Xantura Limited

OneView

OneView helps the public, charitable sector to improve outcomes by; enabling the integration and sharing of multi-agency data and the application of advanced analytics (AI / ML / GenAI).

The product supports a full lifecycle; from data ingest to insight integration of insight into existing case management systems.

Features

• Information Governed, citizens / household single view using multi-agency data
• Natural language generation capability: Family chronologies and automated case summaries
• Integration of case summaries into existing case management systems
• Artificial intelligence / predictive analytics / advanced analytics
• Intervention analytics to understand impact of services
• Advanced analytics using cross agency pseudonymised datasets
• Accelerated Information Governance agreements, enduring approach
• MDM, covering ETL, data quality, data matching, data pseudonymisation
• Proactive case management, to view, refer and request information
• Solution designed to support multi-agency data sharing

Benefits

• Children’s; Prevention of statutory safeguarding interventions
• Adult’s; Prevention: e.g. reablement efficacy, falls, carer breakdown prevention
• Housing; Reduce homelessness applications through holistic early intervention
• Debt; Improved collection rates and mitigate impact on vulnerable groups
• Fraud, error detection: (RBV) Risk stratification to support investigations
• Serious violence: Prevention recidivism and repeat victimisation
• Advanced analytics identify risks earlier and effectivelly target interventions
• Fostering multi-agency working to provide best interventions and their impact
• Natural Language Generation operational efficiencies reduce front-line administration
• Serious mental health : Improve coordination to prevent deterioration.

£12,000.00 a licence a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tom.davies@xantura.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

682099285208128

Contact

Tom Davies
07738 448045
tom.davies@xantura.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: There are no constraints
• System requirements:
  • Windows operating system
  • Java
  • Connection to Xantura Secure Cloud via VPN or PSN

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Initial response time; Target response time to respond to any queries or requests for support or Service Requests. 60 Minutes; High Priority ; An issue that generates a catastrophic production problem in which your production systems are down or not functioning; loss of production data and no procedural workaround exists. 60 Minutes; Normal Priority ; An issue where thers is a problem where your system is functioning but in a reduced capacity. 300 Minutes; Low Priority ; A Low Priority issue is for a general questions, request for a modification. There is no impact on the quality of the product. None
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: The support is generally available during the standard working day and is chargeable. Special arrangements can be accommodated and are also chargeable.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We typically do initial training as part of our implementation program with a client. Training is delivered through a combination of classroom based learning, and video tutorials
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Users can extract data on a periodic basis from platform. This approach can support both local BI analytics as well as supporting contract-end
• End-of-contract process: The following services are included in the contract: Data is deleted from the platform and user access is revoked. Final data extracts are produced and supplied to clients as CSV files

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems: Windows
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Master Data Management services are accessible through a secure web portal, OneView Management Centre; Access to development tools is through a secure VDE - OneView Development Centre; End user services / business outputs are also accessible through a secure web portal, OneView
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We use WAVE to test user interfaces.; Narrator functionality in Microsoft Edge.
• API: Yes
• What users can and can't do using the API: Please contact us for more information.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users can define data flows into the system. Users can create data visualisations Users can manage data quality, data correction Users can create their own predictive risk models

Scaling

• Independence of resources: The underlying technology platform is fully virtualised and with full redundancy designed / built in. All components of the software and underlying serevers can be scaled independently - with one to one mapping between resources and clients where needed. Forward planning of client demand supports the integration of new hardware into the platform.

Analytics

• Service usage metrics: Yes
• Metrics types: Data processing overview including reports on files processed, rejected, data quality metrics. We also provide risk model performance and data and model bias metrics. We can provide service usage metrics, broken down by data sharing protocols.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: CSV files or access through secure web services
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 98.5% Target Service Availability
• Approach to resilience: The underlying technology platform is fully virtualised and with full redundancy designed / built in. All components of the software and underlying serevers can be scaled independently - with one to one mapping between resources and clients where needed. Forward planning of client demand supports the integration of new hardware into the platform.; ; Hybrid cloud configuration also facilitates the migration of services between secure public and private cloud infrastructure as needed.
• Outage reporting: Outages could be reported via email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: 2 level authentication based on Role Based Access Control/Data Sharing Protocols and customisable to buyer requirement
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS
• ISO/IEC 27001 accreditation date: Audit 27th July 2019
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials Plus

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO27001 and ISO9001 PSN accredited (by arrangement)

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Configuration and change management processes available on request
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Servers are patched fully automatically, where appropriate, and patches are applied within one month of release.; SIEM software performs monthly internal vulnerability scans across all systems.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: SIEM system (AlienVault) performs constant monitoring and alerting; Response to compromise would depend on the nature of the issue, but would typically involve immediate network isolation of affected systems, followed by investigation and remediation or recovery – where appropriate.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Yes, there are pre-defined processes for common events.; ; Users report incidents through the Ticketing system with appropriate alert or reach out to the client manager depending on severity.; Incident reports can be made available according to client requirement;; ; Incident Management Response Times:; High Priority : 60 Minutes;; Normal Priority : 300 Minutes

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Other
• Other public sector networks: Publis Services Network (PSN) by arrangement

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Tackling economic inequality

  OneView has pre-built analytics to support poverty, financial stress tests as well as benefit entitlement checks (unclaimed benefits calculators).

  Equal opportunity

  OneView has in-built bias tracking analysis that supports the analysis of whether service provision is subject to any bias.

  Wellbeing

  OneView's core purpose is the prevention of poor outcomes and deterioration in well-being. The models and analytics that have been developed support the targeting of services for different population segments to prevent adverse outcomes ranging from, for example, falls, homelessness, serious violence prevention.

Pricing

• Price: £12,000.00 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tom.davies@xantura.com. Tell them what format you need. It will help if you say what assistive technology you use.