PINS

Service scope

Software add-on or extension: No
Cloud deployment model: Public cloud

Private cloud

Community cloud

Hybrid cloud
Service constraints: No
System requirements: The system requirements are closely linked to your business requirements

We work with you to understand your business requirements

We then recommend appropriate computing resources to ensure accessibility/scale/performance

Minimum compute requirements are specified in the service description

User support

Email or online ticketing support: Email or online ticketing
Support response times: Our response times are provided in our Service Support details
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: No
Onsite support: Onsite support
Support levels: High - Our highest Service Level response is reserved for complete Service Outage.
It is expected that the reporter will communicate directly via Email or
Telephone for this type of outage. Our service desk will respond within 1
hour and provide subsequent updates every 1 hour (if required). The
escalation level is immediate and the target fix is as soon as possible

Medium - Our second highest Service Level response is reserved for partial outages or interruptions. It is expected that reporter will communicate directly via Email or Telephone for this type of outage. Our service desk will respond
within 4 hours and provide subsequent updates every 4 hours (if required).
The escalation level is after the initial target fix time and the target fix is
within 8 hours.

Low - Our third Service Level response covers enquiries, minor issues and change requests. It is expected that the reporter will communicate directly via Email for this type of issue. Our service desk will respond within 5 days (if
required) the target fix date will be the next schedule release for agreed
upon change requests).
Support available to third parties: Yes

Onboarding and offboarding

Getting started: As part of the on-boarding process we would propose an implementation plan that sets out our approach to platform configuration, deployment and accreditation (if needed). This will be provided under Cloud Support Services (PINS Consultancy)
Service documentation: Yes
Documentation formats: HTML

PDF
End-of-contract data extraction: One of the our key principles is that you maintain ownership and control of your data. This means that we make it easy to return your data to you in a format that can easily be re-used. On termination, we will provide you with an extract of your data in CSV or XML format.
End-of-contract process: When customers are off-boarding with us, we would agree a format for the return of your data with you. We will then decommission the service and securely delete all data held by us (if we are managing the service for you).

Using the service

Web browser interface: Yes
Supported browsers: Microsoft Edge

Firefox

Chrome
Application to install: No
Designed for use on mobile devices: No
Service interface: Yes
User support accessibility: None or don’t know
Description of service interface: Responsive HTML5 Web Interface Accessibility standards
Accessibility standards: None or don’t know
Description of accessibility: We comply with most of the accessibility standards of WCAG 2.1 A and are working to achieve all the standards
Accessibility testing: In developing our services we work with users to identify the most likely challenges to participants using the service, including lack of access to the Internet, literacy, use of assistive technology and develop solutions to address these challenges
API: Yes
What users can and can't do using the API: For PINS 4, uses can query prison data (e.g. look up offender's prison status) using the webservices API
API documentation: Yes
API documentation formats: HTML

PDF
API sandbox or test environment: Yes
Customisation available: Yes
Description of customisation: Most aspects of our services are configurable - either in terms of how the app works (as configured by adminstrators) or in terms of the service levels/computing resources used. Additional data sources can also be added.
Customer can purchase PINS consultancy at our SFIA rates where these additional services are required.

Scaling

Independence of resources: The service is configured to use load balancing and clustering techniques to ensure that demand upon the service is spread evenly over computing resources and to reduce the impact upon the users

As part of the onboarding process Saadian will work with the buyer to fully understand their usage expectations to ensure that the required resources are available as the service usage grows

Analytics

Service usage metrics: Yes
Metrics types: We provide a range of service metrics such as:
- Application logins ( e.g. frequency, role etc.)
- Performance (e.g. number of concurrent users online throughout the day)
- Registered interests
- Notifications
Reporting types: Real-time dashboards

Regular reports

Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Conforms to BS7858:2019
Government security clearance: Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: Yes
Datacentre security standards: Managed by a third party
Penetration testing frequency: At least once a year
Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest: Physical access control, complying with another standard

