OCEAN SOFTWARE PTY LTD

SmartBase

A COTS system that empowers collaboration and interoperability of functional areas of a base in real time. Enables optimised scheduling and communication of tasks involving people and assets across multiple locations. Provides configurable reporting and alerts for commanders and their teams through the consolidation of data and processes.

Features

• Collaborative scheduling and task tracking
• Graphical time, task and resource planning
• Parent & Child events
• People and asset management
• Notifications
• Real-time reporting
• Manpower rostering capability to manage complex teams and shifts
• AI and what-if scenario planning
• SMS, QMS and ORM tracking and reporting
• Conflict alerts

Benefits

• Available on multiple devices
• Single interoperable database across all units and locations
• Recruitment to retirement view of all personnel
• Single source of data truth from individual to command level
• Single digital interface to reduce training overhead and skill fade
• Open APIs for ‘enter once' culture and 3rd party integration
• Accredited on multiple networks from unrestricted to secret
• Software can be deployed in a disconnected environment
• At a glance Common Operating Picture of resources and availability

£8 to £64 a user a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jonw@ocean.com.au. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

855509002086141

Contact

Jon Windover
07957417490
jonw@ocean.com.au

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: The application is 100% web-based and can only be accessed from a web browser. Currently, only the major Chromium-based browser vendors are officially supported. This includes desktop versions of Google Chrome and Microsoft Edge. Access from a mobile or tablet device is not currently supported or optimised, but coming soon.
• System requirements:
  • Latest desktop version of Google Chrome or Microsoft Edge
  • Javascript enabled in the browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 24 hrs during the week. ; Greater coverage is open to negotiation.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Level 1 - first response helpdesk dealing with queries/questions ; Level 2 - direct customer follow up if L1 requires further investigation ; Level 3 - provide escalation and resolution of issues that cannot be resolved with L1 and L2 support. Typically technical and non-functional.; Ocean also has the provision for an on-site support representative.; Cost for all services are subject to multiple pricing frameworks.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Ocean Software provides implementation and training services. We deliver training to primarily two levels of users: basic and advanced.; ; Basic Training is intended for regular and non-expert users. This level of training is typically delivered through webinar, paired with the knowledge base and step-by-step user guides to work through the common functions of the software. This can include On the Job Training (OJT) to demonstrate the software's capability within the Customer's business process.; ; Advanced Training is intended for Subject Matter Experts (SME) and Super User Groups (SUG). Due to the flexibility within the software to be configured to meet the Customer’s requirements, this training is delivered through one-on-one sessions and OJT, with the support of the knowledge base, step-by-step user guides and 'in app' tool tips. It allows configuration of the software to be applied whilst allowing training users to make future configuration changes once implementation is complete.; ; All instruction and deliverables are available in English only.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: The data is owned by the Customer who can therefore export their data at any time from the platform into a standard format such as CSV. Data can also be accessed and exported using the API.
• End-of-contract process: Access to the application is disabled at the end of the contract. The Customer can extract data prior to the end of contract.; ; Ocean will securely keep the data for 90 days post the end of the contract in case the data is required before being erased from the platform.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: Yes
• Compatible operating systems: Windows
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: The API is able to provide approved third party systems with secure, authenticated access to all core information entities, including events, assets, people, locations, currencies and qualifications. This access will enable information to be created, searched, retrieved and updated through system-to-system integration.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: SmartBase is designed to be fully configurable to the needs of each section of a military unit. All modules and data are configurable. Ocean, or the customer can do this.

