Skip to main content

Help us improve the Digital Marketplace - send your feedback

Storetec Services Ltd

MDI Cloud

MDI Cloud is an accessible, secure document and content management platform, offering a straightforward way to organise, manage, and collaborate on documents without overwhelming complexity or cost. Supporting organisations as they grow and adapt.

Features

  • Multi format document and content management and viewing
  • Full text content search
  • Access controls & security groups
  • Single sign-on & Multi-Factor Authentication (MFA)
  • Version control & document retention management
  • E-signature & collaboration tools
  • Workflow & e-forms
  • Email integration
  • Secure cloud storage
  • AI Tools

Benefits

  • Instant access to all document formats within one platform
  • Quickly find information with powerful OCR search capabilities
  • Tailor access and user privileges to your own security policies
  • Protect your information with additional layers of security
  • Ensure compliance and chain of custody
  • Streamline signing processes and enhance team collaboration
  • Automate business processes and eliminate paper-based forms
  • Ingest and index email attachments automatically with no user interaction
  • Dedicated 24/7 access with no dependency on a centralised infrastructure
  • Save time interrogating key information using intelligent AI tools

Pricing

£190 a licence

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@storetec.net. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

8 9 0 9 1 8 3 7 1 5 7 4 8 9 1

Contact

Storetec Services Ltd Owen Hammond
Telephone: 01482608630
Email: tenders@storetec.net

Service scope

Software add-on or extension
No
Cloud deployment model
Hybrid cloud
Service constraints
None
System requirements
  • Web browser
  • Internet access

User support

Email or online ticketing support
Email or online ticketing
Support response times
4 working hours
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Full support for the system is provided within working hours (Mon-Fri, 8am - 5pm). System uptime is guaranteed at 99.99% and is closely monitored against this SLA 24/7.

All standard support is included as part of the service. 24/7 dedicated support can be provided for an additional cost.

The following response times are followed:

P1 Critical - Response within 30 minutes, fix within 2 hours.
P2 Serious - Response within 1 hour, fix within 3 hours.
P3 Priority - Response within 2 hours, fix within 4 hours.
P4 Nuisance - Response within 4 hours, fix within 4 hours.

All clients are allocated a dedicated Account Manager who will attend monthly or quarterly reviews.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Our onboarding and implementation process can be summarised as follows:

1. Your MDI Cloud® account will be created in line with the defined specification.
2. Any bespoke integration will be configured to align MDI Cloud® to your existing system(s).
3. Custom workflows will be deployed and tested.
4. User accounts and access privileges will be configured by our technical team.
5. Any existing data will be transferred and ingested into MDI Cloud®.
6. User access will be rolled out across your organisation.
7. Training sessions will be arranged to suit your schedule.

Full training is provided either on site or via video conference, subject to the clients' preference. In addition, clients will receive a welcome pack with all necessary contact details for support.

A user guide and various tutorial videos are available from within the system as a self-service.

Full support is provided and additional training sessions can be arranged as necessary.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Extraction of data is typically carried out by our technical team through the backend database. The format of the data and the transfer methodology will be agreed with the client in advance of extraction.

Where required, extraction of data can be facilitated via API.
End-of-contract process
At the end of the contract, an agreed format for data extraction and transfer will be agreed with the client. The costs incurred will be to cover the cost of extraction and transfer of the data, for example if any re-formatting of the data is required, or cost of hardware such as USB hard drives.

Subject to the amount of data in the system, additional charges may be applied to export.

The general exit process can be summarised as follows:

1. Client requests termination in writing.
2. Client confirms variables such as any data re-structuring, conversion, or additional data backup requirements.
3. A termination invoice is raised covering the remainder of the contract and any additional charges that may apply.
4. Upon payment of the invoice, data is exported and transferred to the client in the agreed format and via the agreed transfer method.
5. Data is permanently deleted from our systems following the agreed backup retention period.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Functionality remains the same on both versions. The only difference is a mobile-friendly layout.
Service interface
No
User support accessibility
None or don’t know
API
Yes
What users can and can't do using the API
API's are customised to individual client needs.
API documentation
No
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
There are features within the system that allow for customisation such as custom workflows, e-forms, retention policies, email integration. These features can be customised by the users subject to access privileges, or can be configured by our team following request from the client.

