Objective Corporation Limited

Objective Connect

Secure content and process sharing for Digital Government. Objective Connect enables government organisations to securely create Workspaces with external partner organisations.

With ISO27001 accreditation and hosted across multiple AWS UK zones, many public-sector organisations are using Connect as their only tool for external secure file sharing and collaboration.

Features

• Information Governance
• Integration with Common Line of Business Systems
• Social Collaboration
• Comprehensive Administration, Auditing & Reports
• Secure File & Document Management
• Task & Process Management
• Native Mobile Apps
• Secure File Sharing
• Secure Controlled Collaboration

Benefits

• Connects Multi-Organisational Business Process & Services
• Maintains Governance Outside of the Firewall
• Empowers True Digital Transformation
• Cost Effective Commercial Model
• High User Adoption
• Low Cost of Management
• Minimises the Impact of Change

£8,309.00 a unit a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mat.graves@objective.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

744114962986425

Contact

Mat Graves
+44 (0)118 2072300
mat.graves@objective.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Content Manager (TRIM) and ; Objective Nexus
• Cloud deployment model: Public cloud
• Service constraints: As defined in Objective Cloud Service Terms and Objective Customer Support Plan.
• System requirements:
  • Supported web browsers, latest version of Google Chrome
  • Supported web browsers, latest version of Microsoft Edge
  • Supported web browsers, latest version of Mozilla Firefox
  • Supported web browsers, latest version Safari (Mac)
  • Supported device environment, latest and prior version of Android
  • Supported device environment, latest and prior version of iOS

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response and resolution time targets are defined in the Objective Customer Support Plan.; ; For the Standard Service Level :; - Support Hours are 10 x 5 ( 8am - 6pm on Business Days).; - 24 hours on Business Days for Priority 1 incidents. ; - Support Portal Hours are 24 x 7.; - Target Response Times by Priority Level are; Priority 1 (30 minutes, within Support Hours), Priority 2 (1 Support Hour), Priority 3 (4 Support Hours) and Priority 4 (8 Support Hours).; - Refer to Customer Support Plan for corresponding Resolution Time Targets and definitions.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Objective provides the following technical support Service Levels:; - Standard; and; - Premium; ; Standard service level is included as part of the Objective Connect subscription. The Premium technical support level subscription costs are determined by applying the specified Premium support uplift. ; Objective supplies the Support Services to the Customer's support contacts. Each customer can nominate up to four (4) Support Contacts who meet the conditions defined in the Customer Support Plan. ; ; Objective adopts the common four-level priority classification arrangement used in the IT industry.; ; Contact for support incidents is with the Objective Support Team.; ; For Objective Connect any third-party (external) participant is entitle to raise support incidents via the Support Portal.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Objective Connect is designed with zero training requirements in mind and most users start using it without any additional help.; Extensive getting started guides, tutorial videos and FAQs are available from:; https://www.objective.co.uk/resources/tutorials.; Our Customer Success team provide skills transfer as part of the onboarding process. Additional training and workshops can be provided as a paid service, if required.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: All documents hosted in Objective Connect can be downloaded at any time.; Audit trail can be exported by administrators to a CSV file at any time.
• End-of-contract process: At the end of the contract users lose the option to create new secure workspaces and to add new documents to their workspaces. Administrators no longer have access to the administration features of Objective Connect. Prior to the end of the contract users and administrators can download all files and audit trails and close all workspaces, which will delete all contents from Objective Connect. 30 days after contact expiry, Objective will delete any remaining files in the account.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The web application is fully responsive and provides the same level of experience on mobile devices.; Additionally there is a native mobile application for iOS and Android devices, which provides full access to the documents and folders hosted in Objective Connect.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Via supported browser or iOS / Android app
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Via testing with Government Customers and in Lab
• API: Yes
• What users can and can't do using the API: The API is public and integration with it is described in the API documentation.; Enhanced functionality available for web applications is available through the API.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Administrators can brand Objective Connect by providing their organisation's logos and colour. This logo is displayed on the log in screen, email notifications and on Objective Connect workspaces. Brand colour is displayed on the log in screen and within the UI.

Scaling

• Independence of resources: Objective Connect is a SaaS solution that can scale up and down as required.

