Managed Volunteer Portal
Managed_Volunteer_Portal is a cloud_based_service on that can be made available to support any kind of crisis or immediate requirement where volunteers can play a key role in supporting in the activities.
Volunteers can register and manage their application status. The workforce management module links volunteers with job functions and locations.
Features
- Data collection from volunteers
- Data analysis for volunteer analysis
- Workforce management for job function allocation
- Proven security capabilities and methodologies
- Vertical and horizontal scalability
- High availability
- High bandwidth capability using Content Delivery Network
- Service under ITIL V3 Standard
- Monitoring tool
Benefits
- Simple Intuitive based application for users and administrators
- Workforce management and scheduling engine for volunteers
- Secure individual, group or complete database communications
- Regional deployment of data into Azure Public Cloud regions
- Proven solution deployed to some of the largest global volunteering_programmes
- Business hours support as standard and 24x7 support on request
- Constant security patching
- Available within 5 days from contracts
- Additional complementary support services available from Eviden
Pricing
£546 a unit a day
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
8 3 6 4 6 0 2 4 5 0 2 9 9 3 3
Contact
EVIDEN TECHNOLOGY SERVICES LIMITED
Lisa Fitzgerald
Telephone: +447815611447
Email: opportunities@eviden.com
Service scope
- Service constraints
-
Monthly Security Patching
The standard service will require an additional Level 1 volunteer service desk and telephony support and a Level 2 technical support in addition to the standard service. These are available from Atos as additional G-Cloud 12 services or from the SFIA rate card. - System requirements
-
- Application built and owned by Atos
- Application assumes that the Public Cloud will be Azure
- Alternate Public clouds are available for evaluation
- Customer will need to provide a level 1 service desk
- Customer will need to provide a level 2 technical support
- Level_1_service and Level_2_technical_support can be provided by Atos
- System limited to 40 internal concurrent users
- Systems limited to 1,000 external concurrent users
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Priority 1 – 95% in 4 Support Availability Hours
Priority 2 – 95% in 8 Support Availability Hours
Priority 3 – 95% in 2 Support Availability Days
Priority 4 – 95% in 5 Support Availability Days
Service handling Window – 5 days 10 hours Mon0Fri 08:00 to 18:00
The standard solution is business hours support 8am to 6pm Monday to Friday. Additional support requirements can be provided on request - User can manage status and priority of support tickets
- No
- Phone support
- No
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
• Level-1 Support – This is to be provided by the Sponsor Organisation or alternate regional Atos service desk. The costs for the Atos Level-1 Service Desk are not included and are available either as an alternate G-Cloud 12 Service or resources based on the SFIA rate card.
• Level-2 Support – The Support Level-2 can be provided by the Sponsor Organisation or by an Atos support team. The costs for the Atos Level-2 support team are based on the SFIA rate card.
• Advanced Level-2 and Level-3 – The Advanced Level-2 and Level-3 support is provided by an Atos support team. The costs for the Atos Level-3 support team are based on the SFIA rate card. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Atos works with customer to assist the onboarding of services. The level of assistance will be dependent upon the commercial arrangements. On boarding can, where include: 1) Workshops 2) Solution reviews 3) Ad hoc guidance and support 4) Assistance with migration plans and activities The workshops may be at Atos premises or at customer defined locations
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- Application reports and data extraction to a target agreed public cloud storage location. Data will be expunged from Managed Volunteer Portal.
- End-of-contract process
- Users are off-boarded, data is deleted, and the environment is decommissioned.
Using the service
- Web browser interface
- Yes
- Using the web interface
- The Workforce and Schedule modules are web-based application for accessing by the Sponsoring Organisation. External users login using a username and password.
- Web interface accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web interface accessibility testing
- Our web based facilities are delivered to be compatible with all major, in support, web browsers, and as such can be used with external accessibility tools if required
- API
- Yes
- What users can and can't do using the API
- The data can be accessed by an API to support external applications.
