EVIDEN TECHNOLOGY SERVICES LIMITED

Managed Volunteer Portal

Managed_Volunteer_Portal is a cloud_based_service on that can be made available to support any kind of crisis or immediate requirement where volunteers can play a key role in supporting in the activities.
Volunteers can register and manage their application status. The workforce management module links volunteers with job functions and locations.

Features

  • Data collection from volunteers
  • Data analysis for volunteer analysis
  • Workforce management for job function allocation
  • Proven security capabilities and methodologies
  • Vertical and horizontal scalability
  • High availability
  • High bandwidth capability using Content Delivery Network
  • Service under ITIL V3 Standard
  • Monitoring tool

Benefits

  • Simple Intuitive based application for users and administrators
  • Workforce management and scheduling engine for volunteers
  • Secure individual, group or complete database communications
  • Regional deployment of data into Azure Public Cloud regions
  • Proven solution deployed to some of the largest global volunteering_programmes
  • Business hours support as standard and 24x7 support on request
  • Constant security patching
  • Available within 5 days from contracts
  • Additional complementary support services available from Eviden

Pricing

£546 a unit a day

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at opportunities@eviden.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

8 3 6 4 6 0 2 4 5 0 2 9 9 3 3

Contact

EVIDEN TECHNOLOGY SERVICES LIMITED Lisa Fitzgerald
Telephone: +447815611447
Email: opportunities@eviden.com

Service scope

Service constraints
Monthly Security Patching
The standard service will require an additional Level 1 volunteer service desk and telephony support and a Level 2 technical support in addition to the standard service. These are available from Atos as additional G-Cloud 12 services or from the SFIA rate card.
System requirements
  • Application built and owned by Atos
  • Application assumes that the Public Cloud will be Azure
  • Alternate Public clouds are available for evaluation
  • Customer will need to provide a level 1 service desk
  • Customer will need to provide a level 2 technical support
  • Level_1_service and Level_2_technical_support can be provided by Atos
  • System limited to 40 internal concurrent users
  • Systems limited to 1,000 external concurrent users

User support

Email or online ticketing support
Email or online ticketing
Support response times
Priority 1 – 95% in 4 Support Availability Hours
Priority 2 – 95% in 8 Support Availability Hours
Priority 3 – 95% in 2 Support Availability Days
Priority 4 – 95% in 5 Support Availability Days

Service handling Window – 5 days 10 hours Mon0Fri 08:00 to 18:00

The standard solution is business hours support 8am to 6pm Monday to Friday. Additional support requirements can be provided on request
User can manage status and priority of support tickets
No
Phone support
No
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
• Level-1 Support – This is to be provided by the Sponsor Organisation or alternate regional Atos service desk. The costs for the Atos Level-1 Service Desk are not included and are available either as an alternate G-Cloud 12 Service or resources based on the SFIA rate card.

• Level-2 Support – The Support Level-2 can be provided by the Sponsor Organisation or by an Atos support team. The costs for the Atos Level-2 support team are based on the SFIA rate card.

• Advanced Level-2 and Level-3 – The Advanced Level-2 and Level-3 support is provided by an Atos support team. The costs for the Atos Level-3 support team are based on the SFIA rate card.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Atos works with customer to assist the onboarding of services. The level of assistance will be dependent upon the commercial arrangements. On boarding can, where include: 1) Workshops 2) Solution reviews 3) Ad hoc guidance and support 4) Assistance with migration plans and activities The workshops may be at Atos premises or at customer defined locations
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Application reports and data extraction to a target agreed public cloud storage location. Data will be expunged from Managed Volunteer Portal.
End-of-contract process
Users are off-boarded, data is deleted, and the environment is decommissioned.