Other
Other data at rest protection approach: Access to Data is strictly controlled by the Saadian Information Security management system. Policies and processes are in place to ensure that only those with a valid need to access data are allowed and technically able to do so
Data sanitisation process: No
Equipment disposal approach: A third-party destruction service

Data importing and exporting

Data export approach: The service has functionality built in that will allow users to export data
Data export formats: CSV

Other
Other data export formats: XML
Data import formats: CSV

Other
Other data import formats: XML

MS Excel

Data-in-transit protection

Data protection between buyer and supplier networks: Private network or public sector network

Other
Other protection between networks: Data in transit is encrypted. Network connectivity between the buyers network and Saadian services is configured based on the buyers security requirements e.g. private network or public sector network.
A full CHECK compliant ITSHC is commissioned to ensure security of the connection
Data protection within supplier network: TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Legacy SSL and TLS (under version 1.2)

Other
Other protection within supplier network: Saadian operate an Information Security Management system (including an administrative user Syops) that strictly limits who can access the data
ITSHC are conducted on the service at regular intervals to identify any potential security risks

Availability and resilience

Guaranteed availability: We can agree availability levels for the service with you - this determines
when the service must be available and limits unplanned downtime (but allows for planned maintenance windows).
Availability is closely linked to infrastructure configuration because we
need to make sure the right infrastructure is in place to support the
expected levels of availability.
Approach to resilience: Load Balancing The service is accessed through a load balancer that direct traffic to available nodes. This ensures a consistent level of response and single points of failure
Application Monitoring: Application monitoring is configured for all servers and nodes to monitor the performance of physical servers and their specific applications and services. This helps Saadian understand and address problems before they cause full disruption
Clustering: Service Nodes work in clusters that share customer states and information in real time. This allows the service to fail over to another cluster if there is a disruption
Disaster Recovery: DR environments and plans can be put in place in accordance with customer needs to ensure that the service can be recovered in the case of a disaster
Outage reporting: Application monitoring tools can be configured to send regular reports and automatic notifications of outages or disruptions

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Identity federation with existing provider (for example Google Apps)

Dedicated link (for example VPN)

Username or password
Access restrictions in management interfaces and support channels: Access to management and support interfaces is controlled by a strict role based access policy. The service is developed in accordance with our ISO27001 compliant Access control Policy
Access restriction testing frequency: At least once a year
Management access authentication: 2-factor authentication

Public key authentication (including by TLS client certificate)

Identity federation with existing provider (for example Google Apps)

Limited access network (for example PSN)

Dedicated link (for example VPN)

Username or password

Audit information for users

Access to user activity audit information: Users contact the support team to get audit information
How long user audit data is stored for: User-defined
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: User-defined
How long system logs are stored for: User-defined

Standards and certifications

ISO/IEC 27001 certification: No
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: No
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: No
Security governance approach: Saadian understands that Information security is not only a technical issue, but a business and governance challenge also. As such the security of information and other critical organisational resources is treated as a priority throughout the company.

Saadian have an executive appointed Information Security Manager and an Information Security Management system with policies that extend beyond the technical aspects to include critical business processes.

Executive Management is invested in Information security and receive reports on security performance and breaches
Information security policies and processes: Saadian understands that Information security is not only a technical issue, but a business and governance challenge also. As such the security of information and other critical organisational resources is treated as a priority throughout the company.

Saadian have an executive appointed Information Security Manager and an Information Security Management system with policies that extend beyond the technical aspects to include critical business processes.

Executive Management is invested in Information security and receive reports on security performance and breaches

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: The Saadian configuration and change Management processes are based upon ITIL best practices and consists of a set of documents, processes and routines that form part of Saadian IT Service Management
Vulnerability management type: Undisclosed
Vulnerability management approach: N/a
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: There are two levels of Protective Monitoring available with this Cloud service:

(i) