Equine Register Ltd

Animal Identification Transponder / Tag/ Microchip Checker.

Enables the public and/or authorised users to check animal identification data recorded on a transponder (including a microchip or tag or other readable device) interoperable with the Central Equine Database, Central Animal Database, Central Canine and Feline Database via secure API. Service is interoperable with 3rd party systems.

Features

• Real-time data updates
• Single unified database
• Accessible from multiple devices
• Interoperable with other systems
• Available 24/7

Benefits

• Identify lost/stolen animals
• Protect human food chain
• Assist in reunification with owner
• Combat criminal activity

£10,000 to £30,000 a licence a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at stephanie.palmer@equineregister.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

629537644240876

Contact

Stephanie Palmer
03330 100145
stephanie.palmer@equineregister.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Central Equine Database, Canine and Feline Database, Digital Stable, Digital Kennel, API Services, Border Control, International Hub, Holding site/Livery App, Transporter App, Veterinary Services etc.
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements: Accessible through any web browser (desktop or mobile)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Emails and tickets from registered users are responded to within an hour of receipt. Emails from others within 2 hours of receipt. Issues are resolved within given timescales dependent on the issue and severity. Acknowledgements and responses are managed Mon-Friday between 10am - 4pm excluding bank holidays. Times can be extended for an extra fee on request by client.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Our supplier has undertaken testing.
• Onsite support: Yes, at extra cost
• Support levels: The cost for support in working hours is included in the license fee. Additional hours are negotiable and subject to additional cost. We provide a technical account manager and cloud support engineer for our government contracts. Our standard service levels are; Severity 1 - Loss of Service, 95% events responded to within 2 hours. Severity 2 - Partial loss of service or service impairment, 85% events responded to within 4 hours. Severity 3 - Potentially service affecting or non-service affecting critical functionality - 75% events responded to within 8 hours Mon-Fri 9-5pm.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide documentation and live support during the onboarding process.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Requests should be submitted via the support helpdesk. Data is extracted into CSV or XML format.
• End-of-contract process: We provide assistance to hand over clients documentation and data. All remaining records will be deleted post contract termination unless agreed to otherwise with the client.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: No difference
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Service can be accessed through common browsers and conforms to GDS style, components and patterns. The service interface allows admin to administer various features and is configurable to user profiles and permissions management.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Various tools and scanners are used to ensure compliance.
• API: Yes
• What users can and can't do using the API: Users can only access API's for permissible reasons. Changes can only be made to support clients own internal system configuration. Support from our technical team is available.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: We will work with customers to customise the front end of our application to adapt the look and feel of the screens.

Scaling

• Independence of resources: All clients are on their own separate infrastructure which scales independently. Our services and applications are all designed to scale automatically to ensure quality of service for all users, using a combination of load balancers, scalable resources and multiple failover and availability designs.

Analytics

• Service usage metrics: Yes
• Metrics types: Format of delivery and metric requirements agreed with client on commencement of the service.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: We would create an SQL or CSV file.
• Data export formats:
  • CSV
  • Other
• Other data export formats: SQL
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Service available 24/7 at minimum of 99% availability excluding planned outages.
• Approach to resilience: Information is available on request.
• Outage reporting: Email alerts, and/or Phone dependent on client requirements and severity of incident.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: User ID determines what accessibility and permissions a user ha. These are determined by business rules agreed with the client.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: AWS are certified
• CSA STAR certification level: Level 2: CSA STAR Attestation
• What the CSA STAR doesn’t cover: Our cloud services provider is AWS. All our data and services are stored within AWS.
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: All services comply to ISO27001-2013 framework and Cyber Essentials
• Information security policies and processes: Policies are approved by the company executive team and are embedded in employee objectives and contracts.; ; We follow the policies defined within Cyber Essentials. The personnel responsible for security report to the director responsible for governance. New employees are inducted in our security processes and regular reviews are undertaken to ensure adherence to our standards.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Changes are assessed for potential security impact as part of our change request process. The testing cycle contains a set of security tests.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Threats are assessed by the security team, critical patches are applied as soon as possible. We gain information about potential threats from a variety of industry sources and databases as well as from our suppliers.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We identify potential compromises using a combination of system controls, processes and tests carried out by independent companies. When a potential compromises is identified, a remediation plan is created and actioned and subsequently monitored. A resolution plan is created and actioned typically within hours of the compromise being identified. Resolution times vary according to the complexity of the issue . The resolution is monitored at the highest levels within the company.
• Incident management type: Supplier-defined controls
• Incident management approach: We have a defined recovery process for every component of our services and perform root cause analysis on every incident that interrupts service. Users can report incidents by contacting the customer services helpdesk or via web chat or email. Incidents reports are provided to clients as required with a follow up as appropriate.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We recognise our need to help fight climate change. We have introduced hybrid working which significantly reduces the travel of our employees and has significantly reduced our use of electricity and heating in the office. The leased office premises operate a green energy policy and actively encourages the recycling of waste. We aim to use recycled products as much as we can in the office.

  Covid-19 recovery

  We recognise the impact and concerns of our workforce as a result of Covid. We have taken measures; ; • For those most vulnerable, we have identified those individuals and/or their family members who are at risk to allow them to change their place of work to home if they choose to do so; • To help physical and mental health of our employees, we have introduced hybrid working for all employees to allow them to work from home and only come to the office if required or if they wish to ; • To manage cross contamination, we have maintained the position of social distancing in the office and a policy of work from home if someone has signs of any illness; • We are constantly reviewing our policies to ensure that we are taking the most appropriate measures to protect our staff and the business.

  Tackling economic inequality

  We recognise that the digital technology sector is a high growth area. As a business we are experiencing significant rapid growth. Attracting and retaining the right staff is key for us. We also recognise the value of growing our own talent. As such this year we have introduced a pilot to help individual’s to re-skill in our sector and are actively talking with local education, community groups and the DIT on how we can do more.

  Equal opportunity

  We operate an equal opportunities policy and do not prejudice against disabled or minority groups. Our office working policy and work environment and our pilot to re-skill individuals supports our aim to offer equal opportunities to all.

  Wellbeing

  The physical and mental well-being of our staff is important to us. We have introduced this year a range of employee benefits paid for by the company that provides access to private medical health and other health services for both the employee and their families. This includes mental health support lines. ; We have also increased the minimum holiday entitlement, given every member of staff an additional day’s holiday for their birthday and introduced a flexible holiday policy to allow staff to add or reduce their holiday allocation to suit their personal needs.

Pricing

• Price: £10,000 to £30,000 a licence a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at stephanie.palmer@equineregister.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.