Scaling

• Independence of resources: Ocean analyses the system's resources used by the service and can evaluate and perform scale up and scale down of infrastructure to support higher volume processing. If some customers are consistently using excessive system resource, they can be moved to a higher performing system to ensure performance levels are met across all customers.; ; Ocean also performs connection rate limiting to the system, ensuring fair usage of the services available for use of the software application.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Customers are able to export their data at any time from various screens into CSV files.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: SmartBase has a guaranteed availability of 99.95% with a financial compensation scheme available.; ; If customers choose a self-hosted deployment option, the availability guarantee does not apply.
• Approach to resilience: This is available on request
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Username or password
  • Other
• Other user authentication: Ip Based Approval
• Access restrictions in management interfaces and support channels: Data is stored in an encrypted database and can only be accessed by specific users with strict access controls with just-in-time permissions.; ; Support can be provided temporary access through customer configured permissions when necessary, as well as providing remote viewing capability if required.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Our security governance is based on ISO 27001, OWASP, UK Cyber Essentials and NIST standards, We are not certified due to the high cost of certification and non requirement currently by our customers. We are certified to UK Cyber Essentials.
• Information security policies and processes: Ocean has an extensive Information Security policy which is documented as part of its employee guidelines. This policy has been certified as compliant to UK Cyber Essentials standards. Ocean also has a Cyber Incident response plan, which details the response to any Cyber incident. ; Ocean has appointed a CISO and CSO. These positions report directly to the CEO. ; A combination of monitoring and policy enforcement are used to ensure the policies are followed. All employees also sign the policy and if they utilise BYOD devices also separately sign a BYOD policy.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes to the system are documented using Use Cases in Azure Devops. ; All code changes are checked both Automatically using Code compliance tools and manual through Peer Code Reviews. ; the OWASP SAMM model is used as our model for security development process.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Penetration testing is performed at least once a year on our system, This is arranged either independently by our customers or by Ocean should a customer lead test not be performed in a 12 month period. ; The Results of the test are determined, any High security threats are rectified within the next release (3 months per release), Mediums are rectified with 12 months and Low's are assessed if they require rectification.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: IP based access monitoring is performed daily, with alerts raised automatically should non recognised IP's attempt to gain access multiple times, or multiple IP's attempt to gain access at the same time.; Password access failures are monitored on a daily bases for patterns of behaviour. Alerts of multiple password failures are generated automatically. ; IP's are blocked (Not only user accounts) where multiple attempts are unusual behaviour is observed.
• Incident management type: Supplier-defined controls
• Incident management approach: Ocean has a Cyber Response Plan, this is based on the Standard Australian Cyber Response Plan template and includes all areas of response.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Ocean Software maintains an environmentally responsible ethos; it is committed to combating climate change and to positively influencing sustainable, environmentally friendly practices and principles.; ; Practices such as recycling of everyday ‘end of use’ items and materials, including glass, plastics, paper and consumables (such as printer toners and cartridges) are routinely enforced, as is the recycling of all retired hardware. Additionally, Ocean Software upholds a strict policy of minimising employee carbon footprint by employing virtual meeting practices whenever possible in preference to arranging in-person meetings that would otherwise require public or private transport or air travel.
• Covid-19 recovery:

  Covid-19 recovery

  Through revised internal processes and with a focus on business continuity principles, Ocean Software continued to provide full employment throughout the pandemic, maintaining successful outcomes in research, software product development, and growth opportunities for both internal and external stakeholders.; ; Ocean Software has continued to adapt its business practices to meet the evolving needs of post-COVID society. Examples include: providing flexibility around how and where staff work, including remote working, as well as maintaining a COVID-safe physical office space; introducing frequent virtual social gatherings to mitigate loneliness; and creating a Head of People and Culture senior leadership position to manage the business implications of COVID-19 legislation and its physical and psychological impact on employees.
• Equal opportunity:

  Equal opportunity

  Ocean Software’s Employment Guidelines provide for Equal Opportunity. Policy objectives aim to ensure:; - The elimination of discrimination, sexual harassment and victimisation to the greatest extent possible.; - The promotion and protection of the right to equality in line with the Charter of Human Rights.; - The encouragement of continual improvement via the ongoing review, identification and elimination of systemic causes and introduction of new and innovative best practices.; ; Ocean Software's commitment to Equal Opportunity extends to: the selection of contractors and all business parties and interactions; mentor and development programs; internal policies, including that of its Code of Conduct; the balance of women in leadership; and a diverse workforce.
• Wellbeing:

  Wellbeing

  Ocean Software’s commitment to Health & Wellbeing includes a long-standing contract with its Wellbeing provider, which entails a variety of programs and initiatives ranging from physical fitness to financial fitness initiatives, through to physical health checks and vaccination programs.; ; Additionally, Ocean Software has extended its offering to provide an Employee Assistance Program, which has made available counselling services to all staff and includes online resources through a privately accessed portal.; ; To better understand the factors important to and impacting on its workforce, Ocean Software has established a self-nominated ‘Social and Employee Engagement Group’. In liaison with management, this team of 5 staff represents the voice of the workforce.; ; Collectively, all Wellbeing initiatives aim to provide an engaging, healthy, and motivating working environment.

Pricing

• Price: £8 to £64 a user a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jonw@ocean.com.au. Tell them what format you need. It will help if you say what assistive technology you use.