Analytics

• Service usage metrics: Yes
• Metrics types: The Objective Connect administration dashboard provides access to the following metrics: ; Connections are the currency of Connect and are calculated by multiplying the number of participants by the number of documents available in the same workspace. Administrators can view connection count at the account, workgroup, user or individual workspace level.
• Reporting types:
  • API access
  • Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: All documents are encrypted at rest utilising AES-256.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: "Audit trails, containing records of all actions on the users' workspaces can be exported as CSV files through the customers' administration dashboard.; Additionally, Workspace Record's in PDF format can also be generated for download. Presenting all audit events in a concise, human-readable document format."
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • JSon
  • HTML
• Data import formats: Other
• Other data import formats:
  • Users input their information manually (such as names, contact details)
  • Data migration can be provided as a paid service

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: Other
• Other protection within supplier network: Robust network boundary controls provide the data protection within our network.

Availability and resilience

• Guaranteed availability: Availability Service Level (ASL) targets, as defined in the Objective Customer Support Plan:; - Standard level: 99.50%; - Premium level: 99.90%; ; Availability is calculated monthly, using formula in Objective Customer Support Plan. The ASL applies to the production instance of the Cloud Services only.; ; Service Credits regime applies to Customers who have purchase 'Premium' support for their Cloud Service. The Service Credit regime is defined in the Objective Customer Support Plan.
• Approach to resilience: Objective addresses each of the core tenants of information security; confidentiality, integrity and availability (CIA) within the design and execution of Objective Connect.; ; Objective considers the entire 'System' when describing the security posture of any single element. We consider the various processes and procedures throughout the product's delivery and the individual functions involved in delivering and managing the solution.; ; The delivery of any SaaS platform has multiple dimensions that must be considered when defining the overall security posture of the service.; ; The service is comprised of:; ; 1. The application: the people, process, and procedures involved in creating the software to be delivered as a service.; ; 2. The platform: the third-party hyper-scale cloud provider responsible for the supply and base operation of the platform the application is running upon.; ; 3. The delivery: the people, process and procedures undertaken within Objective to continuously refine and optimise the delivery side of the application.; ; Objective takes security seriously, addressing the core tenants of information security across the entire 'System'. ; ; Objective Connect partners with Amazon Web Services (AWS). Integration extends natively to dedicated national networks. Together, this partnership balances the productivity benefits of moving to the cloud with keeping your data safe, secure and sovereign.
• Outage reporting: The Objective support portal contains a news section that is used to notify customers of unplanned outages. ; ; Customers are notified of planned outages via email notifications, product login page updates and the support portal.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Customer access to management interfaces is controlled by assigning users administrator roles. All actions completed by administrators in the system will be recorded in activity logs. ; ; Within Objective, access to the system is controlled by the Information Security Management System (ISMS), which is certified to ISO 27001:2013, and associated access policies. ; ; Access is provided to authorised persons only and on a need-to-know basis. All user account activity is monitored via centralised logging. Where possible, users are given seperate accounts for administrative purposes.
• Access restriction testing frequency: Never
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 07/11/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO 9001
  • GDPR Compliant

