SynApps Solutions Limited

Opentext Documentum Cloud Service

SynApps Solutions Electronic Content Management Cloud Services (ECM) is based on OpenText Documentum Enterprise Content Services best of breed platform, providing a modern browser based solution which enables organisations to meet statutory compliance needs, and provide a cost effective collaborative platform to content enable business applications.

Features

• Capture and management of all types of electronic content
• Capture of scanned images, and MS Office documents
• Capture of rich media such as images, video and audio
• Easy integrated with line of business applications
• ECM features a high performance search and retrieval engine
• Provides mark-up and annotation tools for note taking
• Highly secure EDRM platform with multiple layers of control
• Intuitive Collaboration features
• Opentext Documentum D2 Content Services Platform
• Records Management

Benefits

• Substantial cost savings for management of enterprise content
• Provides basis for implementation of electronic record management processing
• Highly scaleable, on-demand solution
• Assured Security. Highly resilient Tier3, UK sovereign data centres
• Format Agnostic
• Enables legislative records compliance such as GDPR
• Fully auditable platform
• Cloud Content Services
• Enables Information Lifecycle Management

£15 a person a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at james.paton@synapps-solutions.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

749364002290709

Contact

James Paton
+44 (0)8702 405143
james.paton@synapps-solutions.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: Support availability 08:30am - 5.30pm. Mondays - Fridays excluding UK Bank Holidays as standard.
• System requirements:
  • Windows 7, 8 or 10 on the users desktop environment.
  • Mac OSX

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We aim to assess and respond to ALL Priority 1 incidents within 1 hour when raised during the normal business hours of 08:30-17:30, excluding Bank Holidays and Weekends.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: SynApps Solutions standard support includes Service Managers, Infrastructure Engineers, and Application Support Engineers operated out of our Hatfield support office. We aim to assess and respond to ALL Priority 1 incidents within 1 hour when raised during the normal business hours of 09:00-17:30, excluding Bank Holidays and Weekends.; ; Please see our service definition document for a complete breakdown of our service levels.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: All new customers are assigned a Project Manager that will provide planning, proactive support and advice for the initial onboarding of the service. This will lay out timelines and procedures for the enablement of the platform for the customer. During this period the Project Manager will be responsible for engaging the assigned Service Manager to the customer and preparation of key service documentation. Additional services may be explored as required to engage additional training or configuration tweaks to the service.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: The customer has complete complete control on how their data is exported although additional costs may apply.; ; A typical exit process would be as follows from the hosted environment on request, extract the data from the repository and provide the configuration source files. The extracted data will be typically provided in XML format for data and original native format for the content files. In addition any implementation source code/configuration for the solution will be exported from the code repository and supplied along with the data.
• End-of-contract process: We will return all your data and materials which cannot be deleted or exported by you, typically we will provide an as is snapshot of the repository. A more complete export which required the manipulation of the data from original structure in the repository will attract additional exit fees. ; ; We will not penalise you for terminating your contract with us unless specifically stated in the Service Definition and within the first year. We will also return all of your confidential information, unless there is a legal requirement that we keep it.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • MacOS
  • Windows
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Opentext Documentum API is a Java-based technology and is deployed on standard Java EE technology (e.g. Apache Tomcat). Integration with other systems is via multiple mechanisms but includes Web Services and RESTful APIs for access to and from other technologies such as .NET.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Additional configuration can be added in to the service in the following forms. For example custom meta-data specific to a customer's business requirements. In addition business specific Workflows can be configured and added to the service to augment existing business processes. This configuration would be carried out by the Supplier on the customer's behalf.

Scaling

• Independence of resources: Resources provided for the service are provisioned on uncontended hardware.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide standard KPI's for the services which include but are not limited too the following: -; * User Usage, including monthly logins, peak sessions, login failures.; * Platform performance in the form of Network throughput, CPU & Memory Usage; * Storage use.
• Reporting types:
  • API access
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Opentext

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Physical access controls are managed by our hosting partner.
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: The user interface provides users with the ability to perform one-off exports as required, or if a bulk export this can be arranged with our professional service's teams.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • All content is exported in its native format.
• Data import formats:
  • CSV
  • Other
• Other data import formats: XML

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: All services within the network are protected by dedicated firewalls. Keeping services seperate to ensure that data cannot be comprised.

Availability and resilience

• Guaranteed availability: 99.95%
• Approach to resilience: Our service is deployed across a number of zones. Each zone is designed to eliminate single points of failure (such as power, network and hardware).
• Outage reporting: All outages will be reported via email notifications service. Outages are identified as Planned maintenance, Emergency maintenance, and platform issues. In addition, the designated Service Manager will proactively contact customers as appropriate.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
  • Other
• Other user authentication: For authentication purposes users are typically presented with a username and password screen for authentication or if one of the Single Sign On (SSO) has been taken then the user is logged in straight away.
• Access restrictions in management interfaces and support channels: Opentext Documentum verifies that a user is who they claim to be. A user’s credentials can take many forms and can be validated in a number ways. For example, a password validated against an LDAP directory, or a Kerberos ticket validated against a Microsoft Active Directory Server, it may integrate with the Java Authentication and Authorization Service (JAAS). A user ID can also be presented as an HTML attribute over HTTPS to integrate with web-based single-sign-on solutions, this maybe extended to write your own authentication integration. Opentext Documentum also offers support for SAML.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: Latest Revision Date: 14/04/2020
• What the ISO/IEC 27001 doesn’t cover: The whole organisation has been included in the certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: CyberEssentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: As part of ISO 27001 certification we maintain a formal Information Security Management System, under which we maintain our Information Security Policy. The information security policy approval is conducted as part of the quarterly management review meetings which is driven by at least two directors and the Security and Compliance Manager.; ; Our Information Security Policies are subjected to a regular internal audit for which we have a pre-defined schedule of areas of the ISMS (ISO 27001) which are to be audited. The schedule ensures that all areas of the ISMS Scope are audited at least annually and, in some areas, twice a year. This is to ensure that appropriate adoption of the policy is monitored within the organisation. The auditor may be an individual within the organisation appointed to audit a specific area of the business.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: SynApps Solutions has documented configuration and change management policies and processes, which have been implemented, maintained and assessed in accordance with best practise with ITIL and in-line with the change control procedure defined in our ISMS as part of our ISO27001 accreditation. Formal configuration management activities, including record management and asset reporting, are monitored and validated constantly, and any identified discrepancies promptly escalated for investigation.; ; Typically as part of the onboarding service where the customer has specific change control procedures then we will integrate with these.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: SynApps Solutions vulnerability management policy and process, which has been implemented, maintained and assessed in accordance with the guidance from the ISO27001 standards. SynApps Solutions receives regular updates where from the vendor suppliers, taking action where and when it is appropiate to the service. For other systems and software we monitor news letters published by our partners and reports published by industry standard news outlets to promptly identify and evaluate any emerging vulnerabilities which require our attention.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Following best practice from the National Cyber Security Centre, SynApps Solutions protects the proposed platform with enhanced protective monitoring services (SIEM). Protective Monitoring is pro-actively operated by our partner Falanx Assuria whose approach to protective monitoring continues to align with the Protective Monitoring Controls (PMC 1-12) outlined in CESG document GPG13 (Protective Monitoring for HMG ICT Systems). It includes checks on time sources, audit monitoring, boundary traffic where not covered by UK Cloud, suspicious activities, network connections amongst many others. All alerts are immediately notified to the SynApps Solutions infrastructure team for prompt investigation.
• Incident management type: Supplier-defined controls
• Incident management approach: SynApps Solutions has a documented incident management policy and process, which have been implemented, maintained and assessed in accordance with the guidance from ITIL and ISO27001 standards. This activity is responsible for the progression of alerts generated by automated monitoring systems, issues identified by SynApps Solutions personnel, and incidents identified and reported to SynApps Solutions by its customers and partners. All incidents are promptly reported into a central ticketing system, which ensures that each is promptly assigned to an appropriate resource, and its progress tracked (and escalated, as required) to resolution.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

• Fighting climate change:

  Fighting climate change

  SynApps Solutions Limited is fully committed to assisting government and the UK in reaching carbon net 0 by 2050. We recognise that on one hand we operate in an industry which is extremely reliant on both energy consumption, but also has a longer term impact of eWaste. However our technology removes the need for physical records, ie. Paper or X-Ray film. It takes net contributors to greenhouse gas emissions as there are no manufacturing, transportation or physical storage costs associated with the digital record.; As part of our service we are committed to ongoing monitoring and improvement of our environmental impact. As part of this commitment we are as an organisation are going through of bringing into place a set of policies in accordance with the standards laid out in ISO 14001:2015. This will help to communicate and lay out our approach to the environment to our team, customers and suppliers.; Some of these costs are not always tangible, however as part of the ongoing service delivery we aim to report on measurable environmental targets which have been agreed. Which in turn we would look to develop and improve over time by adopting best practice, new technologies and evolving with government policy.; We consult with Local and National Government bodies, enforcing and regulatory authorities, and specialists to seek advice and assistance towards achievement of our Environmental Management Programme to its full potential. We will, at all times, comply with regulations, legislation, codes of practice and other requirements associated with the Company and its operations. Where no laws, regulations or codes of practice exist, we will develop our own standards to allow for the best practicable and financially viable environmental option, not entailing significant and detrimental costs to the Company, whilst considering public, local and interested parties opinions.
• Covid-19 recovery:

  Covid-19 recovery

  Throughout Covid-19 our team has remained fully employed, and we have remained committed to supporting both our staff and customers in getting through Covid-19. Now much of the country is returning to normal we are very much focused encouraging our staff back to the Office both help their own personal well-being and help the economic input to the surrounding area of our offices.; We are very much committed to growth and recruitment of new team members and look to recruit with-in the UK both experienced team members but investment in new graduates looking to start out in the industry.; As part of our social values policies we are keen to continue our support of local charities and community organisations both through the encouragement of our team members to volunteer or support those around them. But also by sponsoring activities and charitable events within the community.
• Tackling economic inequality:

  Tackling economic inequality

  The Company values and actively strives to have a diverse and inclusive workforce in a working environment free from discrimination. An inclusive work culture where people of different backgrounds are valued equally will ensure better outcomes for us all. We continually engage with our staff as well as external partners to help us to understand how we can make our workplace more inclusive and gain an insight into what our staff need most from us. ; The Company actively promotes social and economic equality of opportunity for all candidates, including those with criminal records or other barriers to employment, with evaluation of the candidate based on their fit to our open ethos, ability to do the job and enthusiasm. While positive measures may be taken to encourage under-represented groups to apply for employment opportunities, recruitment or promotion to all jobs will be based solely on merit.; All employees have an active training programme and other career-development opportunities which management actively agree with new and existing employees this typically put in place when they first join the Company. Training programmes can vary and depend based on new technologies or continuous improvement of the employees inter-personnel skills. For example as part of our support delivery we ensure that each employee gets ITIL training as well as training in the technologies we support.; As part of our recruitment programme we engage with the local universities and colleges with their apprentice programmes and will continue to do so as part of the programme of work. We presently anticipating recruiting at least two apprentices to assist in the delivery of the programme of work and grow the team with a number of other staff.
• Equal opportunity:

  Equal opportunity

  SynApps Solutions is a multi-cultural, socially diverse and ethically responsible company who comply with both the letter and spirit of legislation and ensure that this ethos is reflected throughout the company. The company issue regular statements of position which reflect their commitment to social improvement. Our employees are engaged based on their ability, or potential within the business and compensated appropriately in line with the market rate.; As professional services company operating within the information technology industry we operate in a fast moving and innovative environment. It is therefore important that we encourage and nurture employees development both through experience and training. We encourage resources to think outside of the box and develop new strategies to old problems, as this bring benefits to both our customers and our business directly. ; Throughout the lifetime of the contract we will look to continue to recruit new members of the team from a variety of ethnic backgrounds. At present and continuing into the future we are keen to onboard apprentices who can assist with the growth of the business and bring new ideas to our existing contracts. As part of this activity we anticipate the recruitment of two new apprentices to assist with the ongoing support of the platform.; Our pool of resources are 100% UK based and we are keen to continue the growth of the team locally and develop their skills.
• Wellbeing:

  Wellbeing

  SynApps Solutions has in place measures to prevent and manage risks to staff wellbeing, together with appropriate training and individual support. It will also seek to foster a mentally healthy culture by incorporating these principles into line manager training and running regular initiatives to raise awareness of mental health issues at work.; As part of our ongoing commitment to well-being within the organisation we encourage our employees to volunteer for activities outside work to help out in the local community. For example volunteering with the local scout group or helping out with young peoples sporting activities.; We actively encourage sponsorship of local charities and community events and keen to support community, and in association with some of our customers have sponsored community or charitable events which have been driven or raised by our customers.

Pricing

• Price: £15 a person a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at james.paton@synapps-solutions.com. Tell them what format you need. It will help if you say what assistive technology you use.