Infoshare Ltd

Infoshare Active Directory Management

Automatic management of all Active Directory users acorss an organisation with user and personnel data matched across all relevant data siloes.

Features

• Employee data cleaning and matching from siloed data as standard
• User purge list automatically created
• Up to date lists for automatic removal of unwanted users
• Automatic data sharing between relevant departments
• Data matched from HR; IT and Security teams
• Data processed from relevant existing systems including CRM and Payroll
• Recognises aliases and identifies all duplicate records for an employee
• Flexible hosting and deployment options
• Built-in auditability to track and support decision-making
• Customisable built-in rules

Benefits

• Reduces risk of security breach or data theft
• Operational savings, only pay for the software licenses you need
• Enables automatic removal of unwanted users
• Improves efficiencies, processes and technical resource utilisation
• System access for unauthorised users can be immediately removed
• Reduced friction points between IT, HR, and security
• Less manual resource needed, with fewer opportunities for manual error
• Improved data security
• More effective and efficient process
• Supports reputational management

£25,000 to £39,000 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pamela.cook@infoshare-is.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

468715059762340

Contact

Pamela Cook
07974 160035
pamela.cook@infoshare-is.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: Installation within client controlled environment.
• System requirements:
  • Windows Server
  • SQL Server
  • Java
  • Tomcat

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Infoshare shall respond to all reported issues within four hours of the working day between the hours of 0900-1730. We shall confirm the priority level attached to the case and an estimated resolution timescale. By exceptional arrangement at weekends.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We assess all cases and agree with the user a priority level that reflects the impact of the reported problem on the Customer’s business. Infoshare uses four different priority levels - Low, Medium, High or Critical. Critical is investigated immediately with an immediate workaround and a fix provided within 5 working days. High will have an immediate workaround and fix within 30 days. Medium by next major release of software and low as per development plan. For on-site support we provide a support engineer or a delivery consultant. All support provided via telephone and email is included within the annual charges.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: As part of the onboarding process, clients are provided with a dedicated Account Manager as their key points of contact. They will agree requirements, goals, key project stakeholders, timelines, and key deliverables with the Client. Following successful project delivery, the Account Manager will be the main and constant contact throughout the project lifecycle.; ; After the project delivery phase, the Support Team will also work with new clients to agree an effective support model, with responsibility assignments and a communications plan, tailored to the clients’ IT operations. The Support Team ensure a smooth transition from project delivery to live operations, enabling Client operation teams to proceed with populating CRM and finance systems.; ; Full onsite or online training is provided along with full documentation.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: All data is processed withiin the client-controlled infrastructure and therefore they follow their own data extraction protocols.
• End-of-contract process: At the end of a contract, clients simply uninstall our software from their environment and confirm that this has been carried out. There are no costs associated with this process, unless we are hired to perform the removal.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The service interface is accessed via a Web Browser to monitor and control the application.
• Accessibility standards: None or don’t know
• Description of accessibility: Users can access all parts of the application.
• Accessibility testing: We have not done any testing with users of assistive technology yet.
• API: Yes
• What users can and can't do using the API: All application functionality can be accessed through the API.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Most aspects of the Active Directory Management can be customised. This is done through the web service interface - many options are managed by simple controls. Output options are customisable and users can configure the system for unlimited data feeds and outputs. Experienced users can significantly alter the match and validation rules. Users can create multiple single view projects with customised configurations and varying data feeds.

Scaling

• Independence of resources: We install within an individual client's infrastructure or specific client contracted third parties' infrastructure and therefore all client data and operations are separate and isolated from each others demands as solution not multi-tenanted.

Analytics

• Service usage metrics: Yes
• Metrics types: Client's can get cloud CPU and other usage metrics from the cloud host or other contracted party

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: In-house
• Protecting data at rest: Other
• Other data at rest protection approach: Infoshare does not store or process any client's data withiin our own infrastructure or network. Clients may implement end to end encryption within their client controlled environments including encryption at rest.
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: To files, database tables or via our web API
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • ODBC
  • Tab separated values
  • XML
  • JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • ODBC
  • Tab Separated Values
  • JSON
  • XML

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: Infoshare does not store or process any client's data within our own infrastructure or network. All storing and processing is within client controlled environments.
• Data protection within supplier network: Other
• Other protection within supplier network: Infoshare does not store or process any client's data withiin our own infrastructure or network. All data processing and storing is carried out within client controlled environments.

Availability and resilience

• Guaranteed availability: Infoshares service is based on a per client basis hand in hand with third party providers. Relevant and agreed service level agreements are agreed in advance. The final documentation reflects those agreements and guarantees.
• Approach to resilience: Our software is situated within clients own infrastructure and data centres or those of an client contracted third party.
• Outage reporting: Our software has complete access logs which capture all activities and align with the clients security which allows reporting all activity by time and user.; ; Client monitoring services can create email alerts via Windows system event log application events.

