MADIGAN SOLUTIONS UK LIMITED

Madigan Solutions Partner Identity

Madigan Solutions User Management Tool (UMT) is a SaaS delivered platform for administering the lifecycle of users not currently managed within an HR system.

The platform can provide business logic and lifecycle processes to non-employee user types such as Contractors; Consultants; Suppliers/Vendors; Guests; Purchasers; Robots; Tenants; and Custom-Defined User Types.

Features

• Platform that provides third-party user & contract administration
• Customisable user types and schema definitions
• Customisable lifecycle rule definitions
• Customisable mail templates
• Customisable approval processes
• Customisable report definitions
• Full audit/forensic log of actions

Benefits

• No Code/Low Code environment for simple configuration/administration
• Intuitive interface for delegated/distributed administration
• Adheres to open standards for integration with third parties
• Comprehensive suite of APIs covering all aspects of the platform

£5,000 to £30,000 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@madigansolutions.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

533479460011075

Contact

Natasha Free
0333 242 2889
info@madigansolutions.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: The Partner Identity Suite is complementary to Identity Management, Identity Governance, and Logical Access Management tools.
• Cloud deployment model: Public cloud
• Service constraints: Not applicable
• System requirements: Modern Browser, i.e., Microsoft Edge, Google Chrome, Firefox, Safari

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Standard support for the service has an 8 hour turnaround on questions and queries.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: A technical account manager will be automatically assigned as part of the service which will include a guaranteed up-time of 99.9% and the ability to raise support tickets which will be treated as P4 tickets by default. ; ; For pricing please refer to the pricing documentation.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: A user guide is provided with a platform pre-populated with sample data to help users understand how the platform operates.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: The platform supports a data extract function in CSV format.
• End-of-contract process: The customer is offered the option to extract all data (including log and forensic information) before the tenancy is decommissioned.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There are no functional differences between mobile and desktop versions of the application.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: The end user and administrative interface is provided as a single console with elements enabled/disabled depending on the end user's role. The UI is delivered as a web app which renders in an accessible manner across multiple device formats.
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: We use the silktide tool to test for accessibility against WCAG 2.1 AAA which covers features such as basic Accessibility; Contract Checks; Alternative Text Checks; Screen Reader & Focus Order Checks; appropriate Headings; and Impaired or Colour Blindness simulations.
• API: Yes
• What users can and can't do using the API: Every action that can be undertaken through the web interface can also be invoked via the APIs. This includes the creation of users, user types, lifecycle rules, report definitions, as well as the extraction of data and log information.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The platform supports custom schema definitions; custom user types; and customisation of lifecycle rules and email templates.; ; NOTE: Only authorised administrators have access to the customisable features which can be enabled/disabled on a per role basis as necessary.

Scaling

• Independence of resources: Each customer is provided with their own tenancy to ensure no other customers utilising the platform can impact on them.

Analytics

• Service usage metrics: Yes
• Metrics types: The platform provides dashboards showing the number and type of all data elements on relevant screens. It also provides a reporting capability showing the changes to the data elements over time. And finally a dashboard is provided showing the uptime of the service including average response times.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: The platform supports a data extract function in CSV format.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The service has a service level objective of 99% uptime with a 10% service credit claimable on failure to meet the 99% uptime during a contracted month.
• Approach to resilience: The platform is supplied in a highly available configuration utilising Kubernetes clusters spread over multiple data-centres.
• Outage reporting: A service status page will be provided outside of the platform with the platform constantly monitored by third party systems. Customers can also sign up for email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: All users accessing the service must achieve a Level of Assurance which requires Multi-Factor Authentication.; User types are easily customisable allowing administrators to create custom user types with elements enabled/disabled depending on the end user's role.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Madigan Solutions is in the process of obtaining ISO/IEC 27001 certification
• Information security policies and processes: Madigan Solutions ISMS is based on ISO 27001 standards.; A Director is assigned overall responsibility for information security and works with other directors to ensure compliance. ; Our Security Steering Group meets on a quarterly basis and currently comprises three people with executive powers to enact changes determined necessary by the group.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The platform is managed using an automated change management delivery pipeline which:; - tests the core features of the platform before deployment; - checks the platform for vulnerabilities before deployment; - rolls out changes in a non-disruptive manner
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: The platform's change management delivery platform, hosted in the IBM Cloud, automatically scans source code for vulnerabilities using the IBM X-Force service. The discovery of vulnerabilities automatically rolls back deployments and returns code to the development team for resolution.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The platform is protected by the IBM Security services that apply to the IBM Cloud infrastructure.
• Incident management type: Undisclosed
• Incident management approach: UPDATE

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity

  Tackling economic inequality

  Madigan Solutions is a small organisation with a focus on cybersecurity. It was started by five colleagues with an ambition to use our knowledge and expertise to provide an excellent service and, at the same time, ‘bring on’ the next generation of cybersecurity talent.; Three of the founding directors are originally from Northern Ireland and we decided to headquarter in Belfast with a view to creating well-paid and meaningful cybersecurity jobs for school leavers in this region of the UK. We believe our approach is in line with the UN sustainable development goal of decent work and economic growth.; We have become aware recently that larger IT organisations in Northern Ireland are making a large number of people redundant due to offshoring. This has created a great opportunity to hire talent. We are focused on providing a high-quality training experience for our employees and this is particularly important since in our opinion schools and universities are not adequately equipping leavers with the necessary skills.; We work with other organisations in Northern Ireland to promote skills development and learning. ; Cybersecurity is a growth industry with global revenue projected to increase from USD 155.83 billion to USD 376.32 billion by the end of the decade (Fortune Business Insights). The skills gap in Information Technology is widely recognised, but there is a particular gap when it comes to Information Security which Madigan Solutions hope to play a part in bridging.; We have already created four jobs since 2022 and our minimum forecast is to create a further four jobs by 2026. Our new recruits will be provided with extensive training with a view to obtaining industry recognised qualifications. We will also support any additional educational attainment. Our pay structures and promotion prospects are competitive as we look to reward and retain talent.

  Equal opportunity

  We hope to increase the representation of disabled people in the workforce through our experience with neuro diverse individuals. We have active training programmes and have undertaken an organisational audit to understand how we can better cater to people with disabilities.; Cyber security by its nature requires diversity of thought and approach. Our best guarantee of success will be derived from the inclusion of as wide a range of thought and experience as possible. We aim to be an inclusive employer, employing and training young people and people with disabilities. Unfortunately, as we can attest, no assistance is available once neurodiverse individuals are in work, but we hope to help influence that so that other small businesses will not be averse to hiring.; There is a shortage of wider representation in what has been traditionally a male dominated industry. More female representation is needed particularly in technology roles not just soft skills or support roles. This is something we hope to promote alongside equality of remuneration.

Pricing

• Price: £5,000 to £30,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: The platform is provided as a fully functioning, standalone tenancy, for a period not to exceed 4 weeks
• Link to free trial: https://umt.madigansolutions.com/

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@madigansolutions.com. Tell them what format you need. It will help if you say what assistive technology you use.