DocuShare

Service scope

Software add-on or extension: Yes, but can also be used as a standalone service
What software services is the service an extension to: Intranet collaborative platform, public facing site for sharing content, in-house content repository and archiving solutions.
Cloud deployment model: Public cloud

Private cloud
Service constraints: Please refer to https://www.docushare.com/system-requirements/ for supported environments.
System requirements: https://www.docushare.com/system-requirements/

A supported browser and Internet connection for solution users

User support

Email or online ticketing support: Email or online ticketing
Support response times: 24/7 support all year round. Support ticket managed by support team upon reception.
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: None or don’t know
Phone support: Yes
Phone support availability: 24 hours, 7 days a week
Web chat support: No
Onsite support: Yes, at extra cost
Support levels: Level 1:
Initial contact with customer via telephone, support request web-form, or email.
Validates customer entitlement for support
Gathers description of customer support request and issue.
Checks the support knowledge base for possible solutions and provides appropriate solutions to the customer.
Escalates issue to Level 2

Level 2:
Works with customer to investigate the issue, gather additional troubleshooting data.
Uses Web conferencing/Remote Access to observe issue while the customer replicates the issue.
Uses Web Conferencing/remote Access to guide the customer in additional troubleshooting, resolving the issue, or implementing a work-around solution.
Replicates issue on support lab servers for further troubleshooting.
Level 2 is also the primary contact between support and the customer until the issue is resolved. Escalates issue to Level 3 if required

Level 3:
Works with Level 2 to develop possible solutions or a work around to issues that cannot be resolved by level 2 in a timely manner.
Level 3 acts as liaison to Engineering (Level 4) and engages engineering for additional troubleshooting help.

Level 4:
Software engineers and solution developers work with Level 3 to resolve high severity issues.
Provides additional troubleshooting skills and tools to gather DEBUG information.
Develops work-around solutions, hot fixes, and patches
Support available to third parties: Yes

Onboarding and offboarding

Getting started: Online training, online help, intuitive interface with help menus, online documentation & online training courses all directly from the application itself. Onsite training/courses available for a fee.
Service documentation: Yes
Documentation formats: HTML

PDF
End-of-contract data extraction: Professional service required to export files and metadata as XML files.
End-of-contract process: Server license as well as user licenses (CALs), setup fee, hosting fees, 24/7 support, solution upgrades and patches. Additional modules, and professional service can be quoted separately, as well as custom training or developments/integration.

Using the service

Web browser interface: Yes
Supported browsers: Microsoft Edge

Chrome

Safari
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: No difference through web interface. IOS and Android clients carry a specific interface.
Service interface: No
User support accessibility: None or don’t know
API: Yes
What users can and can't do using the API: DocuShare offers a complete Java API, which includes a collection of Java libraries and methods that enable external systems to communicate with DocuShare. This API lets developers integrate DocuShare with third-party applications running on the Java platform, and offers the most direct interface to the DocuShare server.

DocuShare Client SDK is a collection of COM objects for programming in the Windows environment. Developers can use the SDK to create standalone DocuShare applications and to integrate DocuShare with third party applications using the following languages: VB, VC++, VBScript, and VBA scripts.
API documentation: Yes
API documentation formats: HTML

PDF

Other
API sandbox or test environment: Yes
Customisation available: Yes
Description of customisation: Users can customize the interface, set their homepage, create a quicksearch homepage to show their favorite collections and specific search queries. They can also setup integration with the MS Office suite and Windows environment. Admins and developers can use advanced tools to import batches of documents or objects and metadata to DocuShare, to integrate with third-party applications...

Scaling

Independence of resources: Resources are dedicated and scaled with regards to customer needs.

Analytics

Service usage metrics: Yes
Metrics types: Number of documents and objects on site (overall site statistics). Workflow status, documents or objects per user, quotas ...
Reporting types: Real-time dashboards

Regular reports

Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom

European Economic Area (EEA)
User control over data storage and processing locations: Yes
Datacentre security standards: Managed by a third party
Penetration testing frequency: At least every 6 months
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Encryption of all physical media
Data sanitisation process: Yes
Data sanitisation type: Deleted data can’t be directly accessed
Equipment disposal approach: In-house destruction process

Data importing and exporting

Data export approach: Users with write privileges can download documents and objects directly from the web interface menu.
Data export formats: CSV

Other
Other data export formats: XML
Data import formats: CSV

ODF

Other
Other data import formats: No restrictions on supported file types

Any file can be uploaded (even proprietary)

Batch import metadata & files require separate XML or CSV

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Legacy SSL and TLS (under version 1.2)
Data protection within supplier network: TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Legacy SSL and TLS (under version 1.2)

Other
Other protection within supplier network: Content encryption

Availability and resilience

Guaranteed availability: As stated in the Master Hosted Services Agreement signed between parties.
Approach to resilience: Available on request.
Outage reporting: Email Alerts

