NquiringMinds Ltd

NQM Knowledge Base

NQM Knowledge Base provides a Content Management System (CMS) that allows organisations to document and share their knowledge as a website in a simple, secure and elegantly presented way.

Features

• Secure content management system
• Modern web design, responsive to mobile screens
• Flexible content creation
• Rich content rendering with markdown
• Live preview when editing content
• Searchable articles
• Structured portal with pages, folders, and articles
• Real-time publishing

Benefits

• Publish content in real time
• Secure your internal knowledge with public and private access levels
• Quality online documentation online, not files in folders
• See your content on your PC or mobile
• Shareable links instead of sending multiple file versions
• Set your theme once, apply it across the entire portal
• Simplify text editing with markdown

£2,000 to £3,800 an instance a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nick@nqminds.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

561923127109564

Contact

Nicholas Allott
07714145711
nick@nqminds.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: NquiringMinds Trusted Data Exchange, secure analytics platform
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: N/A
• System requirements: N/A

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: ~2 hours - Mon-Fri 0800-1800, 5+ hours all other times
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: User testing
• Onsite support: Yes, at extra cost
• Support levels: Basic support provided in the original package Enhanced support (on site/one to one tutorials etc) provided at £100/hour
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: System is fully documented with examples, videos and walk through. Training can be provided either online or physically
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data can be downloaded from the system at any time. By default CSV and JSON formats are supported, new formats can be provided on request. In addition to built in export functions, the APIs provides the ability to create customised export and synchronisation functions.
• End-of-contract process: Customer is reminded at 3 month and 1 month before contract termination. If customer does not want to renew they are advised to make the necessary data exports. API is provided and support can be requested for customer specific data extraction. At 2 week before contract termination, we provide a shut down check list to customer for approval. On contract termination, we initiate the service shutdown, which includes data removal, data deletion and full wipe of dependent hardware.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
  • Other
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Content is displayed differently on mobile devices to improve user experience but the feature set is the same.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Service interface provides a user interface for back end administration functions as well as full programmatic API access
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: The service has been tested by users of assistive technology across its customer base to ensure ease of use.
• API: Yes
• What users can and can't do using the API: We provide a full API that provides secure, permission access to everty aspect of the platform function. Multiple APIs exist : Open API, native language APIs (JavaScript, C, Python etc), streaming and GRP
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Through the API almost any customisation can be performed including. - new user interface - imports/exports data - data synchronisation - integrated external authentication server - new analytics process - new data storage - interpretation external applications - new workflows Access to API is controlled by the administrator through API token.

Scaling

• Independence of resources: Each customer is provided with their own server instance.

Analytics

• Service usage metrics: Yes
• Metrics types: Data is stored on every aspect of service usage for both security and administration purposes. This information can be provided in raw form or higher level analytics as a report or dashboard or alert. It can cover things such as which service used, how long used for, when used, processing required, data accessed etc.
• Reporting types:
  • API access
  • Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be exported in CSV or JSON formats. These tools are built into the platform. Through the API new export formats can be provided. And/or more sophisticated backup or extraction process.
• Data export formats:
  • CSV
  • Other
• Other data export formats: JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats: JSON

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We aim to provide 99.9% availability across our application portfolio and historically have achieved this figure. If we fail to meet this objective within any calendar month the customer can apply for a commensurate refund.
• Approach to resilience: Underlying physical availability is provided with appropriately configured commercial cloud based provider (typically Azure or AWS). At a software level we can provide clustering, replication and round robin allocation of resource requests. Precise resilience requirements can be negotiated with the end customer. Full details on request.
• Outage reporting: We provide all of - data dashboard - API - email alerts System availability is measured both through the end application availability and health checks on all dependent underlying processes.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
• Access restrictions in management interfaces and support channels: Every user is authenticated by known and trusted authentication provider and is provided with an appropriate authorisation level. This authorisation level determine what service they have access to. This authorisation fine grained allowing access to micro service definitions. The authorisation levels can be grouped to common authorisation roles. Any user requesting support/management out of band (e.g. phone) will have to provide appropriate authentication credentials to access services.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials Plus

