ID-WARE UK LTD

ID-ware Cloud & PIAM Suite

ID-ware Cloud & PIAM (OCMS) is fully integrated enterprise platform for producing, and managing the life cycle of smartcard/GovPass credentials, including on-premise encoding using diversified encryption keys on MIFARE DESFire EV2/EV3 credentials in a CPNI compliant way. All costs are excluding VAT.

Features

• Smartcard token encoding and production (MIFARE DESFire EV1/2/3)
• Real-time reporting and whole-life management of smartcards and user activity
• Enterprise Infrastructure Integrations including SAML 2.0
• User Self-Service Module
• Access Manager Module for Physical Access Control System integration
• Visitor Management Module for visitor booking and management
• Key diversification and rollover for smartcard tokens
• Photo Capture, AI Validation & Transformation Tool
• Secure Gateways by Everfox (Deep Secure)
• Physical Identity and Access Management (PIAM)

Benefits

• Reduce risk with a high security access control token
• Centrally manage and provision all access control tokens
• Save money capturing photos and confirming user data
• Increase efficiency by automating access provision
• Use occupancy monitoring to understand population levels in buildings
• Schema validation & cross domain security

£0.14 a user a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@ID-ware.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

448254036513285

Contact

Business Development
02080502648
enquiries@ID-ware.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: Depending on the implementation of smart cards, custom firmware for smart card readers may need to be implemented however these are usually industry standard and we can advise accordingly under the scope of any requirements.
• System requirements:
  • Windows 10 (or later) for Card Production Workstation Client
  • Windows Server 2019 (or later)
  • Microsoft SQL Server 2016 (or later)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 24 hour response SLA, Monday - Friday.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support packages are bespoke for the complexity of the solution. For example, a simple 'off-the-shelf' configuration will not incur additional charges, however a custom configured capability with access control system integrations would require a custom support contract.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The deployment of OCMS is a managed process with each deployment varying dependent on the organisation's business requirement. Training is delivered either on premise or remotely with user guidance and documentation created in line with the outcome.; ; An initial kick off meeting is held where the requirements gathering period is set at which point the initial configuration will be created in a Test/Acceptance environment. Following acceptance testing, this will be deployed in the Production environment.; ; This software is highly technical and complex require subject matter experts to configure and support.
• Service documentation: No
• End-of-contract data extraction: Upon request at the end of the contract, an export of the customer data within the SQL database will be conducted and made available.
• End-of-contract process: Under the SaaS model, all services cease upon the end of the contract. No residual capability is accepted. All customers will be provided with a journal of the encryption keys used for their smartcard encoding.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
• Application to install: Yes
• Compatible operating systems: Windows
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: The CTMS API capability is designed to integrate building Automated Access Control Systems for either centralised management or authentication dependent on the use case.; ; The APIs can be called by any user with a valid API key. The service itself cannot be set up via the APIs and users cannot make material changes to the configuration of the service using the API.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: CTMS requires customisation for users to fully meet their business need. Branding, workflows, token architecture and authorisation roles are just a few examples of what can be customised. Some features are customisable by users, others require in depth support and consultation.

Scaling

• Independence of resources: Under the SaaS model, each customer has their environment deployed within a separate AWS environment with resources scaled as per the requirement.; ; Under the customer-hosted model, this is the customer's responsibility.

Analytics

• Service usage metrics: Yes
• Metrics types: Service metrics are configured as per the customer requirement. A combination of dashboards, APIs or reports delivered via email can be facilitated.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: ID-ware

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Never
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users with the required permissions can export data in CSV format using the Export Configuration function.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: SLAs are agreed on a per customer basis and is dependent on configuration.
• Approach to resilience: Under the MSaaS model, environments are hosted in the AWS London Region and customer can select a high availability option providing additional resilience. As a minimum, web servers have failover and load-balancing to over instances in 2 availability zones.; ; Under the self-hosted model, this is the customer's responsibility.
• Outage reporting: Email and SMS alerts to nominated customer contacts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to management interfaces is restricted to users who have been appropriately trained and from specific endpoints via either a VPN or a Virtual Desktop Infrastructure (Amazon WorkSpaces) using an restricted allow list of IP address.; ; Access to the AWS account is restricted to specific user with two factor authentication being mandatory. The root account is secured in line with AWS best practice.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: NSCS Cloud Security Principles are followed when deploying environments. ID-ware and AWS are both ISO/IEC 27001 certified and these principles are also followed by Cipher10.
• Information security policies and processes: Cipher10 follows NCSC Cloud Security Principles for the design of systems. For the handling of sensitive cryptographic assets including DESFire key material this HMG Information Assurance Standard No. 4 is followed. Cipher10's internal policy on handling information broadly aligns with HMG Information Assurance Standards. All staff and sub-contractors are trained accordingly and this is reviewed quarterly. Any issues are reported to the Company Director.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All configuration, patches and infrastructure changes are first deployed in a reference environment with software supply chain assurance conduct.; ; This also applies to the underlying AWS serverless components where new versions or features are released.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: The software vendor conduct software supply chain assurance for the software platform itself and release regular patches and security fixes. For the underlying infrastructure under the SaaS model, the NCSC Cloud Security Principles are followed.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Monitoring is in place on all environments using AWS CloudWatch with notifications configured in the event of incidents. In the event of potential compromise, customers will be notified and appropriate remediation will be made as soon practically possible.
• Incident management type: Supplier-defined controls
• Incident management approach: The environments used are designed for high availability and failover within the London AWS Region. In the event of a region outage, users will be notified where possible with the estimated fix.; ; In the event of a service outage, notifications will be sent nominated users via email where possible with details of the incident and estimated time to fix.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  At Cipher10, we keen to offset our carbon footprint as much as possible but doing the following:; Paperless/recycled packaging – We are a paperless company day to day and encourage as many items to be recycled as possible. This includes packaging for shipments. ; Travel – We ask all staff to use public transport where possible. All company cars are fully electric and we will do our best to use electric vehicles for any deliveries that may be required.; Remote working – We operate in a hybrid but predominately remote working style. This cuts our energy usage for office space. We also encourage online meetings to ensure that staff are required to travel less.; Carbon Credits – Cipher10 is also actively participating with carbon credits.

  Covid-19 recovery

  COVID-19 hasn’t impacted Cipher10 too greatly. However, we are ensuring that all current staff are supported and new potential staff members are considered for all positions within in the company and we will do our best to support them with any assistants they may need relating to COVID-19.

  Tackling economic inequality

  We are a rapidly expanding business which in itself if requiring us to create new job opportunities and grow as a team and company. Cipher10 is active in ensuring that we offer opportunities to people from all backgrounds and locations which we are able to do with our hybrid working style. Due to Cipher10’s area of work, we are very aware of ensuring that cyber security risks identified and managed. We are doing this by working towards automating some services where possible and using security equipment and programmes to help us.

  Equal opportunity

  Cipher10 provides equal opportunities to its staff members by offering training courses and further development to all staff. We also pride ourselves on having well paid salaries which reflect the workload and quality as well as the responsibility of the positions rather individual.

  Wellbeing

  Cipher10 ensures that all staff are comfortable working from home by asking staff to complete DSE assessments for their home working set up and providing any equipment required to make their workstation more comfortable. We also encourage all staff to take regular short breaks to rest their eyes from the computer screen. We provide private Bupa healthcare as well which covers mental health so our staff can gain help without the worry of cost. We also ask our team leaders to have regular check in’s with their teams to discuss any issues that might arise and if they are struggling with anything.

Pricing

• Price: £0.14 a user a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@ID-ware.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.