Using the service

Web browser interface
Yes
Using the web interface
The Workforce and Schedule modules are web-based application for accessing by the Sponsoring Organisation. External users login using a username and password.
Web interface accessibility standard
WCAG 2.1 AA or EN 301 549
Web interface accessibility testing
Our web based facilities are delivered to be compatible with all major, in support, web browsers, and as such can be used with external accessibility tools if required
API
Yes
What users can and can't do using the API
The data can be accessed by an API to support external applications.
API automation tools
Ansible
API documentation
Yes
API documentation formats
HTML
Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface
It will be managed by Atos Experts as part of the support service

Scaling

Scaling available
Yes
Scaling type
Automatic
Independence of resources
This is a dedicated service on the Azure Public Cloud
Usage notifications
No

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
Reporting types
Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
No
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
Yes
What’s backed up
Databases
Backup controls
Backups are performed by Atos experts
Datacentre setup
Single datacentre
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Service Availability SLA of 99.95%
Approach to resilience
The configuration is based on a single region in Azure. The data is backed up and if the service needed to be rebuilt in a different region, then the service would be re-installed, and the data restored from the backup.
Outage reporting
Email alerts

Identity and authentication

User authentication
Username or password
Access restrictions in management interfaces and support channels
Management is via dedicated virtual management LAN. Access to these LANs is controlled via 2FA. Only selected ports are permitted for management traffic.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Other
Description of management access authentication
Management is via 2FA.
Devices users manage the service through
Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
EY CertifyPoint
ISO/IEC 27001 accreditation date
10/12/2021
What the ISO/IEC 27001 doesn’t cover
Scope may be provided upon request.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
Blackfoot UK Ltd
PCI DSS accreditation date
11/12/2021
What the PCI DSS doesn’t cover
No non-covered scope. Scope may be provided upon request.
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
  • All certifications awarded to Azure
  • G-Cloud
  • UE Manual Clauses
  • GDPR
  • PASF
  • DPP

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
There is a dedicated cyber security team including a Security Manager reporting to the Security Director. Security Director is a member of Atos Major Events Executive Committee. There is a regular Security Advisory Board to review the organizational and project cyber security risks at the top management level.
Information security policies and processes
Please see above for the security team. On the one side, each of the delivery team is responsible for delivering a security service, where the security team lead the security definition and later, once services are implemented, execute security audits. On the other side, the security team is responsible for delivering some security services such as SOC, CSIRT, vulnerability assessment, etc (exact list of services varies per project).
There is a set of security policies and procedures defined. There are several ways we ensure those policies and procedures are followed:
• Regular awareness trainings
• Regular security audits
• Regular phishing campaigns

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Atos has processes and procedures in place covering operational security. Changes that impact security are covered at the Security Working Group. Atos procedures are ITIL compliant.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Atos has processes and procedures in place covering operational security. Changes that impact security are covered at the Security Working Group. Atos procedures are ITIL compliant.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
There are several ways we identify potential compromises:
• Through Atos SOC/CSIRT
• Using APT protection endpoint agents
• Security audits

In case a potential compromise is detected we trigger a security incident management procedure, and a crisis management procedure if needed.

The speed of response to a security incident depends on a severity of the impact.
Incident management type
Supplier-defined controls
Incident management approach
There is a general incident management process and there is a set of measures (e.g. in terms of containment, protection and recovery) that can be invoked depending on a service impacted.
Security incidents are reported using a standard incident reporting process.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
No

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
Atos uses its data centres in Longbridge and Birmingham Business Park (BBP), these have the following attributes: Longbridge: PUE value 1,16 - Indirect air cooling BBP: • PUE value 1,58 - Free cooling available Atos adheres to the COP 21 resolutions and is supporting the world effort to keep the global rise in temperature under 2°C in this century. Atos has committed to four new climate change initiatives. In 2017, the Science Based Targets initiative (SBTi) formally approved Atos’carbon emission targets. Atos has committed to adopt a science-based emissions reduction target. The Science Based Targets initiative (SBTi) has approved Atos’ targets here disclosed. Positioned by The Carbon Disclosure Project (CDP) in the Climate A group of climate leaders Atos is ranked as the most sustainable company in its industry group by the Dow Jones Sustainability Indices (DJSI) World and Europe. Recognized by the Global Reporting Initiative (GRI) standards Comprehensive option for its Corporate Responsibility integrated report In 2009, Atos was one of the first companies to join the Global Reporting Initiative (GRI) as organizational stakeholders. Since 2014, Atos is member of the <IR> Business Network and active participant on the <IR> Technology Initiative since its foundation in 2015.

