CAM Management Solutions Ltd

Policy Management

Enables an organisation to effectively manage the complete policy life cycle from creation to end of life and distribution. Ensure effective collaboration, reviews, sign offs, and updates in once central location. Link to regulations, risks or incidents to facilitate a comprehensive approach. Enhance organisational awareness through targeted distribution and attestations.

Features

• A single, secure online repository for all policies and procedures
• Ability to link policies and procedures to laws and regulations
• Permissions based access based on configurable business rules
• Link policies to risk, compliance and incident management
• Dynamic, flexible workflows for policy management across the organisation
• Ensure correct policies are available to staff
• Full audit trail
• Monitor activities with configurable reports and online dashboards
• Ensure compliance through individual attestations
• Policy portal to distribute policies on a permissions basis

Benefits

• Policies kept current and aligned with applicable laws and regulations
• Effective management and oversight of documentation in a single system
• Policy life cycle can be consistently managed and reviewed
• Easy to use software and interface supports user adoption
• Ensure the organisation has visibility on policy compliance and adoption
• Track policy compliance across the organisation through attestations

£8 a person a month

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tendersuk@cammsgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

813662238621315

Contact

Daniel Kandola
+44(0)7738763147
tendersuk@cammsgroup.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: Planned Outage: Prior to a planned outage Camms will send a notification email to all system champions 2 weeks prior to the outage. Within this notification all details will be provided including time, date, length of outage and reasoning. Camms will maintain all planned outages after business hours.; Further, Camms will Deploy severity 1 maintenance releases after business hours which will not be communicated two weeks in prior due to the urgency of the severity 1 incident. However, all the maintenance will be conducted after business hours.
• System requirements:
  • Microsoft Edge
  • Google Chrome
  • PDF Viewer
  • Other common web browsers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times remain same as the weekdays.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: 1 - Complete Loss of Service - 4 working hours; 2 - Severe Loss of Service - 6 working hours; 3 - Minor Loss of Service - 8 working hours; 4 - No Loss of service - 16working hours; 5 - No SLA - 24 working hours; ; Camms will have a dedicated Senior Project Manager, supported by a team of representations from management, technical and development support and professional services encompassing consulting and training. ; ; Following the delivery of the project, Camms will appoint a Key Account Manager, who is best resourced to look after organisations on an ongoing basis. The dedicated Account Manager will maintain regular contact and will act as a central point of contact should organisations encounter any difficulties or have any inquiries. This way, from sale to after care, Camms provides you with the best people with the best fit, to maximise our support to you.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Providing onsite training, online training based on the required and supporting user documentation.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: All data is given to the client in the form of excel sheets.
• End-of-contract process: Need more information.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: All functionalities are expected to work on both desktop and mobile in the same manner.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Camms applications are hosted in cloud environment and all the incident and service requests can be logged through the fresh desk incident reporting tool. In which aligns with SLA's to handle for all service requirements.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: Camms provide comprehensive API functionality to build middleware for our Camms.Connect (API connector) subscribers. With continued enhancements in relation to interoperability representing a key focus area for our product teams, our offering in this space continues to evolve.; ; Camms also supports the building of custom API to consume REST services. Please note that this would require additional efforts from Camms and would welcome the opportunity to explore this in further detail with the customer in due course.; ; Camms uses Swagger for documentation, which is the largest framework for designing APIs using a common language and enabling the development across the whole API lifecycle, including documentation, design, testing, and deployment.; ; Please find below our developer portal, which lists several of our documented / out of the box APIs.; ; https://developer.cammsconnect.com.au/
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Paid customer modifications - Functionality can be customised to match the client's requirements.; ; Configuration - configurations can be adjusted by the client system administrator.

Scaling

• Independence of resources: This is not a practice that we follow.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Camms solutions each have a range of standard reporting outputs which can be leveraged to export data out of the Camms platform in a range of formats (such as PDF, Word, and Excel). Further, it is common for organisation's to leverage APIs to export (or import data from Camms). As such, APIs are supported out of the box, and Camms preferred method of integration. As such, Camms has a number of standard APIs developed for both the import and export of data into our solutions with other web-based solutions used by customers – with our integration team consistently building more.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Excel
  • Word
  • PDF
  • XML
  • HTML
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • SSIS packages
  • APIs

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network: Other
• Other protection within supplier network: Refer service definition document attached.

Availability and resilience

• Guaranteed availability: Refer attached terms and conditions document.
• Approach to resilience: Refer attached service definition document.
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Refer attached service definition document.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Bureau Veritas Certification Holding SAS
• ISO/IEC 27001 accreditation date: 29/05/2021
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Refer attached service definition document.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Refer attached service definition document.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Camms hosted servers are running on Windows Server 2019 with latest security patches and with sophos antivirus real time monitoring. Further, it has protected with front ended two Azure firewall equipped with IPS and it will trigger alarm on any malicious activities. Any potential threats identified will be updated to the clients immediately via electronic communications tools. We have high security levels when trying to access the physical location of the solution - 5 Layer security system with 24*7 on-site security (incorporating Biometric systems and CCTV) ensuring access is limited to agreed, authorised Camms representatives and Azure personnel only.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Camms have private IAAS cloud setup in the UK. The Camms cloud is ISO/IEC 27001:2013 certified for compliance and annually audited and credited by authorised third parties. Products are hosted on CAMMS Azure cloud and same site redundant hardware and offsite backup is provided with 99.5% SLA. Camms hosted servers are running on Windows Server 2019 with latest security patches and with Sophos Antivirus real time monitoring. Further, it is protected with front ended two Azure firewalls equipped with IPS and it will trigger alarm on any malicious activities. We communicate this to the client immediately, via email.
• Incident management type: Supplier-defined controls
• Incident management approach: We utilise our own incident management software.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Equal opportunity:

  Equal opportunity

  Camms is an entrepreneurial, dynamic, fast-moving organisation that has continually expanded over the last 20+ years. We pride ourselves on our dynamic, flexible and diverse culture, and encourage applications from people with varied backgrounds to join our team. Camms recognises that Equal Employment Opportunity is a matter of employment obligation, social justice and legal responsibility – at the same time however, we also understand the value that different life experiences provide for our overall culture. As such, our hiring policy appreciates the fact that diversity is critical in ensuring we continue to provide solutions and services to our customers that are well-rounded and inclusive.

Pricing

• Price: £8 a person a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Refer attached service definition document.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tendersuk@cammsgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.