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISO/IEC 9001
• Information security policies and processes: Objective maintains a single set of global policy documents for ISO 27001:2013. Objective has a comprehensive set of Information Security policies and processes to manage both Quality and Information Security. ; ; The ISMS defines Objective Corporation’s general approach to information security, the organisation and structure of the information security management system and generic procedures which apply to interested parties including Objective staff - so that they are clear about their responsibilities and can apply the procedures effectively.; ; The Executive Management Team of Objective Corporation is committed to providing the resources needed to implement the information security management system to ensure data and information is managed appropriately. Objective management team ensures that the Information Security Management System (ISMS) is established, implemented and maintained in a planned and systematic manner. ; ; This is accomplished with the appointment of the Chief Information Security Officer (CISO), responsible for the adequate and effective implementation, management and maintenance of the system.; ; In addition to the ISMS policy, a number of additional policies are established, maintained and promoted within the organisation & externally where applicable to our company clients and stakeholders, as part of our commitment to comply with the relevant regulations, acts and statutory requirements as applicable.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The Objective software development lifecycle and security software development lifecycle ensure a complete record from ideation to deployment is created and maintained.; ; The development lifecycle is validated against the OWASP Application Security Verification Standard. During the early ideation phases, software concepts, application requirements, security requirements and decisions are all captured.; ; Throughout the development and maintenance lifecycle of the product, all decisions are captured and linked directly to source code assets. During the run phase of the service, all support tickets are captured and linked to related decisions, source code assets and deployments.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: As part of measures to ensure the security of our source code Objective undertakes a range of security vulnerability detection and remediation measures. Vulnerabilities can be created or inherited, our software development lifecycle addresses both.; ; Vulnerability assessments leveraging Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) are undertaken. In addition, automated and manual penetration testing provides further vulnerability assessment.; ; The third-party risk introduced through open-source libraries is addressed with automated open-source risk scanning for vulnerabilities and licence compliance.; ; Where vulnerabilities are identified, Objective will review and prioritise remediation accordingly.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Objective Corporation maintains and monitors the platform for security incidents 24x7. In addition to comprehensive vulnerability detection, protective monitoring extends to the security of source code which is addressed via: ; - Code storage and integrity: Objective source code is contained within resilient source code repositories providing code integrity, malware scanning, and integrity protection.; - Defect discovery and remediation: Objective leverages automated and manual testing of all applications. Testing occurs at multiple levels within source code as well as functional and operational testing.; Incidents are responded to as per the Security Incident Response Plan.
• Incident management type: Supplier-defined controls
• Incident management approach: Objective maintains a Security Incident Response Plan as part of our ISO 27001 certification, aligned with the NIST Computer Security Incident Handling Guide (SP 800-61 R2) phases:; •Preparation – covers the period prior to an incident and includes the creation of incident response plan, ensures key staff are aware of the plan.; •Detection and Analysis – The Security Manager determines the category and required communications. ; •Containment, eradication and recovery – Contain to prevent further damage, progress to eradicate the incident and recover the impacted systems.; •Post-incident activities - Post Incident Reviews are conducted for each Incident, includes root cause analysis.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • Scottish Wide Area Network (SWAN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity

  Fighting climate change

  Fighting climate change; Objective’s mission is to create software that makes a difference. Using Objective software, thousands of public sector organisations are shifting to being completely digital. Where our customers can work from anywhere; with access to information, governance guaranteed, and security assured. Innovation is our lifeblood. We invest significantly in the ongoing development of our products to deliver outstanding solutions to the public sector and regulated industries. The result – stronger national and community outcomes, and accountability that builds trust in government. Through the delivery of these projects, our services greatly reduce the number of physical documents (which end up as paper waste), whilst greatly improving the efficiency of our secure document distribution processes – in turn allowing them to provide greater services to the public with the same or reduced amount of taxpayer funding. Objective Corporation UK Limited (Objective UK) is committed to achieving Net Zero emissions by 2050. A copy of our Carbon Reduction Plan can be viewed on our website.

  Equal opportunity

  Equal opportunity; We recognise the value that different backgrounds, experiences and perspectives can bring to the business, and we oppose all forms of unlawful and unfair discrimination or victimisation. Objective’s Commitment: • To create an environment in which individual differences and the contributions of all our people are recognised and valued. • Selection for employment, promotion, training, or any other benefit will be based on aptitude and ability. • Every employee is entitled to a working environment that promotes dignity and respect. • Training, development, and progression is available to all employees. • To promote equality and diversity in the workplace. • To regularly review all our employment practices and procedures to ensure fairness. Diversity and Inclusion: We continuously strive to create a workplace that’s dynamic, diverse, and full of talent. A testament to this commitment was being certified as a Great Place to Work in 2023. We focus on purpose in everything we do, and offer our people continuous professional development, financial stability, flexibility, and an inclusive environment. Diversity, Equity and Inclusion (DEI): Our workforce reflects a diverse range of backgrounds, ensuring an inclusive and equitable environment. We are dedicated to fostering a culture that celebrates differences and promotes equal opportunities for all. DEI at Objective is not just a tick-box exercise, it’s a business imperative. We launched our 2023 DEI strategy to support further growth and creativity. Beyond this, we celebrate the diversity of our people through regular events during the year. Women Rising Programme: Launched in 2023, this is a holistic leadership and professional development programme. Open to all women, whether they are a manager or an individual contributor, it is designed to empower women and provide participants with the tools, knowledge, and inspiration so they can excel.

Pricing

• Price: £8,309.00 a unit a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: A 30-day, no obligation free trial is rapidly activated for you. ; ; The trial includes our fully featured trial edition that allows you to create secure workspaces in the cloud, invite unlimited users and apply granular controls to protect your sensitive information.; ; Trials do not include Connect Link.
• Link to free trial: https://www.objective.co.uk/products/connect-free-trial

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mat.graves@objective.com. Tell them what format you need. It will help if you say what assistive technology you use.