INFORMU SOLUTIONS LIMITED

Informu Information Asset Register and Management System

The Informu Information Asset Register / Management system stores asset data gathered during an information / system audit, as well as managing your Records of Processing Activities. It also stores your records retention policies, to which assets are tagged. You can keep an audit trail of actions related to assets.

Features

• Asset Collections as business process records or GDPR ROPA data
• Create up to 8 different Assets Types with field templates
• Business Classification Scheme of functions, activities, aligned to retention policies
• Maintain retention policies, across multiple jurisdictions as required
• Tag retention policies to assets with inheritance via BCS
• Establish user security permissions based on roles
• Create and manage fields, including drop down lists
• Search and reporting with report data export and graphical dashboard
• Report writer
• Task management, notifications, approval workflow and audit trail of actions

Benefits

• Support Data Protection legislation and AI regulation compliance
• Identify and address information risks
• Plan Records Management processes and approaches
• Support ISO 27001 compliance
• Support maintenance and implementation of retention policies, logging actions
• Support Business Continuity Planning
• Understand paper holdings, plan office sweeps, moves and changes
• Maintain application software and IT equipment inventory
• Support e-Discovery
• Support knowledge awareness and discovery

£3,600.00 to £7,800.00 an instance a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at reynold@informu-solutions.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

765137813132104

Contact

Reynold Leming
07966397417
reynold@informu-solutions.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: All scheduled maintenance will occur outside of standard office hours. Notification prior to software updates can be set to any number of days or weeks as required by the customer, except for critical updates. Software updates and maintenance can be deferred as required by the customer, except for critical updates and emergency maintenance.
• System requirements: Up to date web browser access for users

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Email support is provided. Target for acknowledgement and initial diagnosis within 1 hour between the hours of 09:00 hrs and 17:00 hrs, Monday to Friday, excluding UK public holidays.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support is included within the annual software service fee. Engineering alerts for servers are provided on a 24/7 basis and will be reviewed during working hours on the next day. Application software support is provided between the hours of 09:00 hrs and 17:00 hrs, Monday to Friday, excluding UK public holidays. A named technical account manager will be nominated.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: A full range of services can be provided including requirements analysis and advice, configuration, data preparation and import, training, support and maintenance. The system is provided with tool tips, user and administrator documentation, as well as useful guides to support configuration and asset audits etc. We can also undertake information and physical asset audits.
• Service documentation: Yes
• Documentation formats:
  • ODF
  • PDF
• End-of-contract data extraction: Back-ups of the SQL data can be uploaded to an FTP server nominated by the customer.
• End-of-contract process: Back-ups of the SQL data can be uploaded to an FTP server nominated by the client. Once this has been completed and accepted, the data on the production server will be securely expunged and the server decommissioned. Unless there are more complex additional requests, this is part of the standard annual fee.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Depending on role based permission sets, users can access and process tasks, access and filter information asset lists, view or edit assets, log actions against assets, undertake searches and run reports. There are systems administration capabilities to manage retention policies, the business classification scheme, custom reports, dashboard graphics, asset types, fields and lists, users, password strength, system alerts, help text, colour schemes etc.
• Accessibility standards: None or don’t know
• Description of accessibility: Commands have icons, drop down lists have large buttons, interface and text is scalable, options for hover over and in-page help text.
• Accessibility testing: None.
• API: No
• Customisation available: Yes
• Description of customisation: Depending on role based permission sets, there are systems administration capabilities to manage retention policies, the business classification scheme, custom reports, dashboard graphics, asset types, fields and lists for assets and collections, users, password strength, system alerts, help text, colour schemes.

Scaling

• Independence of resources: System performance and response times are heavily dependent on the client network environment, internet connection and number of concurrent users. We monitor our software performance closely and will deal with any unforeseen issues as a priority. Subject to this there is a 99.99% up-time guarantee, excluding scheduled maintenance.

Analytics

• Service usage metrics: Yes
• Metrics types: Reports can be provided based upon a format agreed with the customer.
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Never
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Other
• Other data at rest protection approach: TLS 1.2 and SQL Server
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: There is the ability to export the Information Asset Register report data to PDF, Word and Excel.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • PDF
  • MS Word
  • MS Excel
• Data import formats:
  • CSV
  • Other
• Other data import formats: MS Excel Spreadsheet

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: System performance and response times are heavily dependent on the client network environment, internet connection and number of concurrent users. We monitor our software performance closely and will deal with any unforeseen issues as a priority. Subject to this there is a 99.99% up-time guarantee, excluding scheduled maintenance. Refunding is not offered.
• Approach to resilience: The servers are distinct, fully managed units dedicated solely to the service we provide.
• Outage reporting: Email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: Via user name and password. 2 factor authentication is via email. Password complexity rules can be set up based on customer standards.
• Access restrictions in management interfaces and support channels: SSH Secure channel access, with locking to specific IP addresses
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Description of management access authentication: Via user name and password, 2 factor authentication via email and password complexity rules