Identity and authentication

• User authentication needed: Yes
• User authentication: Other
• Other user authentication: User name and password
• Access restrictions in management interfaces and support channels: We reflect the users internal access controls, where users are restricted by log in credentials and defined criteria.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Other
• Description of management access authentication: User name and password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Risk Ledger Compliance

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials; Risk Ledger and currently preparing for ISO 27001 audit.
• Information security policies and processes: Infoshare uses an ISMS system where policies are assigned to owners and regularly reviewed. Policy compliance is enforced by contract and training with staff reporting in to the Security Team which includes our DPO.; ; We follow ISO 270001 information policies A5-A18 including internal organisation, mobile working and teleworking, human resource security, asset management, access control inc user access management and system and application access control, cryptography, operations security, communications security, system acquisition development and maintenance, information security incident managment, code of conduct and social media guidelines. Infoshare uses an ISMS system where policies are assigned to owners and regularly reviewed.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Operational security as per ISO 27001 standard. In addition, we comply with the contractual change management process as agreed with client and supplier defined in our contracts. Each new release of the software is assessed for any features that have a security impact and this includes ensuring key libraries are up to date and any security vunerabilites as reported by Infoshare security newletter subscriptions or the Risk Ledger addressed and tested against.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Infoshare technology is situated and deployed within a client defined and controlled infrastructure and reflects to and adheres to their own vulnerability management processes and policies. ; ; Infoshare receives regular NCSC security newsletters and threat reports. When these highlight a ClearCore issue, then it is investigated and added to the development plan with an appropriate priority and is released in hotfix as necessary.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Infoshares service is hosted within client controlled environments, even when using third party providers. ; ; We support clients with their protective monitoring requirements.
• Incident management type: Supplier-defined controls
• Incident management approach: We have predefined incident management processes. ; Client users can report incidents to our DPO as can our own staff. ; Our incident response process includes internal reporting to incident investigation owner and external reporting to clients and/or other authorised parties. All of this follows the ISO 27001 policies and processes.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We have taken many conscious steps as an organisation to actively reduce our carbon footprint, which our team actively engage with.; ; • In 2021 we made the decision to become a fully remote organisation, shifting all our data storage into the cloud and removing the physical servers that we previously had onsite. ; ; • We encourage virtual meetings wherever possible and approve travel only when necessary.; ; • When travel is required, many of our team opt to cycle or walk for as much of the journey as possible.; ; As part of our services, we also help our customers to reduce their carbon emissions. During the matching process, we often deduplicate large numbers of records. This automatically reduces the amount of data they have on servers and the subsequent impact on the environment.

  Tackling economic inequality

  We are dedicated to tackling economic inequality. We consciously ensure we engage with a diverse range of small and large partners in delivery of our contracts and in our standard operational procedures. ; We always consider our existing staff when new roles and responsibilities arise, encourage the development of new skills, and promote internally when we can. We support people’s aspirations and facilitate paid opportunities for training and development. ; Our CEO sits on the Cabinet Office’s Small Business Panel, advocating for the fair treatment of SMEs and increased SME representation in the public sector supply chain. In 2023, their successful advocacy resulted in a shake-up of procurement regulations with the introduction of the Procurement Act, which makes procurement processes simpler for SMEs and strives for a more diverse, inclusive, and innovative supply chain.

  Equal opportunity

  We are committed equal opportunity employer that strives to live the values we set out in our Equality and Diversity Policy. We have a diverse team made up of a variety of different ethnicities, genders, and socio-economic backgrounds, with a range of nearly 50 years between the youngest and eldest members of staff.; All our team are encouraged and supported (including financially) to continually progress and gain new skills. In the past two years, we have fully funded two qualifications for members of our team who wanted to take on more senior roles within the organisation.; We also have a Modern Slavery Policy, with relevant staff made aware of their responsibility to identify and manage the risks of modern slavery in delivery of our contracts.

  Wellbeing

  Health and wellbeing of our team; At Infoshare, we encourage a healthy work life balance to support positive health and wellbeing. We work flexibly with all our staff to determine working hours and arrangements on an individual basis. We support parents and those with caring responsibilities to work their hours around their lives. For team members who are post-retirement age, we allow them to set their own hours and times they can work on a week-by-week basis.; For the members of our team who need active support with their mental health, we have paid for private assessments and mental health coaching and allow as much time off work as is needed. Since we became a fully remote organisation, where team members felt remote working negatively impacted their mental health, we paid for co-working spaces that created a community.; Improving community integration; Organisationally, and individually, we engage in many activities to support our local communities. ; • We fund monthly meals for homeless people, with a member of our team giving up her time to cook and coordinate this initiative. ; • Our team are offered paid time off to volunteer with initiatives to support their local communities. ; • Our old laptops and computers are donated to local schools.; • We have a flexible arrangement with our team that we will help them support causes that are important to them.; • Our CEO volunteers her time to support vulnerable people in her local community.; • Our CEO also sits as a magistrate – an unpaid role committed to reducing crime rates locally.

Pricing

• Price: £25,000 to £39,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We offer a Proof of Value (PoV) service, using an agreed subset of data, to demonstrate the results and ROI that can be achieved with our matching software. This gives quantitative and tangible benefits that support the business case to scale the project and help to secure buy-in from stakeholders.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pamela.cook@infoshare-is.com. Tell them what format you need. It will help if you say what assistive technology you use.