QUADRATICA (UK) LIMITED

X-Screen

X-Screen is intended for the initial & refresher training of those personnel whose employment requires them to examine objects using security-related X-Ray equipment. It is widely used to improve and enhance the skills of the operators in order to improve their threat detection skills.

Features

• High Fidelity X-Ray training images, faithful to multiple operational environments
• Consistent training images across multiple manufacturers interfaces
• Lessons and tests created to cater for specific requirements
• Images graded on their difficulty for ease of use
• Hierarchical access allowing multiple access for trainers and adminstrators
• All major equipment manufacturer user interfaces supported
• Pre-built stepped lessons provided as standard within the system
• Multiple operational envionments catered for within a single system
• Comprehensive reporting module for regulatory compliance
• Full web-based access 24hrs a day

Benefits

• Ensures training images displayed are consistent with the operational equipment
• Ensures all training is the same for different equipment types
• Different operational environments require unique levels of training and images
• Training can be very basic, or relatively advanced if required
• Trainers and Adminstrators do not take up licence from trainees
• Training is available across a broad range of equipment
• Training system is available to use right from Day 1.
• No need to use other systems to train your team
• Reports cover a wide variety of legislative requirements
• Access is unlimited, where ever you are!

£1,760 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@quadratica.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

679260158774702

Contact

Giles Ramsden
01472 898 751
sales@quadratica.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Requires users to access using a stable internet connection.
• System requirements:
  • Remote access required for support
  • Administrator level access to system

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We provide telephone and email support Mon-Fri 0900-1700.; We provide online support through Salesforce.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: We have made the chat engine available to all of our customers for over three years.
• Onsite support: Yes, at extra cost
• Support levels: We offer free UK business hours support as standard.; ; Bespoke support can be made available on a case-by-case basis.; ; Our initial support is through our Customer Support department but may be escalated to our Technical Support department as required.; ; First-line overseas support can be provided by our network of global Distributors.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We offer on site training (preferred) and on-line training where travel costs are prohibitive. We provide a System Administrator guide and a User Guide as standard.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: The system provides full reporting on all training data (in a choice of formats). If the customer needs the core data then we would cooperate with extracting their data and provide it as a separate MS SQL database file.
• End-of-contract process: Our policy is that there are no additional costs and customers get all upgrades and new library items free of charge. At end of contract we would offer a new contract on the same terms or allow the existing contract to roll over.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The graphical layout is adaptable for both mobile and desktop users.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: We regularly send out communications for feedback from our customers in order that our development roadmap and system updates include new and positive features, enriching the learning process and benefit all our customers

Scaling

• Independence of resources: Our service is provided via the MS Azure cloud system. Each customer account is a separate service and therefore would not be impacted by other users. The Azure servers can be upgraded, as required, without any disruption of service.

Analytics

• Service usage metrics: Yes
• Metrics types: System Administrators can view training/tests undertaken with a variety of built-in filters. They can also view current activity within the system and, if necessary, can force a suspended training/test to be marked as complete for reporting purposes. System administrators also have a dashboard which they can configure to show various system service metrics. For example, date ranges, teams, locations, courses, etc. can all be selected for variable granular reporting.
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Other
• Other data at rest protection approach: We use the MS Azure platform. Their data centres comply with all physical security standards.; ; See http://download.microsoft.com/download/1/6/0/160216AA-8445-480B-B60F-5C8EC8067FCA/WindowsAzure-SecurityPrivacyCompliance.pdf for full list.; ; and; ; https://docs.microsoft.com/en-us/azure/security/fundamentals/physical-security; for physical security compliance.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Via reports to pdf, csv or Excel files.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Xslx
  • Pdf
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Our cloud hosted service, via MS Azure, offers availability of 99.9%. Individual customer SLAs are offered/agreed on a case by case basis.
• Approach to resilience: Microsoft's Azure platform provides a multi-layered solution to data resilience.; ; We use Azure zones to have same-region available for critical data, we're based in the West Europe region (Netherlands) but the critical data is also replicated to the North Europe region (Ireland) automatically.; ; For virtual machines we use availability sets to ensure uptime during updates.; ; We are covered by the Azure SLA of 99.95% availability, and have not had any downtime beyond this
• Outage reporting: Quadratica forewarn customers of expected outages by email/phone/site page contact. Unexpected outages are notified by email/phone as soon as possible upon discovery.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Quadratica controls access to its systems using a hierarchical login paradigm. Each instance of our software can be configured to allow each level of access to be specific to the needs of the role. This extends to individual items within functional areas.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: CQS
• ISO/IEC 27001 accreditation date: 02/12/2021
• What the ISO/IEC 27001 doesn’t cover: Nothing
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Quadratica complies with all requirements under ISO27001, Cyber Essentials and GDPR. There is a dedicated information security staff member and our policy document is required reading for all employees.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Quadratica adheres to the full lifecycle development paradigm. All products are subject to regular reviews through our change management meetings. These are attended by all relevant stakeholders from Board level to software support personnel.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We monitor our services 24/7 with alerts set up on every instance to warn of attempted penetrations. If we found a need to patch for an identified vulnerability we would deploy a patch as soon as possible and/or in collaboration with affected customers dependent on the risk assessment.; ; Monitoring of anti-malware software. All computers and servers are using Microsoft's Defender and any reports are centralised on the main office server.; ; Unusual database activity is monitored for.; ; Endpoint protector is used to monitor for, and prevent, egress of sensitive data.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: All of our data instances are monitored 24/7. In the event of a compromise we adhere to the guidelines contained within our policy documentation (which in turn comply with ISO27001 and GDPR requirements.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our incident processes are detailed in our security policy document. Users can notify us via any of our support channels. If an incident will affect multiple customers we send out an email eShot. Otherwise we deal directly with individual customers with updates notified as soon as we have them via phone and/or email.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Web-based training means that the training gets delivered to the user, rather than the user travelling to the training.

Pricing

• Price: £1,760 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: On request, we offer full access to our online "demo" system to provide potential clients the ability to completely review the system, investigate its features and understand not only how easy it is to use, but how powerful and flexible it can be for training, testing and skill enhancement.
• Link to free trial: https://xscreen.quadratica.co.uk/preview

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@quadratica.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.