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials
• Information security policies and processes: The company has policies and processes relating to:; * Information Security; * Business Continuity; * Bring Your Own Device; * Acceptable Computer Use; * Security Incident Management; * IT Systems Security; * Data Protection; * Supplier Vetting; The data centres provide maximum security, with access strictly limited to cleared personnel and monitored by extensive CCTV and access control systems. A comprehensive range of physical security measures are in place to guarantee the safety of data:; * CCTV covering all areas of the data centres and corporate offices; * Highly experienced security guards on duty 24/7, 365 days a year; * Role-based access control swipe-card system across multiple secure areas to ensure absolutely no access by unauthorised personnel; In terms of the boxes themselves:; the servers are distinct units dedicated solely to the service we provide, and managed directly by us, ensuring that nothing else running on them can jeopardise their security. They are firewalled to allow higher-level access only to a specific range of physical locations, and the software itself manages access over an SSL connection.; Relevant ISO and Cloud security standards for the hosting location can be provided on request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Formal change management for system changes and updates are not implemented by default, but can be discussed if required. Applying and configuring service packs, security patches and software updates to the SaaS server occurs on a proactive basis as part of the provision of a fully managed service. Data Protection Impact Assessments can be performed on customer request.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our hosted SaaS service operates in a cloud environment with vulnerability checking controls. We are wholly responsible for the machines and software, and so scan them regularly for issues using standard MS server technologies. We follow security and information governance best practices. Applying and configuring service packs, security patches and software updates to the SaaS server occurs on a proactive basis as part of the provision of a fully managed service. Relevant ISO and Cloud security standards for the hosting location and provider can be provided on request. They conduct regular security tests on their infrastructure.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The data centres provide maximum security:; * CCTV covering all areas of the data centres and corporate offices; * Highly experienced security guards on duty 24/7, 365 days a year; * Role-based access control swipe-card system across multiple secure areas to ensure absolutely no access by unauthorised personnel.; The servers are distinct units dedicated solely to the service we provide, and managed directly by us, ensuring that nothing else running on them can jeopardise their security. They are firewalled to allow higher-level access only to a specific range of physical locations, and software itself manages access over an SSL connection.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents identified internally will be handled and escalated according to standard procedures; incidents identified by customers may be reported by telephone or e-mail. Incidents will be categorised and managed according to their nature and the type of data affected:; The Breach Management Plan addresses:; 1. Containment and recovery.; 2. Assessment of ongoing risk.; 3. Notification of breach.; 4. Evaluation and response.; Full logs of incidents are recorded and retained. Reporting processes will be agreed with the customer.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Based on our Environmental and Sustainability Policy. We also provide a number of services to support ethical and environmental best practice in the dispersing of workplace furniture and IT assets. This includes donation, reuse and resale. We also undertake the ethical mining and reuse of earth elements from ICT equipment. Informu is Good Business Charter accredited for ESG and we also undertake separate ESG consultancy services for clients, where we put the fight against climate change at the heart of our recommendations.

  Covid-19 recovery

  As part of our strategy for social value, we support a variety of community activities, including sponsoring a 5-a-side football team and supporting a local theatre. We also facilitate the donation of used customer furniture and IT assets to charities and not for profit organisations, including youth clubs, day centres and other activity groups for a range of ages.

  Tackling economic inequality

  We pay fair rates, taking into account the real living wage. We also facilitate the donation of used customer furniture and IT assets to a wide range of charities and not-for-profit organisations.

  Equal opportunity

  Based on our Equal Opportunities Policy, we apply non-discrimination to the process of recruitment and selection, promotion, training, conditions of work, pay and benefits and to every other aspect of employment. Likewise, we apply the same principles in our sourcing strategy for suppliers.

  Wellbeing

  Our Mental Health & Wellbeing Strategy is based on 5 key components:; ; 1. Work-life balance; 2. Health & Safety; 3. Employee growth & development; 4. Employee recognition; 5. Employee involvement; ; Additionally, we undertake periodic Staff Wellness Surveys. Our Essex premises were chosen due to its multi-faceted approach to employee health and wellbeing, including break-out areas, an on-site gym and overall focus on community activity for tenants and locally.

Pricing

• Price: £3,600.00 to £7,800.00 an instance a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at reynold@informu-solutions.com. Tell them what format you need. It will help if you say what assistive technology you use.