Quant Network

Overledger SaaS - The world’s first DLT API Gateway for enterprise

The world’s first true universal DLT Interoperability platform oriented for enterprise, designed to seamlessly interconnect private and public systems, networks and DLTs.

Overledger APIs are easy to implement and eliminate the complexity of multi-DLT challenges at an enterprise level.

Features

• Overledger APIs support powerful multi-DLT applications (mDApps)
• Integrate - Core APIs (DLT transactions, searches, subscriptions/triggers)
• Tokenise - Deployment of new coins and NFT contracts
• Bridge - Deployment of cross-chain bridges (assets transfer)
• Aggregate - Creation of Layer 2 rollups (netting, settlement)
• Clearing - Interbank clearing and settlement (CBDC, stablecoins)
• Archive - Access to blockchain data for compliance and analytics

Benefits

• Start using Blockchain with just 3 lines of code
• Have choice, interoperability, flexibility and not be locked-in
• Avoid buying additional infrastructure
• Comply to security and regulation
• Use existing technical skills and resources
• Start in less than 8 minutes

£1 a unit a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@quant.network. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

578304450174284

Contact

Gilbert Verdian
0333 305 6860
contact@quant.network

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: N/A
• System requirements:
  • 12 virtual machines as minimum requirements
  • Medium spec VMs with 16GB RAM, 250GB Disk
  • Node servers as required per DLT. 64GB RAM 1TB Disk
  • Linux (Redhat, Ubuntu or equivalent)
  • Kubernetes

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 9am-5pm Business Hours (UK)
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AAA
• Web chat accessibility testing: We use Zendesk's support web chat.
• Onsite support: Yes, at extra cost
• Support levels: Standard Support ; - included for 9am-5pm (UK); ; Premium Support ; - 24 x 7, 365 days a year (extra cost)
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We help onboard clients who buy the Overledger platform. We provide online training and documentation to get started. ; ; We also provide workshops to understand and walkthrough their use cases.; ; In addition to that, our customers will be supported by our Customer Success department through the journey (onboarding, adoption).
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: All their data can be exported from their dedicated database at end of contract.
• End-of-contract process: The AWS instance of Overledger is decommissioned. The steps are to export their data (logs, transactions history etc) to the client and then start the decommissioning of their VPC

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems: Linux or Unix
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Overledger publishes a standard API which is accessible to all devices and endpoints.
• Service interface: No
• User support accessibility: WCAG 2.1 AAA
• API: Yes
• What users can and can't do using the API: The entire service is an API Gateway. All the services can be accessed via APIs.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The users can define what DLTs they want to use and what tokens/coins they want to deploy.

Scaling

• Independence of resources: We have dedicated infrastructure for clients, which is solely used by that client. All scaling is done using horizontal and vertical scaling using elastic computing and kubernetes containers to scale as needed based on usage and load.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide realtime reporting on the number of transactions, usage, volume to all our clients.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: All transactions and data are written to a mongodb database. The user's data can be exported as needed at any time.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Database format
  • Entire backup of database
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We deliver 99.99% in line with AWS availability and SLAs. Service Credits will be provided if we don't meet guaranteed levels of availability. ; ; We can also deliver higher requirements as needed by scaling on multi-cloud infrastructure.
• Approach to resilience: Available on request, leveraging AWS datacentre resilience.
• Outage reporting: We report outages publicly using Statusupdate.io and client notifications through: ; - a public dashboard; - an API; - email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Support channels are only accessible by internal staff, who have to VPN into a management network using multi-factor authentication and access the areas of the platform they are responsible for.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: EY CertifyPoint
• ISO/IEC 27001 accreditation date: 18 November 2010
• What the ISO/IEC 27001 doesn’t cover: Services that do not use the following AWS technology:; https://aws.amazon.com/compliance/iso-certified/
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 20 April 2020
• CSA STAR certification level: Level 3: CSA STAR Certification
• What the CSA STAR doesn’t cover: The areas not covered in: https://d1.awsstatic.com/whitepapers/compliance/CSA_Consensus_Assessments_Initiative_Questionnaire.pdf
• PCI certification: Yes
• Who accredited the PCI DSS certification: Coalfire Systems, Inc.
• PCI DSS accreditation date: 31 Jul 2020
• What the PCI DSS doesn’t cover: https://aws.amazon.com/compliance/services-in-scope/
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: • Vendor Management; • Organization of Information Security ; • Human Resource Security ; • Network; • Security Policy, Standards and Procedures; • Physical and Environmental Security ; • Vulnerability Management ; • Key Management (KMS); • Access Control; • Information Systems Development and Maintenance; • Risk Assessment and Management; • Information Security Incident Management; • Business Continuity and Disaster Recovery; ; Policies apply to all users. This includes staff, consultants, contractors or vendors (whether temporary or permanent) who have access to the technology. ; ; Every employee is onboarded and the policies explained and accepted. ; We undergo security awareness training with online examinations and reporting for compliance.; ; We undergo phishing assessments regularly and inform staff about the latest threats. ; ; Our CEO was previously working for HM Treasury, Downing St, MoJ heading up Security for HMG and then for the Bank of England as the CISO for the UK's payment infrastructure run by Vocalink.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We use the tools available in AWS to track the services used and their lifecylce. Complemented with realtime reporting on configuration, application and infrastructure performance and health of the systems.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: The underlying cloud infrastructure (hypervisor and below) is managed by AWS. The operating systems and up, is managed and scanned regularly identity and patches and vulnerabilities which may be present. We conduct weekly and monthly patching cycles to keep the OS and applications up to date.; Finally, we conduct internal and external vulnerability assessments and pen tests to our infrastructure to identify and potential weaknesses to address.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We conduct internal and external vulnerability assessments and pen tests to our infrastructure to identify and potential weaknesses to address. ; ; We have perimeter, internal and external monitoring in place from firewalls, web applications firewalls, internal operating systems and databases events that are all monitored into a single logging instance. We have realtime alerting dashboards and notifications when things are flagged. Our team investigate each alert and respond within minutes if it is relevant and significant to invoke our incident response plans.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We have realtime alerting dashboards and notifications when things are flagged. Our team investigate each alert and respond within minutes if it is relevant and significant to invoke our incident response plans.; ; We have pre-defined processes to investigate common events based on criticality and risk. The company receives realtime alerts through our common messaging systems, including slack and inform our leadership (CEO/CTO) of any escalations within minutes.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Overledger can be used to implement carbon credit use cases.
• Covid-19 recovery:

  Covid-19 recovery

  n/a
• Tackling economic inequality:

  Tackling economic inequality

  Overledger can be used to support use cases related to CBDC and increase access to financial services wherever that's an issue (vulnerable population).
• Equal opportunity:

  Equal opportunity

  n/a
• Wellbeing:

  Wellbeing

  n/a

Pricing

• Price: £1 a unit a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We provide a trial licence for 30-90 days depending on the client's need. It provides full access to the Overledger platform and all its features.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@quant.network. Tell them what format you need. It will help if you say what assistive technology you use.