DLT APPS LIMITED

QKVIN Customer Onboarding

Qkvin's digital identity empowers organisations to revolutionise how customers interact, ensuring safety and security—every customer you onboard successfully are assigned a digital identity after successful verification.

Features

• Customisable policies for individual and business clients
• Identity verification
• Document extraction and validation
• Secure storage
• Optional Signature Capture and Address Verification

Benefits

• Faster client onboarding
• Reduced paperwork
• Enhanced security and compliance
• Cost savings

£25 to £1,000 a user a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at santosh.reyes@dltapps.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

752220303838307

Contact

Santosh Reyes
+447787702631
santosh.reyes@dltapps.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Customer lifecycle management; Customer Onboarding; Customer screening
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: Standard support is provided during UK business hours
• System requirements: NA

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Response in 4 hours for non critical issues. within 1 hour for critical issues
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We don't provide L1,L2 support as we provide training to users to be able to handle L1, L2.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: DLT apps provides onsite and online training along with user documentation
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Users and customer data will be provided as database dump
• End-of-contract process: All user data will be provided to the buyer before the service is stopped. Transition or migration to other system or service will be additional cost

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None from a functional perspective
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Users are provided access to production and non production APIs. Changes are first made to dev and test environments.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: Each service is independently scalable for each user

Analytics

• Service usage metrics: Yes
• Metrics types: Number of users; Number of customers
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: API/microservice based
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: 98% uptime. Refunds can be discussed and mutually agreed
• Approach to resilience: Our service supports active active across two regions (3 AZs each) and it support zero data loss and a 30-minute recovery time
• Outage reporting: Email alert and an update on the website

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Ensure that the information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Information security policies can be provided on request

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: As we offer multiple financial solutions to our clients, there is a need to provide a documented change management process that covers key infrastructure & security capabilities and network configuration. This is primarily to mitigate the risk of unrestricted access to the supplier network or missing an attempted intrusion, which could result in exposing the confidentiality of confidential information as well as misconfigurations that could potentially interrupt services affecting its availability.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerability scans of the network are conducted at least quarterly or after any significant change. ; Security vulnerabilities in products and services should be identified on an ongoing basis using of native security solutions (such as AWS Security Hub, Artifactory Xray etc); Vulnerability scanning solutions or tools are used to discover and manage vulnerabilities in all infrastructure and assets used to store, process, access or transmit confidential data monthly.; Failed vulnerability scan results will be remediated and re-scanned until all Critical and High risks are resolved. ; Any evidence of a compromised or exploited Information Resource found during vulnerability scanning are reported
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Vulnerabilities are prioritised based on NIST Common Vulnerability Scoring System (CVSS). The highest priority is given to vulnerabilities rated Critical (CVSS 9-10) or High (CVSS 7- 8.9).; Remediation plan; Critical (CVSS 9-10) Vulnerabilities:; Corrective action plan within two weeks.; Remediate vulnerability/mitigate risk within 30 days; and remediated using an emergency release/patch process.; High (CVSS 7-8.9) Vulnerabilities:; Corrective action plan within 30 days; Remediate vulnerability/mitigate risk within 60 days.; Other Vulnerabilities; If < 100 resources (virtual machines, containers) are impacted, can be resolved based on the availability of resources.; If > 100 resources are impacted, this may raise the vulnerability level.
• Incident management type: Supplier-defined controls
• Incident management approach: Personnel are required to promptly report possible or known information security and confidentiality violations to DLT Apps IT & DevSecOps; ; All incidents should be logged in the Opsgenie for incidents; ; All reported incidents must be assessed by DLT Apps IT to determine the threat type and activate the appropriate response procedures; ; he incident should be validated and prioritised based on the impact to business (A high priority incident would be something affecting multiple users or the entire product, a lower priority would be something affecting single or limited user

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Tackling economic inequality

  Tackling economic inequality

  The service provides customer identity verification and due diligence to prevent financial crime thereby tackling economic inequality

Pricing

• Price: £25 to £1,000 a user a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: All the functional features are included in test environment for a period of 15 days

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at santosh.reyes@dltapps.com. Tell them what format you need. It will help if you say what assistive technology you use.