PersonIQ - Cloud solution driving smart services
Paragon ID is a leader in identification solutions, in the e-ID, transport, smart cities, traceability & brand protection sectors. Using the latest technologies such as RFID and NFC, it provides smart cards, tickets, labels and tags to worldwide clients in diverse markets including public transport, manufacturing, logistics, gaming and retail.
Features
- Smart Card Bureau Services
- Card Management System (PersonIQ)
- Smart Printers & Consumables
- Support & Maintenance
- Hardware Supply
- Software Development
- Digital Mobile Access and Ticketing Solution
- Application Administration Services
Benefits
- Over 20 years experience
- Global supply chain
- ISO certified 9001, 14001, 27001, 45001
- Cyber Essentials
- ITSO Certified (including EV3)
- Ecovadis accreditation
- Working across UK, Ireland, US, South America, Australia
- High profile client across Transit, Government, Education and Hospitality
Pricing
£3,000 a licence a year
- Education pricing available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
7 1 7 8 5 0 6 9 0 5 5 5 1 6 7
Contact
BEMROSE BOOTH PARAGON LIMITED
Duncan Collingwood
Telephone: 07435 284 986
Email: duncan.collingwood@paragon-id.co.uk
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- HR and student management systems, transport systems, ticketing systems,
- Cloud deployment model
- Private cloud
- Service constraints
-
"Should any outages for maintenance be required, these will be scheduled for out of hours to minimise affect on services.
Platform is tested to run on Microsoft based OS (MS server, Windows etc.), with Front/End browsers tested on Edge and Chrome.
Some support for specialist external hardware Peripherals such as card printer/encoders (Zebra, Matica, Evolis for example), OCR camera readers, barcode scanners and card readers" - System requirements
-
- Up to date browsers (edge, chrome)
- Windows 10 or above
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Response times will be different depending on the query. Priority Queries and issue will have a response within 2 hours, normal requests will have an initial response within 2 hours and a more details response within a week. Change requests will be analysed and a quote issued within 2 weeks, unless highly complex and an updated timescale given. Operating hours are 0900-1700 Monday to Friday and so requests outside of that time will be delayed
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- As part of the service an account manager will be allocated to the customer throughout the delivery and operations of the system.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Online training for fully digital products
For deliveries that include hardware such as Printers, card readers or barcode scanners - an onsite training visit may be scheduled
Documentation of user elements can also be provided - Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- This is conducted by the software development team rather than directly by the customer. The data extraction request would be made as to the scope of data required to be sent, though with data retention taken into account. The data can be provided either as the complete database extract as a database format with the full data structures in place or can be exported in a .csv file for specific data tables that are required if the full database is not required
- End-of-contract process
- The price of the contract includes an export of the complete database without any modification or the extract of certain tables directly into .csv without any translation or modification. The complete decommissioning of the tenancy within the system in a SaaS platform if not separate to include all data, logs, configurations and customisations. Connections to 3rd parties and client sites will be dissolved and all aspects of access control deleted such as certificates. Any supported data migration activities to another partner, working with 3rd party or consultancy of migration activities outside of the above, data translation or modification, continued licenses will be additional cost
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Chrome
- Application to install
- Yes
- Compatible operating systems
- Windows
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
-
Screens for each type have been optimised for the different format and OS for the device.
Digital Business card features expected use is mobile, but can be used on desktop.
Card printing and access control management only available on desktop - Service interface
- No
- User support accessibility
- None or don’t know
- API
- Yes
- What users can and can't do using the API
- API is only for use with service build front-end screens and is not intended for integration with other services; though could be done if required.
- API documentation
- No
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
Users who have been given access to customisable settings can change the background, logo and other visual features.
Certain optional data fields can also be toggled on/off as required.
Templates can be designed or redesigned, allocated to different groups with other - templates could be card or letter templates or digital screen colours and layouts of certain features.
Some reports can be customised by the user, though new reports can be created by software team and added to the self service portal.
Scaling
- Independence of resources
- Access is multi-threaded and resources are monitored. The system is monitored in real time and should peak time resources reach 80% of performance or capacity metrics then additional resources will be allocated or scaled to ensure no degradation of service for users.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Number of users in last x time period, how many uses of a web page, number of cards produces, number of requests made. Up time, performance metrics
- Reporting types
-
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- Zebra card printers, Evoli card printers, Matica card printers
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
-
The system has reporting built in, with reports not only shown on screen but also able to export into .csv format.
Should a larger extract or a different report be required, this can be requested through the customer services team and the data supplied. - Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- 99.5% over a month. Service credits are awarded for all SLAs not adhered to and are used to establish a refund amount
- Approach to resilience
- Available on request
- Outage reporting
- Service outage creates an automated alert to the service team who will send the issue out to the correct team for investigation and also communicate, either by phone or email, with affected customers with a description of the issue and its impact as well as any pertinent information.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
- Higher level access accounts, such as management or support can be accessed as normal users with a user name and password; this can also be supplemented with external SSO option, such as Azure and 2FA can also be enabled. This is all at request of the customer rather than as default.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- NQA
- ISO/IEC 27001 accreditation date
- 22/11/2023
- What the ISO/IEC 27001 doesn’t cover
- N/A
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
There are currently 25 policies and 32 procedures covering all elements of ISO27001 controls to include: User and password, supplier, change control, business continuity, patch policy, security in development, network security, data protection, encryption and security incident policy.
There is a Security compliance team who ensures policies are followed, requesting evidence of compliance where manual processes are in place or accessing logs and other digital documentation and correlating to the controls in place; this occurs continually throughout the year to ensure compliance across all parts of the business.
Should a deficiency be found, this is reported to the relevant manager who must take action to remedy the deficient control within a few weeks. The security compliance team monitors this closely until satisfied that the controls are being followed.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
ISO27001 certified with CAB and change management processes in place for all elements of the systems (infrastructure, configuration and software).
All changes are logged via various tools (lansweeper, Syslog and SIEM tool) and code is tracked in GitHub for version control and quality gateway.
Any changes that may affect security, is deployed to systems that have monitoring that will flag deficient controls via SIEM tool. - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
If an exploitable vulnerability has been identified, appropriate mitigative actions are taken immediately. Otherwise, aligning to NIST CVSS scores, patches are deployed as below:
‘Critical’ - within hours;
‘Important’ - within 2 weeks of a patch becoming available (Ref: Security NCSC.05.2) - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
Follow ISO27001 controls. SIEM tool and log analysis are used to identify potential compromises. For any alerts or suspecions, a response is made immediately to investigate further and will be picked up by security team with senior management made aware.
Should initial investigation identify an issue, this follows incidient management processes for security - Incident management type
- Supplier-defined controls
- Incident management approach
- Incident management approach is defined in policy and procedure documentation as part of ISO27001. Process follows: identification, impact assessment, containment, eradication, recovery. Incidents are reported through a service desk and are reported through normal account management process unless critical, which are notified within 24hrs.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Wellbeing
Fighting climate change
We are ISO14001:2015 certified and all parts of the business look at how to minimise their footprint, not just CO2, but other elements as well.
For example, the business invested in the development of a water-based magnetic slurry rather than the solvents that had been in use.Wellbeing
Paragon is committed to staff wellbeing providing a wellness platform to help with stress management, sleep and other health self help tutorials. There is also a gym membership and health check-ups provided by a local health/fitness club. If there are more complex issues there is also the provision for counselling to be provided and links to local support groups.
Pricing
- Price
- £3,000 a licence a year
- Discount for educational organisations
- Yes
- Free trial available
- No