- API automation tools
- Ansible
- API documentation
- Yes
- API documentation formats
- HTML
- Command line interface
- Yes
- Command line interface compatibility
-
- Linux or Unix
- Windows
- MacOS
- Using the command line interface
- It will be managed by Atos Experts as part of the support service
Scaling
- Scaling available
- Yes
- Scaling type
- Automatic
- Independence of resources
- This is a dedicated service on the Azure Public Cloud
- Usage notifications
- No
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- HTTP request and response status
- Memory
- Reporting types
- Real-time dashboards
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
- Physical access control, complying with another standard
- Data sanitisation process
- No
- Equipment disposal approach
- A third-party destruction service
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
- Databases
- Backup controls
- Backups are performed by Atos experts
- Datacentre setup
- Single datacentre
- Scheduling backups
- Supplier controls the whole backup schedule
- Backup recovery
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- Service Availability SLA of 99.95%
- Approach to resilience
- The configuration is based on a single region in Azure. The data is backed up and if the service needed to be rebuilt in a different region, then the service would be re-installed, and the data restored from the backup.
- Outage reporting
- Email alerts
Identity and authentication
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
- Management is via dedicated virtual management LAN. Access to these LANs is controlled via 2FA. Only selected ports are permitted for management traffic.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Other
- Description of management access authentication
- Management is via 2FA.
- Devices users manage the service through
- Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- EY CertifyPoint
- ISO/IEC 27001 accreditation date
- 10/12/2021
- What the ISO/IEC 27001 doesn’t cover
- Scope may be provided upon request.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- Blackfoot UK Ltd
- PCI DSS accreditation date
- 11/12/2021
- What the PCI DSS doesn’t cover
- No non-covered scope. Scope may be provided upon request.
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
-
- All certifications awarded to Azure
- G-Cloud
- UE Manual Clauses
- GDPR
- PASF
- DPP
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- There is a dedicated cyber security team including a Security Manager reporting to the Security Director. Security Director is a member of Atos Major Events Executive Committee. There is a regular Security Advisory Board to review the organizational and project cyber security risks at the top management level.
- Information security policies and processes
-
Please see above for the security team. On the one side, each of the delivery team is responsible for delivering a security service, where the security team lead the security definition and later, once services are implemented, execute security audits. On the other side, the security team is responsible for delivering some security services such as SOC, CSIRT, vulnerability assessment, etc (exact list of services varies per project).
There is a set of security policies and procedures defined. There are several ways we ensure those policies and procedures are followed:
• Regular awareness trainings
• Regular security audits
• Regular phishing campaigns
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Atos has processes and procedures in place covering operational security. Changes that impact security are covered at the Security Working Group. Atos procedures are ITIL compliant.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Atos has processes and procedures in place covering operational security. Changes that impact security are covered at the Security Working Group. Atos procedures are ITIL compliant.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
There are several ways we identify potential compromises:
• Through Atos SOC/CSIRT
• Using APT protection endpoint agents
• Security audits
In case a potential compromise is detected we trigger a security incident management procedure, and a crisis management procedure if needed.
The speed of response to a security incident depends on a severity of the impact. - Incident management type
- Supplier-defined controls
- Incident management approach
-
There is a general incident management process and there is a set of measures (e.g. in terms of containment, protection and recovery) that can be invoked depending on a service impacted.
Security incidents are reported using a standard incident reporting process.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- No
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
- Atos uses its data centres in Longbridge and Birmingham Business Park (BBP), these have the following attributes: Longbridge: PUE value 1,16 - Indirect air cooling BBP: • PUE value 1,58 - Free cooling available Atos adheres to the COP 21 resolutions and is supporting the world effort to keep the global rise in temperature under 2°C in this century. Atos has committed to four new climate change initiatives. In 2017, the Science Based Targets initiative (SBTi) formally approved Atos’carbon emission targets. Atos has committed to adopt a science-based emissions reduction target. The Science Based Targets initiative (SBTi) has approved Atos’ targets here disclosed. Positioned by The Carbon Disclosure Project (CDP) in the Climate A group of climate leaders Atos is ranked as the most sustainable company in its industry group by the Dow Jones Sustainability Indices (DJSI) World and Europe. Recognized by the Global Reporting Initiative (GRI) standards Comprehensive option for its Corporate Responsibility integrated report In 2009, Atos was one of the first companies to join the Global Reporting Initiative (GRI) as organizational stakeholders. Since 2014, Atos is member of the <IR> Business Network and active participant on the <IR> Technology Initiative since its foundation in 2015.
