asset management policy
• Backup policy
• Business continuity policy
• Change control policy
• Cryptography policy
• HR security policy
• Incident management policy
• Logging & monitoring policy
• Network security policy
• Patch management policy
• Physical security policy
• Secure software development lifecycle Policy
• Security risk assessment policy
• Third party security policy
• User security policy

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Systel uses its internal configuration management system who is tied to its ticket, change and problem management system.
All assets (physical and logical) are loaded in the system.
Systel follows the ITIL methodology for configuration, change and problem management
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
SYSTEL utilises both automated and manual processes across both our software and infrastructure to detect vulnerabilities in production. The processes include:
• Quarterly vulnerability scans on our software and infrastructure
• Monthly internet exposure monitoring
• Monthly Dark Net Exposure monitoring
• Annual Penetration testing
The identified product vulnerabilities are assessed according to the CVSS system.
• CVSS : 9-10, 24h
• CVSS : 7-9, 10 days
• CVSS : 5-7, 90 days
SYSTEL works with a platform that offers continuous threat monitoring.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
The offering includes a security supervision solution (MDR - Managed Detection Response) which actively monitors continuously the supplier's environment for potential and actual security breaches. The MDR solution includes a SOC which reviews and manages the alerts and responds to the threats. The response time will depend on the threat priority.
Incident management type
Supplier-defined controls
Incident management approach
The process is managed using MDR based on an external 24/7 multi-time zone SOC and SYSTEL's security team.
Security event are managed as following:
•CRITICAL: 60 secs acknowledgement, 15 minutes triage and if necessary telephone contact
•HIGH: 30 minutes to start investigation
•MEDIUM: Starts analysis within 1 hour
Containment measure are the following:
•Account: disable accounts, reset credentials
•Network Access: disable access, enforce encryption
•Endpoint: Isolation, power-off/on, reboot
Monthly report is communicated to customer with the following information
•Detected Alerts and detailed incident report
•Network health
•At Risk Systems
•Access Events
•USB storage device events
•Darknet exposure

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
Other
Other virtualisation technology used
Hyperconvergence based on Nutanix hardware and software
How shared infrastructure is kept separate
Different organisations will use the same datacentre but will not share low level infrastructure (physical servers, networks)

Energy efficiency

Energy-efficient datacentres
No

Social Value

Social Value

Social Value

Equal opportunity

Equal opportunity

Systel is committed to provide equal opportunity in employment and in it workplace

Pricing

Price
£50,000 to £100,000 an instance a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at d.mallet@systel-sa.com. Tell them what format you need. It will help if you say what assistive technology you use.