tlmNexus Ltd

Requirements Management (Derive)

Management of system requirements from an initial request for a change through assessment and approval to solution development and implementation. Enables users to forecast when the new requirement will become available in the field by providing visibility of the steps required to achieve this.

Features

• User access controls and permissions for secure and role-based accessibility
• Approved hosting accessible via MODNET
• Compliant with MoD Network policy and JSP 440 procedures.
• Web-based enabling remote access across local intranets.
• Collaborative architecture with configurable workflow and process
• Easy to use, advanced ‘Google style’ search.
• Web Services or Assured Messaging enables integration with third-party tools.
• Comprehensive configurable management reports.
• Can be used for Air, Land and Sea systems.
• Easy to Use: Intuitive UI reduces the User training requirement.

Benefits

• Capture improvement suggestions directly from users to identify requirements.
• Progression and tracking of requirements from initial concept to embodiment.
• Tracks the tactical embodiment of strategic capability onto your platform.
• View all requirements to inform decisions regarding priority and funding.
• Enables forecasting for the deployment schedule for new capability.
• Delivers a complete audit trail for each requirement.
• Promotes prompt decisions that follow agreed timelines and workflow.
• Links requirements to authorised business cases & budgets.
• Visibility of records and workflow status for all authorised users.
• Ownership of records and workflow allocated to individual users.

£10,000 to £25,000 an instance a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tharris@tlmnexus.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

728139143316277

Contact

Tony Harris
07765866080
tharris@tlmnexus.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: No
• System requirements: EUD with a supported browser installed

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: ITIL Service Desk Monday-Friday 0800-1700 but can be tailored to meet customer needs. Different response times depending on type of ticket but can be tailored to meet customer needs, but target is for all tickets to have an initial response within an hour.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: The support includes phone, email, ticketing system and periodic on-site support on the customer floorplate. Enhanced levels of support can be provided at additional cost under the tmNexus Lot 3 Cloud Support Service. More detail can be found in our service definition and pricing documentation. The service will be supported by access to a Customer Account Manager, Integration Engineer and a Product Trainer.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We gather configuration requirements and provide awareness briefings as required to assist in the change management. Training (including E-Learning) and user guides are provided for users and a period of early life support is provided once service goes live to provided added support to users. In normal times we would do most of this work face to face at the customers site. We have now moved to offering a more remote service with interaction including training through Skype, Webex or TEAMS. We strive to tailor our service approach to meet the needs of the customers.
• Service documentation: Yes
• Documentation formats:
  • ODF
  • PDF
• End-of-contract data extraction: The data belongs to the customer throughout the contract period. If the contract is not to be renewed then the data is requested. Data will be off-boarded in a format in line with Government Open Standards Principles. Data repatriation details will be defined by the Customer in consultation with tlmNexus and funded as part of the standard service subscription over the last 30 days of the order.; If the customer has any non-Standard data migration requirements then these may be met on a case-by-case basis, but an additional off-boarding charge may apply. This would require a Cloud Support order the price of which would be investigated and calculated using the SFIA Rate Table. In this event, data will be delivered no more than 30 days after the associated payment is received.
• End-of-contract process: Return of customer data in an agreed format.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: The products are highly configurable by tlmNexus to meet the customer needs including fields, processes and workflows. We encourage early engagement with prospective customers to discuss their requirements and agree a way forward.

Scaling

• Independence of resources: Systems Monitoring and Capacity Planning

Analytics

• Service usage metrics: Yes
• Metrics types: Service and System Availability, Incident Resolution, Service Request resolution, Ticket Management etc all reported monthly against agreed contractual SLA performance
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: In some areas of the service offerings users are able to export data themselves from grids. Dashboards and reports are offered as a reporting medium to assist users define their areas of interest which can be downloaded. Where the exact data requirements are not offered automatically it would need to be requested from tlmNexus.
• Data export formats:
  • CSV
  • Other
• Other data export formats: XML
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • .doc
  • .docx
  • .xls
  • .xlsx
  • .pdf
  • .eml
  • .jpg
  • .gif
  • .tif

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: System availability is 95% across the life of the service. We have a service credit scheme if we fail to meet the SLA performance measures.
• Approach to resilience: All services are designed for N+1 resilient. More details can be made available on request.
• Outage reporting: We notify outages via our portal messaging. If this not available as it is an unplanned outage and not available then we notify agreed customer contacts with the details and updates

