Datasoft Computing

STARS

Functionality includes a very flexible resource scheduler for administration of station flying programmes, these can easily be combined for Command/Type overview. An ATC Movements module tracks landing, take-offs, and Airfield State details for all aerodromes. Other functionality includes resource management, crew currencies, training records, engineering authorisations, messaging and reporting.

Features

• Graphical scheduling of resources including Personnel, Aircraft, Airfield equipment, Transport
• Flying programme administration for station/Command/Type
• Add details to scheduling events and electronic flight authorisation
• ATC Movements and current Airfield State display
• Comprehensive currency tracking system for personnel
• Engineering authorisation tracking system
• Visiting Aircraft administration including Landing Fee Invoices
• Personnel management
• Messages and Email notification system
• Reports

Benefits

• Interoperability with other systems via REST API and webhooks
• IPAD compatibility
• Scalable design for better performance
• Outlook integration
• Low MOD Cloud hosting costs
• Easy maintenance system
• Integral performance and error tracking

£615,850 a unit a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at peterhails@datasoftcomputing.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

819053231697481

Contact

Peter Hails
01635528020
peterhails@datasoftcomputing.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: No
• System requirements:
  • Database server - Windows 2016+ Server, SQL Server 2016+
  • Kubernetes cluster

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Email support provided Mon to Fri 0900 - 1700 within 1 hour
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: As part of annual cost 0900-1700 support provided Mon to Fri. Technical Account Manager provided.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Skype online training can be provided and exceptionally onsite training can be arranged.; ; The application has an online user guide and help system.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: The data is owned by the MOD and will be installed on a MOD sponsored hosting platform. On completion of the contract, the STARS components on the platform would be removed by DataSoft. The raw data would remain in the SQL database, which authorized MOD personnel would have ownership of and access to. Transfer latest copy of the database.
• End-of-contract process: DataSoft would arrange with the MOD to remove the STARS components from the hosting platform, with the raw data remaining in place. Any accounts supplied to DataSoft by the MOD, (MODNET, ACE Subscription etc), would be terminated and any hardware supplied by the MOD, to allow DataSoft to support users of the application, would be returned. Provide a data dictionary document describing the data schema and how fields map to the user interface. Provide latest API documentation (currently accessible via https://app.stars.iace.mod.gov.uk/#doc). Once confirmed that all required artifacts have been downloaded, all services will be removed from the Azure environment. The supplier will then notify the buyer and the Azure subscription can then be deleted.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Service is usable on tablet devices
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: STARS exposes a REST API through which users can query and integrate with the application. This can be used to provide custom dashboard through tools like Power BI as well as enabling more complex integrations. Users are permitted the same access as they have via the web interface.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The system has a wide range of configuration pages through which authorised users can configure the behaviour of the application.

Scaling

• Independence of resources: STARS has been built following a microservices architecture. Services are hosted in a managed cluster and can be scaled independently to ensure acceptable system performance.

Analytics

• Service usage metrics: Yes
• Metrics types: User login and active account metrics are available from the Home page and via an API call
• Reporting types:
  • API access
  • Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Users can make use of the REST API to extract or import data; Additionally the application supports import/export functionality using a custom extract to allow users to take portions of application data offline
• Data export formats: Other
• Other data export formats:
  • JSON
  • XML
  • Application export
• Data import formats: Other
• Other data import formats:
  • JSON
  • XML
  • Application import

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: Other
• Other protection within supplier network: The network is a private subnet with no access from outside other than by defined rules, e.g. HTTP/HTTPS

Availability and resilience

• Guaranteed availability: The availability of the application has been outlined in the DART entry for the current iteration of STARS, and this level of availability will be maintained for the new web-based version. The availability has been set as 99.9%; this reflects the importance of the application in supporting live flying operations, but also allows for some small downtime to support upgrades, all of which are pre-notified. The availability is primarily dependent on the hosting platform on which the application sits, the current version of the application has proven to be very robust, and we expect the later version to perform at least as well.
• Approach to resilience: Application operates within a managed cluster that allows multiple microservices to be run in parallel affording fault tolerance. We maintain a disaster-recovery environment that can be started up in the event of a failure within the primary cloud-hosted region.
• Outage reporting: Users can access an About page that reports health of each microservice API. In the event of a widespread system outage, users would be notified via email and the system migrated to the disaster recovery environment.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Management access is possible through cloud portal which requires multi-factor authentication. Additionally access to logging and monitoring sites is restricted via IP address,
• Access restriction testing frequency: Never
• Management access authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Staff have MOD SC Clearance

Security governance

• Named board-level person responsible for service security: No
• Security governance certified: No
• Security governance approach: Staff have MOD SC Clearance
• Information security policies and processes: Staff have MOD SC Clearance

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes to the application are made in a source-control system and assigned a version number. Changes are reviewed and passed through a continuous integration pipeline to ensure quality. All potential updates are tested internally by DataSoft, prior to being installed on the MOD supplied hosting platform. Initially the update will be installed on the Training and Development servers, where it will be tested by the System Administrators to ensure no issues with functionality or software bugs exist, including those related to the security on logon processes.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: The software is monitored to identify unusual activity. Operating system security patches are applied automatically when run within a managed cloud environment, eg. Azure. Software patches will aim to be applied within 24 hours. Threats are identified through logs and monitoring dashboards with reference to attack vectors identified via penetration testing, OWASP.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Key areas of the system are audited. The audit logs for these areas are visible to users allowing them to assist in identifying misuse of the API. In addition to this all accesses to the API are logged allowing detailed investigation into any incidents.; ; We are able to quickly modify security permissions via the application interface if the issue was configuration-related. This can be done at the instant the issue is identified. Software changes can be applied within 24 hours.
• Incident management type: Undisclosed
• Incident management approach: Incident reporting is based on a hierarchical system, with users reporting to the Unit and Station Administrators, who can raise to the System Administrators should the severity warrant it. Common events are dealt with through this hierarchical management structure. Incidents and resolution would be detailed in an incident report which the System Administrators would be able to provide through ISS to those with a role in managing and resolving the incident.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Reduce energy usage across the company.; Usage of electricity smart meters.; Investigate the addition of solar panels.

Pricing

• Price: £615,850 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at peterhails@datasoftcomputing.com. Tell them what format you need. It will help if you say what assistive technology you use.