Social Value

Fighting climate change

Fighting climate change

Atos commits to net-zero carbon emissions by 2028, setting one of the highest decarbonization standards for its industry. Global climate change is something for which we are all responsible. Conscious of the role we can play, Atos initiated a pioneering and ambitious environmental program 12 years ago. We remain committed to working to manage the challenges which climate change brings, now and in the future. As stated in our “raison d’être”, the ambition of Atos is to enable its customers, employees and members of society to live, work and develop sustainably, in a safe and secure information space.” Atos, has now committed to achieve net-zero carbon emissions by 2028, a date which is 22 years ahead of the ambitious aim of the UN Paris Agreement on Climate Change to limit the global warming of the planet to 1.5°C compared to pre-industrial levels (net-zero by 2050). This decision expands Atos’ ambitions on decarbonization even further, positioning decarbonization as a core element of its growth strategy and the Company as the decarbonization leader in its industry. The Atos Environmental Program will support these new climate change-related targets and goals through a variety of initiatives: to achieve ISO 140001 certification at our major offices and datacenters, improve the average power usage efficiency of our datacenters, decrease energy intensity, reduce business travel impacts as well as offer sustainable fully carbon-compensated services and new solutions to help Atos clients in improving decarbonization practices Progress on achieving the targets is publicly available. Not only are Atos’s Group Management Committee and the Board of Directors regularly informed of the progress made towards these targets, but Atos also operates incentive schemes for top managers to work to achieve these carbon targets, including the set-up of an internal carbon pricing impacting business results.
Equal opportunity

Equal opportunity

The Company is committed to advancing Equality, Diversity & Inclusion as a key feature in all its activities and is fully committed to the elimination of unlawful and unfair discrimination. To this end, Atos has adopted an Equality, Diversity & Inclusion Policy. Atos proactively seeks to drive an inclusive culture which promotes diversity of thought. We have a number of diversity & inclusion initiatives as part of our strategy. The Company aims to provide a working environment and culture which recognises and values differences between employees and to build a culture that values openness, fairness, and transparency. This Policy will be implemented across the Company, in all policies and procedures. This will include, but is not limited to: conditions of service, benefits and facilities and pay, recruitment, training and development, promotions, performance management process including appraisal systems etc. We say that our strategy is built around 8 pillars: 1. Inclusive leadership (e.g. embed Diversity & Inclusion in all development and talent programmes focused on our future leaders), 2. Employee lifecycle (e.g. ensure hiring managers undertake Diversity & Inclusion training), 3. Diversity networks, 4. Role models & supporters, 5. Monitoring & analytics, 6. Inclusive policies & benefits (e.g. removal of non-essential gendered language), 7. Clients & suppliers (e.g. encourage client facing staff to regularly update clients on the Diversity & Inclusion activity happening within Atos) and 8. Community engagement. Our commitment to Diversity & Inclusion has led us to be recognised in several high-profile awards including; 1. UK Best Employer for Race – Business in the Community 2018. 2. Gold accredited for Armed Forces Covenant. 3. Times Top 50 Employer for Women 2020 and 2021. 4. Shortlisted for HRD award in Diversity & Inclusion at HRD Summit 2019. 5. Ranked #40 in the Stonewall UK Top 100 Employers list for 2020.

Pricing

Price
£546 a unit a day
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Access to the test portal to gain user experience

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at opportunities@eviden.com. Tell them what format you need. It will help if you say what assistive technology you use.