In addition, as the system is our own intellectual property and was fully developed in-house, clients can request bespoke functionality for development. In such cases, the request will be reviewed and assessed, a cost for development will be shared, and once agreed a timescale for development, testing, and deployment of the new functionality will be agreed.

Customisation helps our clients prioritise the features that make a difference.

Scaling

Independence of resources
Our platform is hosted via the Amazon AWS infrastructure, ensuring instant scalability on demand.

We utilise Amazon's load balancing services to evenly distribute incoming traffic across our EC2 instances. This load balancing helps maintain optimal performance and prevents overloading of any single instance, ensuring smooth operation during periods of high demand.

In addition, our software application is hosted on Amazon EC2 instances, which are distributed across at least two availability zones. This redundancy ensures that if one availability zone experiences an issue, the application will continue to run smoothly in the other zone, minimising downtime and service disruption.

Analytics

Service usage metrics
Yes
Metrics types
All activity within the system is audit logged at individual user level. This can be shared periodically with the client, or can be accessed via the Reporting tool within the system subject to which MDI Cloud package is chosen.

In addition, service metrics are typically customised based on client requirements. Where feasible, this may be automated or integrated with the clients own reporting platform (subject to charges).
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data can be downloaded ad-hoc on a per document basis using the download feature within the system. If large datasets are required (e.g. bulk export) this must be carried out by our technical team following request and confirmation by an authorised contact within the clients' organisation.
Data export formats
Other
Other data export formats
Original format of the data when ingested into the system
Data import formats
Other
Other data import formats
Any file type can be imported into the system.

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We guarantee 99.99% uptime. Service credits are typically agreed per contract/client, but an example is:

Below 95% - 5% rebate
Below 90% - 10% rebate
Below 85% - 30% rebate
Approach to resilience
Multi-Availability Zone Deployment - Our software application is hosted on Amazon EC2 instances, distributed across at least two availability zones. This redundancy ensures that if one availability zone experiences an issue, the application will continue to run smoothly in the other zone.

Load Balancing - We utilise Amazon's load balancing services to evenly distribute incoming traffic across our EC2 instances. This load balancing helps maintain optimal performance and prevents overloading of any single instance, ensuring smooth operation during periods of high demand.

Amazon EC2 Auto-Scaling - Our infrastructure is designed with auto-scaling capabilities, allowing us to launch new EC2 instances as needed based on traffic and resource requirements.

Database Resiliency - We use Amazon RDS to host our databases, with Multi-Availability Zone deployment. This approach provides automatic failover and redundancy for our databases.

Monitoring and Alerting - We utilise AWS CloudWatch to continuously monitor various system metrics throughout our infrastructure and notify of any anticipated issues for fast mitigation.

Amazon S3 for Document Storage - Our platform stores documents in Amazon S3, which is a highly scalable and durable object storage service. Amazon S3's virtually unlimited capacity allows us to accommodate growing document storage needs without any constraints.
Outage reporting
We utilise AWS CloudWatch to continuously monitor various system metrics throughout our infrastructure. In the event that any predefined thresholds or alerts are triggered, relevant parties are immediately informed via AWS SNS notifications. This proactive monitoring approach allows us to identify and resolve potential issues before they impact system availability.

In addition, we have various other custom monitoring tools in place to notify our IT and development team of any unexpected activity.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
Other user authentication
Single Sign On can be implemented where required
Access restrictions in management interfaces and support channels
Access to the management interface is only granted to authorised users and can only be obtained from our corporate network due to IP address restrictions.

All user activity within the management interface is fully audit logged and monitored.

The Support team have restricted access to allow them only to carry out basic tasks such as password resets.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
British Assessment Bureau
ISO/IEC 27001 accreditation date
03/04/2017
What the ISO/IEC 27001 doesn’t cover
All services are in scope of our certification - no aspects of our business are omitted.
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
07/07/2020
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
Scanning, Archive Storage.
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
  • BS10008
  • ISO22301

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
BS10008
Cyber Essentials Plus
ISO22301
Information security policies and processes
We operate a central management system that is certified to and therefore aligns to BS10008, ISO22301, and ISO27001. As part of this management system we maintain individual Information Security Policy documents that collectively address, at minimum, all of the Annex A controls stipulated in the ISO27001 standard.

To ensure compliance to these policies and associated standards, we regularly execute internal audits and site inspections, with all results documented and reported.

The management system is authorised and supported at board level. Regular Management Review Meetings are held, with at least one board member present, where all aspects of the management system are discussed including non-conformances, risks, and compliance to policies.

