INVITIAL LTD

Network Rail Telecom Delivery Tool

The application provides design and management tools for telecoms and network infrastructure and services

Features

• Network design
• Project management
• Document creation and management
• Config creation and management
• Reporting

Benefits

• Change management
• Automation
• Validation
• Reporting

£30,000 an instance a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@invitial.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

537136497641356

Contact

Sales Team
‭0203 962 5726‬
info@invitial.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements:
  • Access by users is via the public Internet
  • A modern web browser (e.g Chrome)

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: 1 business day
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: One level of support is offered. It includes business hours support via phone, email or internet messaging. Support is included in the cost the customer pays for the service.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: User documentation is made available and if required, onsite training can be provided at additional cost
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Excel exports can be provided
• End-of-contract process: When a contract ends, if it is not replaced with a new contract the customer will lose access to the service

Using the service

• Web browser interface: Yes
• Supported browsers: Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Users can use the API as an alternative to interacting with the system via the user interface. Not all functions are available via the API but the API will continue to be enhanced as new features are delivered
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: The service has been designed at a scale that will support more than the maximum number of expected concurrent users

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: In-house
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Data is available for export in various formats, Excel, Word, PDF, etc
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats: Excel

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: No formal SLA is provided as standard for the service. The cloud infrastructure provider offers a 99.9% uptime SLA
• Approach to resilience: The service has built in redundancy and data and systems are regularly backed up.; ; More information is available on request.
• Outage reporting: Customers are notified via email of outages or planned maintenance

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: The system uses role based access controls and management functions are restricted to the super user role, this role is limited to a select number of users.; ; IP whitelisting is also used in some areas as additional protection on the infrastructure side
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: A number of policies are in place that dictate how security concerns and incidents are protected against an addressed
• Information security policies and processes: During onboarding and training of employees, our information security policies are reviewed and the employees responsibilities outlined and acknowledged.; ; Our policies cover information security, GDPR and the Data Protection Act

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We maintain separate asset lists for:; - Hardware; - Software / Firmware; - Firewall configuration; ; These lists include install/commissioning and removal/decommissioning dates which allow us to track active assets through to retirement.; ; Additionally the asset lists include version information which allows us to easily identify, out of date or un-supported version.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We monitor the CVE Program list for relevant vulnerabilities, where a potential threat is identified we evaluate potential attack vectors on our systems. We endeavour to, where possible, patch or mitigate the high risk vulnerabilities within 14 days
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We maintain access and audit logs and have pro-active measures that monitor these logs and identify potential anomalies. We will respond immediately upon discovery of an incident and quickly evaluate the impact and reach. Depending on findings, actions taken will vary from the most severe, removing public access to the system to lighter touch resolutions such as requiring users to change the passwords on their user account
• Incident management type: Supplier-defined controls
• Incident management approach: Users are able to provide report incidents by phone or email. Customers are notified and updated of incidents via email.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  We hire staff with little or no development experience as junior developers and train them whilst on the job and help them improve their skills and progress their career in software development

Pricing

• Price: £30,000 an instance a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@invitial.com. Tell them what format you need. It will help if you say what assistive technology you use.