Viewdeck Consulting Limited

Integrated Secure Audio and Video Service

Easy to adopt service designed to integrate with existing applications that need the ability to record and store audio and video assets securely. Simple, menu driven service with user defined forms to allow customisation to meet specific needs. Accepts range of digital assets including video, audio, images and screen recording.

Features

• Allows applications to adopt secure audio and video recording.
• Web-based audio/video collaboration software supporting collaboration, hybrid and remote working.
• Desktop sharing and presenting, based on COTS componentry.
• Browser-based, no client software required.
• Simple and Efficient, Low bandwidth and secure networks supported.
• High Quality, Private solution, to provide assured levels of confidentiality.
• Provides communication and delivery across public and private environments.
• Resilient and Highly Available configurations, to support service levels.
• Regular Service monitoring to provide quality and performance as necessary.
• Secure Storage and recording of digital media, GDPR Compliant.

Benefits

• Supports cross Agency collaboration, hybrid working and office productivity.
• Simple no client software or scheduling required for deployment.
• Add extensive digital store and retrieval capability to existing applications.
• Easy to extend collaboration features in services.
• Secure Server platform, production ready for Public, Tier1 Services.
• Suitable for Public, Private and Shared Cloud environments.
• Incorporates a wide range of chat and collaboration tools.
• Works with UKCloud, AWS, Azure, GCP, and private clouds.
• Can be integrated into Learning Development Platforms to increase functionality.
• Low-cost option for Local/Central government, Police and NHS.

£18 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at chris.oconnor@viewdeck.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

486011018715722

Contact

Chris O'Connor
0203 384 3350
chris.oconnor@viewdeck.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: A Viewdeck Patch Server is a requirement to provide a patch service and Virus/Rootkit signatures upgrades.; A Viewdeck Log Server is a requirement to provide event monitoring for the service.; A Viewdeck Monitor Service is required to provide availability and host health check monitoring.; Backup Solution providing secure offline remote cloud based storage is required. The Viewdeck Backup Service provides a suitable service.; The Secure Mail Server with connectivity to the secure administration mailbox providing alerting and reporting from the hosts.; Secure Remote Administrator Access via a suitable secure network. This will vary depending on the hosting environment
• System requirements:
  • Viewdeck Patch Server for patch and Virus/Rootkit signatures upgrades
  • Viewdeck Log Server for event monitoring for the service
  • Viewdeck Monitor Service for availability and host health check monitoring
  • Backup Solution providing secure offline remote cloud based storage
  • The Viewdeck Backup Service provides a suitable service
  • The Secure Mail Server with connectivity to secure administration mailbox
  • Providing alerting and reporting from the hosts.
  • Secure Remote Administrator Access via suitable secure network.
  • This will vary depending on the hosting environment

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our response is based upon a traditional P1-P5 problem management prioritisation and response model with escalation as appropriate to meet the agreed SLA.; * P1 issues have an immediate response, action within 30 minutes during standard support hours (9.00-5.00 M-F). 1 hour outside of standard support hours. Target resolution is 4 hours.; * P2 issues have an immediate assessment during standard support hours and response within 2 hours. Target resolution is 1 working day.; * P3, P4 and P5 issues are responded to within 1 day during standard support hours. Target resolution is 2, 5, and 10 working days respectively.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: None
• Onsite support: Onsite support
• Support levels: Viewdeck follows a traditional P1-P5 problem management prioritisation and response model, providing integration and escalation as you would expect to deliver to the agreed service levels.; * P1 Total loss of service.; * P2 Some loss of service.; * P3 Small loss of service or work around.; * P4 Tasks are made more difficult, but are not impossible to complete.; * P5 Interferes with non-operational use.; All P1 and P2 events are allocated an Incident Manager to see and manage incidents through to successful resolution, providing SPOC, regular reporting, and coordination between various resolver groups. Standard support is Mon-Fri 9-5:00pm. Additional extended hours of support are available, either for 9am-5pm Monday-Sunday , or 24 hours x 7 days Week. All services can take advantage of the 24 hour per day web and telephone service, although only P1’s and P2’s will be responded out of supported hours. Additional pricing for these services is based on the product, with further details in our pricing guide. All Viewdeck Services include an Account Manager to manage service issues, and provide a SPOC for clients.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Viewdeck offer assistance to getting stated; ; Self taught CBT training is available as part of the service; ; Additional fixed price packages for other training is also available on request at extra cost
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: On end of contract, Viewdeck can supply the users information extracted from the system in native format or configuration files, including XML/JSON format. ; ; This can be transferred to the user electronically via secure electronic transfer by arrangement with the client organisation, or via a shared secure File Transfer area. If the client has specific needs for the physical transfer of the data we would support this by additional services for the media and media transport for Data Extraction.
• End-of-contract process: 30 days before end of Contract, there will be client engagement to confirm the Requirements, agree a plan, any additional services needed, and the Quality Criteria for the delivery of those services to meet the Requirements.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The user solution includes all functionality
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Viewdeck provide a web-based service interface for users to manage all of their service requests. There is an additional web interface for users to manage the features of their service.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Accessibility testing - Our knowledge has come from service tooling manufacturers commitments and market research.
• API: Yes
• What users can and can't do using the API: Client (normally Technology Administrators) can access the system through a web based API. This allows the Client to gain 'Controlled' access to the key functionality of the service to support Configuration and Data Management. All Services support REST based API interfaces.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Our services are based upon COTS components that are configurable for Clients via common and native interfaces. The functionality accessed by the Client allows a certain level of Business configuration within the parameters of each individual Service. Typically this is via a Web interface. ; We encourage Clients to Self Service for such Configurable parameters.