Identity and authentication

User authentication needed: Yes
User authentication: Username or password
Access restrictions in management interfaces and support channels: Access policies are determined per user. Users can be members of groups. Admin groups include Site Administrators group, Content Administrators group, and Account Administrators group. User policies define what users can or cannot do. Permissions are setup at document and object level.
Access restriction testing frequency: At least every 6 months
Management access authentication: Username or password

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: User-defined
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: User-defined
How long system logs are stored for: User-defined

Standards and certifications

ISO/IEC 27001 certification: No
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: Other
Other security governance standards: The Xerox Information Security Policy, Infosec001, is aligned to the ISO27001 key controls and the policy is supplemented by additional documents detailing specific requirements to meet the policy. Specific locations and services in Xerox are certified to ISO27001
Information security policies and processes: Xerox utilise a documented framework (Xerox InfoSec 001) for security governance both at a company level and specific to the service which is aligned to NCSC guidance and ISO27001. This provides assurance that reporting is completed and reviewed across all aspects of the service.

The Xerox CEO has ultimate responsibility for security. Xerox’s commitment to Information Security is communicated throughout the organisation and its partners, and is evidenced by board level approval of the Xerox Information Security Policy. The Information Security-related responsibilities of the CEO include:
• Overall control and management of Information Security for Xerox in the UK;
• Overall information risk ownership;
• Provision of adequate resources for Information Security; and,
• Approval authority for Information Security policy.
• Reporting compliance
Reporting is subject to review by senior management. There are processes in place to review and understand any current legal and regulatory requirements and to review an implement any future changes.
The Xerox Information Security team monitor various sources for changes to legislation and are currently on the UK Government CiSP which allows us to engage with Government on proposed changes.

Operational security

Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach: Utilization of Industry standard Change management from beginning to end of contract life. All changes are validated against NIST standards and for any potential security risk or security impact.
Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach: Utilization of real-time vulnerability scan and network analysis, all remediation is automated and responded to within in moments of identification. Critical security patches are deployed within 72 hours of notice of availability. System patches are applied within 14 days of availability for non-critical patches. Our resources for threats is derived from multiple sources including Threat management / remediation provider
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: We utilize a multi-pronged set of systems from Network traffic monitoring, heuristic behavior analysis, known threats, and Artifical Intelligence based system nominal state behavior tracking. A potential compromise is quarantined and analyzed immediately via Ai then escalated to personnel if unable to categorize. Most actions are completed within 15-30 minutes of identification.
Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach: We utilize a governed set of processes defined internally by the CISO and report via email / web portal. Reports are genereated post critical incident and root cause analysis.

Secure development

Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks: No

Fighting climate change: Fighting climate change

Xerox is committed to fighting climate change such that we play a role in the sustainability of our world’s natural resources. Xerox has identified four strategic commitment areas where we can make a significant impact on the environment:

• Reducing Energy Use and Protecting the Climate:
• Preserving Biodiversity and the World's Forests:
• Preserving Clean Air and Water:
• Preventing and Managing Waste:

We invest in technologies that reduce the carbon footprint of our operations and offer solutions to our customers that reduce energy use, cost and waste. Our Net Zero goal is 2040. In 2021, we also expanded our greenhouse gas (GHG) emissions reduction goal to cover scopes 1, 2 and 3. We plan to achieve net-zero emissions through projects that improve operational efficiency, create new technology innovations, and neutralise residual GHG emissions through carbon compensation mechanisms. Our approach to sustainability includes partnerships to accelerate progress. We have officially joined the UNFCCC’s Race to Zero and SBTi’s Business Ambition for 1.5°C campaigns, aligning our climate mitigation targets to what science dictates is necessary to reduce the destructive impacts of climate change on human society and nature.

We are a founding member of Defra’s e-Sustainability Alliance (DeSA), We are actively involved in the provision of best practices on the ways in which IT firms of all sizes can minimise their environmental impacts. We also support the Government Cloud Sustainability project, focusing on ‘Sustainable IT’ (e.g. achieving net-zero, modern slavery and other supply chain matters) and ‘IT for Sustainability’ – including the social pillar, “How to procure and measure performance on all things Cloud”. When selecting our technologies and services for G-Cloud 13, we have utilised this knowledge base and ensured that the services & technology used comply with Government guidance and carry accreditation from 3rd party bodies where appropriate.

Pricing

Price: £8.00 a user a month
Discount for educational organisations: Yes
Free trial available: Yes
Description of free trial: 30-day trial includes 10 DocuShare, 5 Read-Only, and 5 Guest users. Stringent restrictions imposed on document capacity.
Modules not included: OCR, ConnectKey, Lifecycle Manager, Content Rules, eForms, content encryption, email agent, document viewer, batch uploader, enterprise capture, advanced workflow, application connector, LDAP integration, partitioned content store

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

DocuShare

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents