Skip to main content

Help us improve the Digital Marketplace - send your feedback

BEMROSE BOOTH PARAGON LIMITED

PersonIQ - Cloud solution driving smart services

Paragon ID is a leader in identification solutions, in the e-ID, transport, smart cities, traceability & brand protection sectors. Using the latest technologies such as RFID and NFC, it provides smart cards, tickets, labels and tags to worldwide clients in diverse markets including public transport, manufacturing, logistics, gaming and retail.

Features

  • Smart Card Bureau Services
  • Card Management System (PersonIQ)
  • Smart Printers & Consumables
  • Support & Maintenance
  • Hardware Supply
  • Software Development
  • Digital Mobile Access and Ticketing Solution
  • Application Administration Services

Benefits

  • Over 20 years experience
  • Global supply chain
  • ISO certified 9001, 14001, 27001, 45001
  • Cyber Essentials
  • ITSO Certified (including EV3)
  • Ecovadis accreditation
  • Working across UK, Ireland, US, South America, Australia
  • High profile client across Transit, Government, Education and Hospitality

Pricing

£3,000 a licence a year

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at duncan.collingwood@paragon-id.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

7 1 7 8 5 0 6 9 0 5 5 5 1 6 7

Contact

BEMROSE BOOTH PARAGON LIMITED Duncan Collingwood
Telephone: 07435 284 986
Email: duncan.collingwood@paragon-id.co.uk

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
HR and student management systems, transport systems, ticketing systems,
Cloud deployment model
Private cloud
Service constraints
"Should any outages for maintenance be required, these will be scheduled for out of hours to minimise affect on services.
Platform is tested to run on Microsoft based OS (MS server, Windows etc.), with Front/End browsers tested on Edge and Chrome.
Some support for specialist external hardware Peripherals such as card printer/encoders (Zebra, Matica, Evolis for example), OCR camera readers, barcode scanners and card readers"
System requirements
  • Up to date browsers (edge, chrome)
  • Windows 10 or above

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response times will be different depending on the query. Priority Queries and issue will have a response within 2 hours, normal requests will have an initial response within 2 hours and a more details response within a week. Change requests will be analysed and a quote issued within 2 weeks, unless highly complex and an updated timescale given. Operating hours are 0900-1700 Monday to Friday and so requests outside of that time will be delayed
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
As part of the service an account manager will be allocated to the customer throughout the delivery and operations of the system.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Online training for fully digital products
For deliveries that include hardware such as Printers, card readers or barcode scanners - an onsite training visit may be scheduled
Documentation of user elements can also be provided
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
This is conducted by the software development team rather than directly by the customer. The data extraction request would be made as to the scope of data required to be sent, though with data retention taken into account. The data can be provided either as the complete database extract as a database format with the full data structures in place or can be exported in a .csv file for specific data tables that are required if the full database is not required
End-of-contract process
The price of the contract includes an export of the complete database without any modification or the extract of certain tables directly into .csv without any translation or modification. The complete decommissioning of the tenancy within the system in a SaaS platform if not separate to include all data, logs, configurations and customisations. Connections to 3rd parties and client sites will be dissolved and all aspects of access control deleted such as certificates. Any supported data migration activities to another partner, working with 3rd party or consultancy of migration activities outside of the above, data translation or modification, continued licenses will be additional cost

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
Application to install
Yes
Compatible operating systems
Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Screens for each type have been optimised for the different format and OS for the device.
Digital Business card features expected use is mobile, but can be used on desktop.
Card printing and access control management only available on desktop
Service interface
No
User support accessibility
None or don’t know
API
Yes
What users can and can't do using the API
API is only for use with service build front-end screens and is not intended for integration with other services; though could be done if required.
API documentation
No
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Users who have been given access to customisable settings can change the background, logo and other visual features.
Certain optional data fields can also be toggled on/off as required.
Templates can be designed or redesigned, allocated to different groups with other - templates could be card or letter templates or digital screen colours and layouts of certain features.
Some reports can be customised by the user, though new reports can be created by software team and added to the self service portal.

Scaling

Independence of resources
Access is multi-threaded and resources are monitored. The system is monitored in real time and should peak time resources reach 80% of performance or capacity metrics then additional resources will be allocated or scaled to ensure no degradation of service for users.

Analytics

Service usage metrics
Yes
Metrics types
Number of users in last x time period, how many uses of a web page, number of cards produces, number of requests made. Up time, performance metrics
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Zebra card printers, Evoli card printers, Matica card printers

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
The system has reporting built in, with reports not only shown on screen but also able to export into .csv format.
Should a larger extract or a different report be required, this can be requested through the customer services team and the data supplied.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
99.5% over a month. Service credits are awarded for all SLAs not adhered to and are used to establish a refund amount
Approach to resilience
Available on request
Outage reporting
Service outage creates an automated alert to the service team who will send the issue out to the correct team for investigation and also communicate, either by phone or email, with affected customers with a description of the issue and its impact as well as any pertinent information.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Higher level access accounts, such as management or support can be accessed as normal users with a user name and password; this can also be supplemented with external SSO option, such as Azure and 2FA can also be enabled. This is all at request of the customer rather than as default.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
NQA
ISO/IEC 27001 accreditation date
22/11/2023
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
There are currently 25 policies and 32 procedures covering all elements of ISO27001 controls to include: User and password, supplier, change control, business continuity, patch policy, security in development, network security, data protection, encryption and security incident policy.
There is a Security compliance team who ensures policies are followed, requesting evidence of compliance where manual processes are in place or accessing logs and other digital documentation and correlating to the controls in place; this occurs continually throughout the year to ensure compliance across all parts of the business.
Should a deficiency be found, this is reported to the relevant manager who must take action to remedy the deficient control within a few weeks. The security compliance team monitors this closely until satisfied that the controls are being followed.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
ISO27001 certified with CAB and change management processes in place for all elements of the systems (infrastructure, configuration and software).
All changes are logged via various tools (lansweeper, Syslog and SIEM tool) and code is tracked in GitHub for version control and quality gateway.
Any changes that may affect security, is deployed to systems that have monitoring that will flag deficient controls via SIEM tool.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
If an exploitable vulnerability has been identified, appropriate mitigative actions are taken immediately. Otherwise, aligning to NIST CVSS scores, patches are deployed as below:
‘Critical’ - within hours;
‘Important’ - within 2 weeks of a patch becoming available (Ref: Security NCSC.05.2)
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Follow ISO27001 controls. SIEM tool and log analysis are used to identify potential compromises. For any alerts or suspecions, a response is made immediately to investigate further and will be picked up by security team with senior management made aware.
Should initial investigation identify an issue, this follows incidient management processes for security
Incident management type
Supplier-defined controls
Incident management approach
Incident management approach is defined in policy and procedure documentation as part of ISO27001. Process follows: identification, impact assessment, containment, eradication, recovery. Incidents are reported through a service desk and are reported through normal account management process unless critical, which are notified within 24hrs.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Wellbeing

Fighting climate change

We are ISO14001:2015 certified and all parts of the business look at how to minimise their footprint, not just CO2, but other elements as well.
For example, the business invested in the development of a water-based magnetic slurry rather than the solvents that had been in use.

Wellbeing

Paragon is committed to staff wellbeing providing a wellness platform to help with stress management, sleep and other health self help tutorials. There is also a gym membership and health check-ups provided by a local health/fitness club. If there are more complex issues there is also the provision for counselling to be provided and links to local support groups.

Pricing

Price
£3,000 a licence a year
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at duncan.collingwood@paragon-id.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.