Scaling

• Independence of resources: All of our services are based on dedicated devices with managed contention performance to ensure no service degradation due to other user ativity. ; ; In the event of performance degradation occurring our service management tooling would automatically trigger and incident alerting us to the problem so that immediate action can be taken to address it

Analytics

• Service usage metrics: Yes
• Metrics types: Full Access to service Monitoring interfaces is provided by a web interface. This give the client access to the full spectrum of system and service accessibility and availability, with optional reporting against service SLAs.; ; The Service Management tooling records and reports on all aspects of the Service delivery , and provides reporting against service SLAs for clients. This are provided free of charge for clients as part of the baseline service.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: The user is able to extract their data through Web Interface access management tools allowing them to download the data to their desktop, where applicable to the Service.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats: XML
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • XML
  • SQL

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: The level of availability is 99.50%
• Approach to resilience: Our service utilises a service provider that has multiple hosting sites with diverse routing of communications and power. We use a service configuration that makes use of these capabilities to provide a resilient service.
• Outage reporting: The client would get an alert via an email should there be an outage; ; The client would also be able to view a service dashboard to see the status of their service

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Access is limited via IP address of connecting devices and use of shared keyword
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International
• ISO/IEC 27001 accreditation date: 18/05/2018
• What the ISO/IEC 27001 doesn’t cover: All aspects covered.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Viewdeck has a ISMS with the basis procedures to manage security such as; ; Information security policy and objectives ; Risk assessment and risk treatment methodology ; Statement of Applicability ; Risk treatment plan; Risk assessment report; Definition of security roles and responsibilities ; Inventory of assets ; Acceptable use of assets; Access control policy ; Operating procedures for IT management; Supplier security policy ; ; Viewdeck has a nominated security officer who ensure security policies are followed and undertakes scheduled audits. The security officer reports directly to the CEO

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Viewdeck utilizes suppliers that follow certified configuration and change management procedures. ; ; Viewdeck also uses automated configuration control and management via the Chef toolkit.; ; Viewdeck has its own documented procedures for configuration and change management based on ITIL. All changes are assessed and appropriate assurance steps determined for the change. All changes are tested in a dedicated environment before release to live.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: View deck undertake event logging via our SIEM. This allows security monitoring in real time of our services.; ; Our services also undergo regular penetration test to ensure that no vulnerabilities have emerged.; ; Our services are managed using automated Configuration tooling that keeps the infrastructure from being changed and lowering the risk of malicious exploration.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: All services are managed at the boundary by NIDS. Our services also provide application level logging and HIDS protection. All alerts would be forward to the clients. Depending on severity, we would respond within the SLAs of our services
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our incident management process is based on ITIL principles; ; Users can log and incident via email, phone, web interface and also chat.; ; Incident reporting is via web interface. Additional reports can be supplied by request at additional cost.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Health and Social Care Network (HSCN)

Social Value

• Fighting climate change:

  Fighting climate change

  All staff and suppliers are aware of our environmental policy and team members are actively encouraged to take a responsible approach to protecting the planet.
• Covid-19 recovery:

  Covid-19 recovery

  Since the outbreak of Covid-19 we have encouraged all of our staff to work from home. This removes the need for commuting, promotes social distancing and as a bi-product has significantly increased productivity. Recognising the issues that can arise from remote working we encourage regular communication through a range of collaborative software services and hold regular remote team and company meetings to promote and develop team spirit and cooperation.
• Tackling economic inequality:

  Tackling economic inequality

  We are actively encouraging all team members to continue to learn and develop new skills to support the digital economy. We are also supporting Apprenticeship Degree schemes, notably in Cyber Security. Although we are a small business we are constantly seeking ways to introduce new members to the team. Increase supply chain resilience and capacity - We actively seek to partner with other SME’s who share similar values to extend our capability. We continue to support innovation and disruptive technologies to provide low cost, high value services that drive productivity. We have a total commitment to the management of cyber security risks through our internal processes, ISO27001 and Cyber Essentials Plus accreditation.
• Equal opportunity:

  Equal opportunity

  Every member of the team is valued and encouraged to develop their skills to support further career development. Irrespective of gender, age or race every team member has the same opportunity to progress in our business. We have an anti-slavery policy and ensure that our supply chain is not compromised in any way.
• Wellbeing:

  Wellbeing

  We are aware of the wellbeing issues that have resulted from the Covid pandemic. We have always had a culture that welcomes contributions from all team members. We operate a very flat structure where everyone is encouraged to participate fully in all of our business activities. Self-worth, training and a common commitment to help each other is at the forefront of our organisation.

Pricing

• Price: £18 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Fully functional time limited trial with appropriate service restrictions.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at chris.oconnor@viewdeck.com. Tell them what format you need. It will help if you say what assistive technology you use.