The Compliance Manager is ultimately responsible for the management system and forms the first level of contact for any internal or external compliance or security issues. The Compliance Manager reports directly to the Chief Operating Officer, who has ultimate responsibility for compliance and security.

Regular training is executed to ensure all staff are aware of their individual responsibilities for security and compliance, with regular tests issued that help to tailor training to individual needs.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We operate a change management procedure that aligns with our ISO27001 standard. In terms of software development, we follow the guidance set out in ISO27002.

All components of our services are logged and tracked via an asset register which is regularly reviewed. This details the type of asset, configuration/build information and an asset owner, amongst various other key details.

Changes are first categorised as minor, medium, or major. They are then managed in line with the guidance set out in our change management policy, ensuring risk assessments, testing, and project management throughout to ensure security impacts are mitigated.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Risk assessments are maintained and monitored for all systems. These registers assign a risk rating; all risks above an allowed threshold must be mitigated to bring the residual rating to an acceptable level.

IT perform a vulnerability scan of software every month. This is documented on our IT Audit Schedule. IT will apply patches as soon as possible, depending on severity. All security patches are applied immediately.

Regular penetration tests and vulnerability scans are carried out by a third party who provide a detailed report and recommendations.

We stay appraised on potential threats via subscriptions to special interest groups/mailing lists.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Workstation configurations, including installed software and security groups are configured and synchronised via the ActiveDirectory (AD). These configurations are maintained, documented and reviewed by the IT Manager and are continually synced and monitored via two external cloud services, JumpCloud and CyberSmart.

These services report immediately on any potential vulnerabilities, with recommended fixes.

All security recommendations are implemented immediately. If an immediate fix cannot be implemented, the workstation or server will either be restricted from use or closely monitored until a fix has been implemented.
Incident management type
Supplier-defined controls
Incident management approach
All incidents are handled in line with our defined policy, regardless of event type. The policy first defines what is deemed as a security incident.

It then details the process for reporting incidents, which requires internal users to report incidents to a member of the defined information security committee immediately, and external users to report incidents via our support team, who must then pass it on to a member of the ISC immediately.

Our Compliance team carry out an investigation, detailing route cause and corrective actions, which is then documented in a report for internal documentation or issue to clients.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Tackling economic inequality

Fighting climate change

In alignment with our commitment to environmental sustainability, we are diligently working towards achieving net-zero emissions by the year 2050, consistent with governmental guidelines and objectives. Our strategy involves a comprehensive monitoring of scope 1, 2, and 3 emissions, adhering to the protocols set forth by the Greenhouse Gas (GHG) Protocol. To ensure the realisation of this goal, we have established specific targets, with a systematic approach to ensure year-on-year reductions in our carbon footprint.
Our environmental objectives are outlined as follows:

Achievements as of 2023:

• Transitioned our company car fleet to 100% electric vehicles (not including box transport vehicles due to range limitations).
• Installed electric vehicle (EV) charging points at our facilities, available for use by all staff and visitors, promoting the adoption of EVs.
• Equipped our scanning bureau with solar panels, enhancing our renewable energy capacity.
• Partnered with Future Forest Company to plant a tree for every 10 boxes scanned.

Targets for 2030:

• Transition to 100% renewable sources for heating and electricity.
• Ensure over 50% of our box transportation is conducted using electric vehicles.
• Commit to the procurement of materials that are exclusively biodegradable or recyclable.

Vision for 2050:

• Complete transition of all transportation (cars and vans) to electric vehicles.
• Achieve net-zero emissions, actively removing more CO2 from the atmosphere than we produce.
• The planting of 50,000 trees, contributing to carbon sequestration.

Tackling economic inequality

In order to resolve issues of economic inequality, such as pay discrepancies based on race, gender or any other characteristic that does not affect one’s ability to perform their duties, as of September 2022, Storetec pays the Living Wage to all employees within the workforce, regardless of their individual characteristics, including age. Storetec operates an Equal Opportunities and Anti-Discrimination policy that applies across all departments and hiring processes. The economic stability of Storetec’s employees is of great importance to the business in a time where energy bills and the cost of living is rising.

Pricing

Price
£190 a licence
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
We can offer tailored trials depending upon the size of the implementation. Trials can be offered for up to 3 months, with full functionality of the system avaialable.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@storetec.net. Tell them what format you need. It will help if you say what assistive technology you use.