Netpremacy Limited

Thentia Cloud

An industry-leading govtech platform built for regulators, by regulators.Thentia Cloud transforms the way regulatory bodies manage their licensing processes with best-in-class cloud technology and the executive leadership they deserve. Limitless configurations and integrations, centralised data, and extensive insights—all within one intuitive cloud-based platform.

Features

• License registration and renewal for businesses
• Document upload & verification
• Active licensees search from a centralised data repository
• Real-time display of relevant licensee information
• Review & triage complaints
• Maintain school & student profiles
• Manage student registrations & change requests
• Secure document upload of any file type or size

Benefits

• Discover Cost Savings
• Improve User Experience
• Boost Efficiency
• Simplify, automate, and digitise the full licensing process

£0.99 to £2.50 a unit

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at aeden@netpremacy.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

570943911826087

Contact

Andrew Eden
0113 366 2008
aeden@netpremacy.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: N/A
• System requirements: Modern compatible browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Weekday business hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: System status is provided via a web dashboard; Support is obtained via a help and troubleshooting web page, or by logging a ticket in the ticketing system
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We will work closely with you to develop an implementation timeline that meets your needs. You will be introduced to a project team which includes your project manager, business analysts, and implementation support staff. This team will provide you guidance and support throughout the complete implementation process.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data will be provided in a legible format
• End-of-contract process: The price includes access to the subscribed application modules. Implementation and customisation costs are not included and are extra

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Service utilises responsive themes, so it is designed to work on any device
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: No

Scaling

• Independence of resources: All client data is safely and securely stored in Google’s Cloud Platform, and Thentia Cloud makes it a top priority to consistently maintain or exceed a 99.8% uptime, utilising continuous data backup gives clients peace of mind that their data is retrievable if they, or we, are ever attacked with ransomware or malware. Backup data is securely stored in Google’s Cloud Platform.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Reseller (no extras)
• Organisation whose services are being resold: Thentia Cloud

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be downloaded from the application modules, permissions permitting
• Data export formats:
  • CSV
  • Other
• Data import formats:
  • CSV
  • Other

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Thentia Cloud makes it a top priority to consistently maintain or exceed a 99.8% uptime, ensuring that clients have constant access to the platform
• Approach to resilience: Our industry-standard network protection procedures allow us to prevent, detect, and quickly respond to any malicious traffic and network attacks. With our layered approach to security, we employ multiple levels of strong IT defenses that together address potential weaknesses or vulnerabilities of the individual components. Our procedures include network segregation using VLAN’s, web application firewall (WAF) technology, intrusion detection and prevention systems, centralised log aggregation, and alert mechanisms. These procedures are used in conjunction with secure connectivity, including secure channels and multi-factor access for authorized systems operations group personnel.
• Outage reporting: In the event of a temporary interruption or scheduled maintenance, Thentia Cloud users can visit our Systems Status webpage where details about all major incidents, scheduled maintenance, service events, and more, will be posted. Customers can also subscribe to our Thentia Status page to receive email notifications for maintenance scheduled and other service events.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Thentia Cloud account administrators can easily manage and control any individual user’s permissions based on their role and responsibilities. Limiting access to administrator functions is crucial for preventing damage from intruders.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Ernst & Young
• ISO/IEC 27001 accreditation date: 01/01/2020
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Ernst & Young
• PCI DSS accreditation date: 01/01/2020
• What the PCI DSS doesn’t cover: N/A
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • SOC 1/2/3
  • FedRAMP

