Chronicle Systems by JML Software Solutions Ltd
Captures occupational and operational competency against defined skills sets in highly regulated environments. Supports strategic threat & risk assessment and ensures capacity and capability meets demand.
Access to Firearms and high value assets can be managed virtually or physically based on accreditation against a defined role or skill set.
Features
- Management of specialist skills training and development
- Management of specialist and high value assets
- Real-time overview of accredited staff facilitating resource management
- Real-time automated approval for issue of assets
- Captures operational deployments and informs STRA reporting
- Fully configurable to match licencing and monitoring requirements of organisation
- Configurable real time notifications for exception reporting
- Full interface to HR/ERP systems available
- Full audit trail of transactional history
- Reporting and resource demand analysis functionality
Benefits
- Risk mitigation over access to specialist and high value assets
- Real-time identification of specialist skilled individuals available for deployment
- Ensures compliance with organisational policies and external regulations
- Ensures capacity and capability matches demand
- Reduces risk for organisation, employees and the public
- Proven assurance under external scrutiny
- Optimises operational performance and reduces financial overhead
- Single source of truth re available assets and resources
- Proactive decision making resulting from notifications
- Optimise performance, evidence compliance, reduce risk and costs
Pricing
£100,000 an instance a year
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
4 7 6 7 4 5 6 4 0 0 0 9 1 9 9
Contact
JML Software Solutions Limited
Diane Finn
Telephone: 03302233258
Email: diane.finn@jmlsoftware.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- If required - Door Access Control and Asset Management Issue and Return Stations require physical devices to be installed to call the cloud hosted web service. Deployments are planned and communicated a month in advance and will include planned system downtime.
- System requirements
-
- Windows 10 or above PC for Door Access Control
- Windows 10 or above PC for Issue and Return Stations
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Response within 60 minutes, Monday – Friday excluding Bank Holidays 8am – 4.30pm
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
Standard Support
Cost is included in monthly per user amount.
Access to Phone and Email Support with responses in less than an hour to all enquiries.
Email & Phone Working Days, Business Hours
Scheduled deployments during working hours.
Other support options possible on request. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Chronicle provides comprehensive on boarding services which can be applied against a small number of departmental users or an organisation as a whole. The on boarding process enables the end user to collate the required information from multiple sources into a single excel sheet. The collated information is then imported to Chronicle to enable a single view of the data obtained from multiple sources, enabling advantage to be taken of Chronicle in a matter of a few days. Support from a Services Manager is provided throughout this process, ensuring that appropriate data is captured and subsequently imported to Chronicle with minimal disruption to the end user.
Training can be provided on-site or via video link and JML provides user guides, quick reference guides and training videos through the Support Portal on our website. - Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- Database can be exported and imported into any appropriate system which conforms to the same standard and can support the audit trail provided by Chronicle.
- End-of-contract process
-
All customer data and configuration is extracted and delivered by secure medium to a single nominated location.
On receipt of the extracted data, the Chronicle database is cleared and erased using industry standard tools. Confirmation of data and configuration erasure is provided to the end user.
Finally, the virtual hardware utilised is destroyed with source files erased.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Application to install
- Yes
- Compatible operating systems
- Windows
- Designed for use on mobile devices
- No
- Service interface
- No
- User support accessibility
- None or don’t know
- API
- Yes
- What users can and can't do using the API
-
Chronicle provides inbound and outbound APIs, which enable the import of user data from third party systems, such as HR applications, along with the export of user and skill-based data to third party systems such as Duties, HR or Learning Management.
The inbound API is configurable by users via a configuration file where users define which fields the API will expect to be transferred to Chronicle from the external third-party system. There are Mandatory fields required by the API, along with optional fields that the user can choose from. Users can also “map” fields within the configuration to enable the API to transpose data within the interface, to cater for data descriptions differing in the third-party system and Chronicle.
