2iC Limited

2iC TRUST for Lean Services Architecture

2iC TRUST is commercial-off-the-shelf (COTS) cross-domain software that delivers assured digital interoperability between devices, systems and networks across different trust domains. These differing trust domains can be defined by different security classifications or different boundaries where there is a need to separate systems, information and equipment.

Features

• Delivers two-way security
• Controls flow of information between trust domains, including fine-grained content-checking.
• NCSC guidance pattern compliant protocol break for safely importing data

Benefits

• Rapidly adaptable to meet new or evolving operational requirements
• Runs on vehicle-borne, wearable and unattended platforms and enterprise network-devices
• Protects your system from being compromised by the connected system

£20,000 an instance

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@2icworld.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

849380007885938

Contact

Tom Berry
02081237479
sales@2icworld.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: 2iC TRUST software is an enhancement of the Lean Services Architecture and Decentralised Operating Procedures capability as it controls the flow of information and, content-checking, delivers two-way security with the necessary protocol breaks.; 2iC NODE - Manages the locally-connected Lean Services systems and connections to/from other networked nodes.
• Cloud deployment model: Public cloud
• Service constraints: Nil
• System requirements:
  • Microsoft Windows
  • Linux
  • C++
  • Java
  • Android
  • X86/x64/ARM32/64

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 2iC aim to respond to questions within 24 hours. If question asked at the weekend, 2iC will aim to respond the next working day within a 24 hour period.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Web Portal Support via Service Desk (24/7 availability).; Email support (responses only between 9am-5pm GMT).; Onsite support, charged at £1200 to £1500 per day plus T&S at cost.; Premium support via phone 9-5pm (GMT) £3000 per year, minimum 12 months contract.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Provide access to Help Desk email support, license keys setup and self-service training modules. Onsite training for both group and 1:1. Wiki access for all available documentation Premium support/consulting days at extra cost.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Discuss on a customer by customer basis.
• End-of-contract process: Organisation and users are deactivated unless renewal, Web and email support included in price, Wiki access included in price, Onsite services at additional cost, Onsite training at additional cost. Access to self service modules at addition cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: The 2iC Lean Services Software Development Kit (SDK) provides a simple way for customers, partners and suppliers to build systems and adaptors for their systems that expose Lean Services compliant calls and events. The SDK contains example code and all the necessary object code and source files needed to develop Lean Services interfaces. Online documentation is available and the SDK are available for: Java C++ (Win & Linux) Android, 8 and 32 bit Microcontrollers
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: Hosted management of elasticity of resources.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Other than support tickets, no data is retained.
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Lean Services Definition Files
  • Barrier Validation Rules

Data-in-transit protection

• Data protection between buyer and supplier networks: Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network: Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: As defined by hosting partner.
• Approach to resilience: As defined by hosting partner.
• Outage reporting: As defined by hosting partner.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: Through user roles and groups Application administrators have full access to system. No user has direct access to hosting services or infrastructure management.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: All user accounts must have a uniquely named user. All user credentials must be changed on a regular basis. All user credentials must be alphanumeric and special symbol compliant. All organisations on single instances and separated URL/URI access can be both private and public.
• Information security policies and processes: The CEO is accountable to the 2iC Board for ensuring that appropriate policies are in place and adhered to across the business. Head of Operations manages the day-to-day security activities, production of and adherence to associated security policies; policies that are reviewed annually. The HoO also ensures employees, partners, 3rd parties and customers adhere to security policies.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Full DevOps processes in place for all components of service, with continuous integration, delivery and deployment using Atlassian tool set . Customer feedback, roadmap and defect management items are reviewed, prioritised and scheduled for release accordingly. As part of DevOps process, security and performance are tested per build release.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: As part of DevOps process, threats are proactively accessed and addressed as part the build/test process. Releases, patches and updates can be deployed weekly or as necessary Threats are identified by understanding current trends, known vulnerabilities, injection and penetration testing.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Managed by hosting supplier.
• Incident management type: Supplier-defined controls
• Incident management approach: Default process is to log a ticket with 2iC Service Desk hosted by Atlassian. User are also able to send an email requesting help or to ask a question. No incidents reports as information provided online through Service Desk per organisation.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  At 2iC Limited, we are dedicated to minimising our environmental footprint and the impact of our activities. Our environmental strategy includes:; - Minimising waste by optimising our operational efficiency.; - Reducing toxic emissions through strategic selection of power sources.; - Promoting recycling internally and among our customers and suppliers.; - Sourcing eco-friendly products to lessen the environmental impact from production to distribution.; - Complying with environmental legislation, ensuring that all our practices meet or exceed regulatory standards.; ; Our commitment extends to promoting green travel options through our electric car scheme, encouraging employees to adopt more sustainable travel habits.

  Covid-19 recovery

  2iC continues to prioritise the safety and flexibility of its workforce amidst ongoing recovery from COVID-19. We uphold a robust work-from-home policy to ensure continuity and safety, complemented by stringent safety protocols in our offices and at customer sites. Our employees and subcontractors are empowered to vacate any site that does not meet our rigorous safety standards, ensuring their health and security at all times.; ; Additionally, our electric car scheme exemplifies our dedication to sustainable travel, providing eco-friendly and socially-distanced commuting options for our employees when remote working is not feasible. This initiative is part of our broader commitment to environmental sustainability and employee well-being.

  Tackling economic inequality

  As a SME with a dispersed workforce across England, 2iC actively contributes to economic development in various regions, not just in our base in London. Our remote work policy facilitates economic opportunities outside major urban centres, fostering regional economic balance.; ; We also support working parents by offering childcare tax credit support, removing significant barriers to employment and supporting career progression and stability.; ; 2iC are very active in the UK SME sector with the 2iC CEO, Graham Booth, chairing the techUK (trade body) SME forum and the MOD DSF SME Metrics and Transparency workstream which is focused on improving SME access and visibility across the MOD and Primes in order to address systemic economic inequality. These roles provide an SME voice direct to Ministers and MOD Senior Leadership.

  Equal opportunity

  2iC is committed to creating an inclusive and fair working environment where opportunities are based on merit and individual capabilities. We have zero tolerance for discrimination, harassment, or bullying based on sex, race, nationality, ethnic origin, marital status, sexual orientation, health status, disability, faith, religion, or any similar grounds. Such behaviours are treated as gross misconduct within our company.; ; We are signatories to the Armed Forces Covenant and our employment of a high percentage of Armed Forces Veterans enables us to harness a wide range of skills and experiences, fostering a culture of innovation and business growth.; ; Additionally, 2iC sponsors London Welsh Rugby and we are the first ever dedicated shirt sponsor for the women’s team.

  Wellbeing

  2iC is devoted to the health, safety, and overall well-being of our staff, whether they are employees or contractors, and extends this care to visitors and guests at our premises or external sites. We offer a comprehensive healthcare plan to all employees, underscoring our commitment to their physical and mental health. At 2iC, health issues, whether physical or mental, are treated with equal importance, supported by a range of proactive and reactive health and wellbeing measures to ensure a supportive workplace environment.

Pricing

• Price: £20,000 an instance
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Controlled access for an agreed period of time and based on customer requirements.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@2icworld.com. Tell them what format you need. It will help if you say what assistive technology you use.