Social Value
- Fighting climate change
-
Fighting climate change
Atos commits to net-zero carbon emissions by 2028, setting one of the highest decarbonization standards for its industry. Global climate change is something for which we are all responsible. Conscious of the role we can play, Atos initiated a pioneering and ambitious environmental program 12 years ago. We remain committed to working to manage the challenges which climate change brings, now and in the future. As stated in our “raison d’être”, the ambition of Atos is to enable its customers, employees and members of society to live, work and develop sustainably, in a safe and secure information space.” Atos, has now committed to achieve net-zero carbon emissions by 2028, a date which is 22 years ahead of the ambitious aim of the UN Paris Agreement on Climate Change to limit the global warming of the planet to 1.5°C compared to pre-industrial levels (net-zero by 2050). This decision expands Atos’ ambitions on decarbonization even further, positioning decarbonization as a core element of its growth strategy and the Company as the decarbonization leader in its industry. The Atos Environmental Program will support these new climate change-related targets and goals through a variety of initiatives: to achieve ISO 140001 certification at our major offices and datacenters, improve the average power usage efficiency of our datacenters, decrease energy intensity, reduce business travel impacts as well as offer sustainable fully carbon-compensated services and new solutions to help Atos clients in improving decarbonization practices Progress on achieving the targets is publicly available. Not only are Atos’s Group Management Committee and the Board of Directors regularly informed of the progress made towards these targets, but Atos also operates incentive schemes for top managers to work to achieve these carbon targets, including the set-up of an internal carbon pricing impacting business results. - Equal opportunity
-
Equal opportunity
The Company is committed to advancing Equality, Diversity & Inclusion as a key feature in all its activities and is fully committed to the elimination of unlawful and unfair discrimination. To this end, Atos has adopted an Equality, Diversity & Inclusion Policy. Atos proactively seeks to drive an inclusive culture which promotes diversity of thought. We have a number of diversity & inclusion initiatives as part of our strategy. The Company aims to provide a working environment and culture which recognises and values differences between employees and to build a culture that values openness, fairness, and transparency. This Policy will be implemented across the Company, in all policies and procedures. This will include, but is not limited to: conditions of service, benefits and facilities and pay, recruitment, training and development, promotions, performance management process including appraisal systems etc. We say that our strategy is built around 8 pillars: 1. Inclusive leadership (e.g. embed Diversity & Inclusion in all development and talent programmes focused on our future leaders), 2. Employee lifecycle (e.g. ensure hiring managers undertake Diversity & Inclusion training), 3. Diversity networks, 4. Role models & supporters, 5. Monitoring & analytics, 6. Inclusive policies & benefits (e.g. removal of non-essential gendered language), 7. Clients & suppliers (e.g. encourage client facing staff to regularly update clients on the Diversity & Inclusion activity happening within Atos) and 8. Community engagement. Our commitment to Diversity & Inclusion has led us to be recognised in several high-profile awards including; 1. UK Best Employer for Race – Business in the Community 2018. 2. Gold accredited for Armed Forces Covenant. 3. Times Top 50 Employer for Women 2020 and 2021. 4. Shortlisted for HRD award in Diversity & Inclusion at HRD Summit 2019. 5. Ranked #40 in the Stonewall UK Top 100 Employers list for 2020.
Pricing
- Price
- £546 a unit a day
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- Access to the test portal to gain user experience