The outbound API enables the user to configure formatted exports of officer and skills-based data for all, or selected Chronicle modules. The data can be output at a configurable schedule, or on an ad-hoc basis. The end user can manipulate the data to produce output in any format, such as CSV, XML, JSON etc. as required by the third-party system accepting the data. Multiple, differently formatted data exports can be created by the API at the same time. - API documentation
- Yes
- API documentation formats
- API sandbox or test environment
- No
- Customisation available
- Yes
- Description of customisation
- Users with the right level of permission can define organisational role profiles for skill accreditation and compliance.
Scaling
- Independence of resources
- Each organisation utilises dedicated Private Cloud hardware which uses VMWare to segregate resources between each implementation.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Login Volume,
Bandwidth and Machine Usage,
Uptime over a Time Period. - Reporting types
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
- Physical access control, complying with another standard
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Web Front End provides functionality to export a breakdown of information.
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- Rtf
- Xls
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- Rtf
- Xls
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- JML provide Assured Service Level Agreement as standard with up time of no more than 2 hours of unavailability between 9am and 5:30pm on Working Days.
- Approach to resilience
-
Full details available on request.
Data is replicated across physical sites and each Datacentre has built in redundancy of n+1 in Cooling, Power Generation and Hardware. - Outage reporting
- The solution includes automatic up time monitoring and Email alerts are sent in the event of an outage.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- Public key authentication (including by TLS client certificate)
- Limited access network (for example PSN)
- Username or password
- Access restrictions in management interfaces and support channels
- The Chronicle Control Panel provides an interface to the configuration and management of the Chronicle application. The Control Panel is restricted to authorised users and controlled by user ID and password.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- Public key authentication (including by TLS client certificate)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- British Assessment Bureau
- ISO/IEC 27001 accreditation date
- 20/07/2018
- What the ISO/IEC 27001 doesn’t cover
- N/A
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
- Police Approved Secure Facility (PASF)
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
-
Cyber Essentials Plus
Police Approved Secure Facility - Information security policies and processes
-
We have a Senior Information Controller (SIC) who has overall responsibility for Information Security. Reporting to the SIC is an Information Security Manager (ISM), who is responsible for setting and monitoring adherence to Policy. Information Security Officers report to the ISM and are responsible for the day to day implementation of the Policy, its recording and monitoring.
Our processes are aligned to our Statement of Applicability for both ISO 9001 and 27001
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
We have an ISO 27001 compliant Change and Configuration Management Policy which covers changes made to Software and Systems.
Security impact is quantified in line with this policy. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Environment is patched within 14 days of "Critical or High" patch releases.
Threats are assessed based on a Common Vulnerability Scoring System (CVSS).
Potential threats are taken from a Common Vulnerabilities and Exposures list. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- 24/7 Monitoring on boundary (including DDoS protection).
- Incident management type
- Supplier-defined controls
- Incident management approach
-
Incidents are raised directly with our support via email or phone. They are then classified and follow our ITIL process.
The reporter is given regular status updates and the SLA against each item is tracked.
Critical or Major incidents a root cause analysis and remedial action plan will be provided to the reporter.
Incidents are not made public.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
-
- Public Services Network (PSN)
- Police National Network (PNN)
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Equal opportunity
- Wellbeing
Fighting climate change
JML is committed to minimising its environmental impact through the use of recycling facilities within its offices. Printing is discouraged except where necessary and all documents are stored electronically.
Employees are encouraged to travel by train where possible and to car share if train travel is not an option.
Employees are not required to travel to the office unless needed for a meeting, thereby reducing unnecessary travel.Equal opportunity
Our robust recruitment process ensures people from all works of life are afforded the opportunity to progress a career within JML. We have recently started an apprenticeship programme to support local candidates who do not wish to follow an academic course out of school.Wellbeing
Employees are permitted to work flexible hours and accrue lieu days in order to achieve a work-life balance to suit them.
JML supports the Home Office Employer Supported Policing scheme for which we offer additional paid leave if an employee is successful in becoming a Special Constable or Police Support Volunteer.
Pricing
- Price
- £100,000 an instance a year
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- One month - subject to secure connection setup which may require investment.