Nineworks

Firearms Licensing Management

Provision of a Software as a Service solution which manages the application, management and decision making of Firearms, Shotguns and Explosives applications submitted to UK Police Forces. Hosted via cloud options, includes responsive design, email notifications, payments, workflow, work management, searches, role based functionality, document uploads, job documents, customisable content.

Features

• Processes 201 201v ER4 ER4a ER4b ER2 116 116a
• Configurable customer payments per form type including adding admin fees
• Team and task management of applications and allocated processing staff
• Document storage area for notes, key docs, images, scans etc
• Postcode lookup, applicant digital signatures, medical proforma and photo uploads
• User access and role/profile management to customise functionality
• Job documents with customisable workflow processes and assignment by postcode/area
• Activity audit trails, payment histories.
• Powerful search and customisable information displays
• Customisable security and content for branding, guidance, legal wording, emails.

Benefits

• Reduced cost of processing applications
• Increased throughput of application
• Data sharing across force colleagues
• MI and analytics on performance
• Provision of data for operational usage (locations of firearms)
• Reduced supervisory overhead of team and processing management
• Faster location of historical information and decisions
• Flexible, scaleable service
• Unlimited read only users included to enhance sharing
• Reactive and responsive design for use on most devices

£16,500 a licence a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andy.walton@ninesoftware.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

868243169093398

Contact

Andy Walton
07712535956
andy.walton@ninesoftware.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: Support is limited to 9-5 on working week days when English banks are open.
• System requirements:
  • Latest browser version installed
  • Internet access required

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Instant logging takes place however the response times are in line with the published SLA.; ; We operate Monday - Friday 9:00 to 17:00 excluding English Bank Holidays; We do not operate a weekend service at present for support.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide a single SLA with the solution. This has multiple escalation points and is available on request.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide training for the application either on site or by remote technology (as required) this is charged as a Training Cost.; ; The solution is preconfigured for the client ensuring that they are able to use the solution out of the box. We will assist by providing guidance to the customisable areas and boiler plate content that users can then use to customise or review internally as they see fit.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Users can obtain the data as CSV or we can provision a bespoke extraction for a cost.
• End-of-contract process: The contract allows for the hosted service whilst in contract. The client is free to end the service in line with the T&Cs and can easily port their data from the system.; ; We can help with this process if required for further cost. The contract does not include transition work to a new supplier.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The customer facing site is responsive, but the functionality remains the same as the desktop service.
• Service interface: No
• User support accessibility: WCAG 2.1 AAA
• API: Yes
• What users can and can't do using the API: A suite of standard APIs on the development roadmap to allow common usage scenarios such as:; - Data Transfer between the application and other 3rd party systems (such as Niche).; - Checking of specific information such as Postcodes; - Payments plug in to Gov Pay and Opayo (formerly SagePay); - 3rd Party Mapping; ; The development roadmap will progress in line with feedback from customer user groups.; ; Custom APIs can be created as per requirements from the Force customer as a chargeable extra.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Customisation is in many forms, the first is to tailor the domain and logo used within the system. Email content and policy information can be amended. ; ; Security/user access requirements can be adjusted to meet Force requirements including 2FA and password policy.; ; Differing payment modules can be implemented with costs and admin fees customised.; ; Mapping of postcodes, areas and managers can be performed.; ; The customisation is done via the user interface and is only available via the super user. Further customisation can be carried out at further cost upon support request.

Scaling

• Independence of resources: Each service has its own resources

Analytics

• Service usage metrics: Yes
• Metrics types: Force users can analyse the data within the application to understand the service usage statistics from the public or Force users.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Never
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Data at rest is protected via secure controls from our robust industry standard cloud provider options. Options for hosting can be discussed with the buyer and further information on various standards and certifications can be provided.
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be extracted to a CSV extract. We can arrange for a bespoke extract at extra cost.
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Force users can upload .jpg, .jpeg, .png, .tif, .tiff
  • Force users can upload .doc, .docx, .xls, .xlsx, .pdf
  • Force users can upload .txt, .txt, .csv, .zip, .archive
  • Maximum file size: 20 MB
  • Other formats for data installation accommodated as costed implementation service

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Our service model is based on ITILv3 best practices, the expectation is that Nine run as second line support, alongside your internal support who will triage and resolve basic user queries.; ; All initial “customer facing” requests should be directed to your internal IT team to establish if there is a hardware / infrastructure issue with the hosting. If it’s establish as a software issue then IT should contact Support@NineSoftware.co.uk with the description of the issue along with contact details for the colleague who logged the issue. This approach is so that the issue can be logged, triaged, and then resolved. Nine will then communicate with the IT team and colleague who highlighted the issue.
• Approach to resilience: Our software runs on industry standard resilient cloud platforms. Our resiliency information is available on request.
• Outage reporting: Email alerts are issued to clients.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: Access can be restricted via AD integration so that the Force can restrict access at all levels within the software back office.
• Access restrictions in management interfaces and support channels: Access is restricted via AD integration so that the Force can restrict access at all levels within the software.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Citation
• ISO/IEC 27001 accreditation date: 16/06/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: This is performed in line with our ISO27001 processes.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our process is:; ; Change request forms are submitted to your nominated client relationship manager who will assign a co-ordinator. ; ; All submitted change requests are logged throughout the lifecycle.; ; The Co-Ordinator conducts a preliminary analysis on the impact of the change to risk, security, cost, schedule, and scope.; ; The Co-Ordinator will submit the change request to the CCB for review.; ; If a change is approved by the CCB, the co-ordinator will update and re-baseline project documentation as necessary.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Applications and servers will be patched at a minimum of monthly. ; ; All servers will be checked for patches daily. In addition to this we deploy multiple Anti-Malware and Anti-Virus solutions (e.g. Microsoft Anti-Malware and Sophos or E-Set Antivirus solutions) with automated update checks anything up to hourly to keep abreast of any new issues.; ; Version control is used via robust practices.; ; We do operate a plan for analysis, assessment and remediation based on the CVE score.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: As Part of the hosted implementation, our team will identify vulnerabilities and as such patch them in line with our service offering.
• Incident management type: Supplier-defined controls
• Incident management approach: Incident management processes are in place and are actively deployed in response to security incidents.; ; Users report events via the published pre-defined support routes, should an incident occur, including escalation by telephone.; ; Incident reports are provided via email.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We have a carbon reduction plan in place with an efficient office space designed to reduce inefficiencies. We are committed to lowering our carbon footprint via a number of initiatives.

  Covid-19 recovery

  We support the colleagues working from home and encourage all those within the organisation to work from home whenever they feel unwell. We have onsite sanitation and Covid tests.

  Tackling economic inequality

  We implement a "local first" approach to our procurements and we ensure that our hiring process is accessible to all. We do not mandate degrees or qualifications from particular establishments. We work with local organisations who provide social good through charitable works, including community bakeries, food banks and organisations providing entrance opportunities to the IT industry.

  Equal opportunity

  We are committed to providing equal opportunity to all, and we have zero tolerance against discrimination in all of its forms. We are participants in Tech Talent Charter.

  Wellbeing

  We ensure the wellbeing of the team and look to support team members when needed. We have regular touchpoint with all of our colleagues and are committed to supporting them in their home or work office environments.

Pricing

• Price: £16,500 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andy.walton@ninesoftware.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.