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
• Access restrictions in management interfaces and support channels: Limited access over government network (for example PSN) or if cloud hosted 2FA authentication handled by supporting directory services such as Entra ID and Azure Business to Customer (B2C).
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 30/11/2023
• What the ISO/IEC 27001 doesn’t cover: MoD Network elements and MSP service Logiq DISX
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO/IEC 27001:2013, with regular review to ensure compliance

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: TlmNexus defined ISO 27001:2013 and ISO 9001:2015 processes. All proposed changes to hardware and our products are initiated by holding a Technical Assessment panel to highlight and discuss any concerns.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: TlmNexus defined ISO 27001:2013 and ISO 9001:2015 processes. Security threats are monitored and patches applied in line with guidance.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: TlmNexus defined controls, follows GPG13
• Incident management type: Supplier-defined controls
• Incident management approach: Follows GPG24.; Users report via our online Service Desk app or telephone or email. The progress of the incident will be reported using the Service Desk app and users can follow progress and also update the incident as required.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Other
• Other public sector networks:
  • MOD RLI
  • MOD ALI

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Digitisation of customers' manual processes reduces the need to travel to collaborate. Digital records saves both paper and physical storage facilities. As a Company, we have moved to a hybrid way of working to support work life balance, reduce travel and therefore the impact on the environment and amended the office to provide a safe working environment. We have a Cycle to Work scheme and are about to launch a cycling related charity activity to encourage good health and to raise money for our charities.

  Covid-19 recovery

  As we continue to emerge from the Pandemic, we have continued a steady growth. We have a strategic focus to offer permanent contracts to provide our employees with a sense of security. ; We strongly support development and growth, investing £60k in training for our employees in 2023. We also sponsor personal learning time with an hour paid learning a week.; We provide an annual pay rise, and continually review our salaries and benefits provision, increasing and changing them, to ensure we provide financial stability for our employees.; Where possible we use local companies to provide services for us, including office services, catering, social events and recruitment.; We invest in our employees’ health, recently launching a health cash back plan benefit, mental health app, and regularly take part in activities that support us socially to bind us together as a community.

  Equal opportunity

  We are a signatory to the government Disability Confident scheme and registered as a Disability Confident committed employer. Our recruitment practices are already very inclusive, we accept applications in a variety of formats, we do not tolerate any form of discrimination and we adapt our interview processes as needed. We are continually looking at ways we can revise our attraction campaigns to reach a wide range of applicants. Plus we are currently looking at ways to ensure all our information is in multiple accessible formats.; We support our employees with any adjustment that they need. We provide support in the area of mental health. Aligned with Stress Awareness month, we ran a campaign with a different activity every day to encourage proactive action for people to create positive mental health.; We strongly support inclusivity and have a supportive culture in tlmNexus defined by a Culture Charter. We have a number of Diversity, Equality and Inclusivity (DEI) activities planned for this year to increase education for employees and create a welcoming environment where people can be their authentic selves.; We are a member of the Living Wage Foundation, however we see this as the bare minimum we would even consider. In fact, we have never paid this rate of pay, even for our lowest paid employee, we always look to pay the median rate of the range in the market.; We have a Modern Slavery and Human Trafficking Statement and are committed to respecting all human rights. We continually review our policies, procedures and supply chains to ensure we are conducting business in an ethical and transparent manner and in compliance with the Modern Slavery Act.

  Wellbeing

  We have a comprehensive wellbeing strategy that doesn’t just encompass the normal physical and mental health focus, we also include financial and social wellbeing as well. We align our benefits and company activities to the wellbeing strategy. Some examples of our activities are a monthly long campaign of daily exercises to support employees to manage their stress, a pensions awareness day presentation, a financial wellbeing webinar, numerous physical activities such a Christmas card national delivery physical challenge event. Often the physical activities are linked to raising money for our charities. Our colleagues nominate 3 charities a year which we raise money for. As well as the corporate charity events, we encourage our employees support community activities and provide up to 5 days paid leave per year for them.

Pricing

• Price: £10,000 to £25,000 an instance a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Access to a generically configured version of the service can be made available, on request, for a period of a month for a limited number of users to evaluate the service

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tharris@tlmnexus.com. Tell them what format you need. It will help if you say what assistive technology you use.