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: With best-in-class practices for managing security and data protection risk, a strong approach to security is embedded in everything we do. Our InfoSec team has years of experience in financial, retail, manufacturing, and consulting environments ranging in size from startup to enterprise and is constantly improving our security processes over time.; Access to client data is limited to Thentia employees with a job-related need, and all these staff members are required to sign a confidentiality agreement. Accessing client data is only done when necessary, and only when approved by the client (such as during a request for support), or under authorization from senior management and security for the purposes of providing support, maintenance, or improving service quality.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: A robust Application Security process is fully integrated into Thentia’s Software Development Lifecycle (SDLC), including: ; ; In-house security requirements, policies, and industry security best practices applied in every stage of the lifecycle. ; Continuous security review of architectures and features. ; Iterative manual and automated source code review (using static code analyzers) for security weaknesses, vulnerabilities, and code quality, plus development team advisory and guidance. ; Per release dynamic scanning of pre-production environment. ; Security training provided for IT and development teams.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Thentia’s industry-leading Vulnerability Management Program utilizes layers of people, processes, and technology to identify and monitor for vulnerabilities in our applications and infrastructure, including: ; ; Static Application Security Testing (SAST): Run during development and continuously monitored to detect OSS package issues. ; Dynamic Application Security Testing (DAST): Run during QA stage of the SDLC ; Vulnerability and Configuration Monitoring: Run during server deploy and weekly to assure auto-patching technologies are delivering on their Service Level Agreements (SLA) (weekly patching of at least Critical/High). ; Vulnerabilities detected during SDLC are remediated before go-live. Vulnerabilities identified in production are tracked by our InfoSec team.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Thentia’s industry-leading Vulnerability Management Program utilizes layers of people, processes, and technology to identify and monitor for vulnerabilities in our applications and infrastructure, including: ; ; Static Application Security Testing (SAST): Run during development and continuously monitored to detect OSS package issues. ; Dynamic Application Security Testing (DAST): Run during QA stage of the SDLC ; Vulnerability and Configuration Monitoring: Run during server deploy and weekly to assure auto-patching technologies are delivering on their Service Level Agreements (SLA) (weekly patching of at least Critical/High).
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Thentia is ISO 27001 certified and only uses ISO 27001 processes

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Environment KPI:; We ensure each of our physical office locations has at least one “green ambassador” who is empowered within the business to educate, inform, define and shape our environmental policies for each of our physical locations to enable the business to achieve increased performance year on year; Some of the key ways we drive environmental sustainability within Netpremacy are:; We integrate environmental concerns into our decision-making and resultant activities via our green ambassadors.; We dispose of electrical items either to the second user market or in accordance with current WEEE recycling directives where reuse is not possible.; We minimise travelling with the use of improved collaborative technology (we are Google business) and complementary Company policy. We also provide secure bike storage to encourage eco-friendly methods of travel for our employees.; We minimise waste and reuse/recycle as much as possible. We recycle on a weekly basis, with recycling stations at each desk pod and kitchen within the Leeds office.; We recycle/reuse ink cartridges, using a charitable recycling service which benefits both charitable organisations and the environment.

  Tackling economic inequality

  Local Business & Economy:; Providing work opportunities for small, medium, micro-sized businesses, social enterprises and minority owned businesses ; Procuring goods and services locally where possible ; Supporting small, medium, micro-sized businesses, social enterprises and minority owned businesses to improve capability and grow sustainably

  Equal opportunity

  Employment and Skills: ; Enabling local people to obtain the skills needed to access employment ; Providing our employees with new skills for the future ; Creating employment opportunities within the communities that we work ; Removing barriers to employment in the information technology industry for underrepresented and disadvantaged groups ; Offering employment opportunities to those who serve or have served in our armed forces; Employment and Skills KPI; We ensure that our staff collectively attain at least 10 industry recognised certifications per annum.

  Wellbeing

  At Netpremacy we create infrastructure, support communities and enable growth to deliver community benefits and additional social value. We assist our customers to maximise social, economic and environmental wellbeing of local communities in accordance with The Public Services (Social Value) Act 2012, The Procurement Reform (Scotland) Act 2014 and The Wellbeing of Future Generations (Wales) Act 2015.

Pricing

• Price: £0.99 to £2.50 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at aeden@netpremacy.com. Tell them what format you need. It will help if you say what assistive technology you use.