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: We are Cyber Essentials Plus certified and are seeking to secure ISO/IEC 27001. We are putting in place the necessary governance to achieve this standard.
• Information security policies and processes: Reporting flow - internal /external report - Chief Security Officer - Chief Executive Officer. We are currently Cyber Essentials Plus certified and initiating ISO 27001 certification. We have in place the following policies - Vulnerability disclosure - Data breach - Business continuity - Data retention - Incident handing - Device on boarding/life cycle - Employee on boarding/life cycle - Firewall and systems access - Secure development.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes to configuration/change management are singed off by two appropriately qualified personnel. All changes and processes are required monthly by our chief security officer. Vulnerability checks are run against our underlying software components continuously using online tools Full security policy documents can be provided on request.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our vulnerability threat analysis comes from four primary dimensions - underlying compute platform - dependent software components - employee - external software attack Systems exist for real time behavioural analysis for the underlying platform and employee behaviour, with appropriate alerting and escalation. Continuous threat analysis is performed on underlying software components. We monitor the relevant CERTS for vulnerability reports additionally Full security policy documents can be provided on request.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The platform supports an integrated system log that aggregate relevant logs across component behaviour, network behaviour and user behaviour. Alerting system is defined that includes both explicit rule based alerts and statistical/ML backed anomaly detection. Alerts are evaluated by the internal security team escalating to our CSO as required Full security policy documents can be provided on request.
• Incident management type: Supplier-defined controls
• Incident management approach: Incident can be reported internally, externally or by paying users. Incidents can be reported by email, phone or web interface. Standard forms and triaging processes exist to streamline reporting and level one handling. Incident reports can be exacted in multiple formats using built in tools Full security policy documents can be provided on request.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Other
• Other public sector networks:
  • Local authority services
  • Others available on request

Social Value

• Fighting climate change:

  Fighting climate change

  The service will be delivered in accordance with Nquiringminds environment policy. This includes a commitment to minimise our impact on the environment and work towards net zero greenhouse gas emissions. The policy shapes our decisions relating to purchasing, suppliers, energy use, travel/commuting and waste.
• Covid-19 recovery:

  Covid-19 recovery

  The service will be delivered in accordance with Nquiringminds Social Value Policy policy. This includes a commitment to: 1) Support the physical and mental health of people affected by COVID-19, including reducing the demand on health and care services. 2) Improve workplace conditions that support the COVID-19 recovery effort including effective social distancing, remote working, and sustainable travel solutions.
• Tackling economic inequality:

  Tackling economic inequality

  The service will be delivered in accordance with Nquiringminds Social Value Policy policy. This includes a commitment to: 1) create employment and training opportunities for those who face barriers and from deprived areas and support training that addresses skills gaps. 2) support innovation and disruptive technologies throughout the supply chain 3) take action to identify and manage cyber security risks
• Equal opportunity:

  Equal opportunity

  The service will be delivered in accordance with Nquiringminds equality policy. This includes regular reviews to ensure equality for all staff in recruitment, employment, skills, progression and benefits. During any contract we will actively pursue its purpose to provide equality, fairness and respect for all employees and promote our working environment with dignity and respect for all.
• Wellbeing:

  Wellbeing

  The service will be delivered in accordance with Nquiringminds Social Value Policy policy. This includes a commitment to: 1) support the health and wellbeing of the workforce 2) demonstrate collaboration with users and communities in the codesign and delivery of services.

Pricing

• Price: £2,000 to £3,800 an instance a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Free access: demo access is available using synthetic data sets. A 12-week £10k rapid trial can be arranged, which is discounted against future service fees. This cost includes, a bespoke client assessment, data processing and data import/integration costs (subject to client making data and processes available)
• Link to free trial: Demos can be found on https://nquiringminds.com

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nick@nqminds.com. Tell them what format you need. It will help if you say what assistive technology you use.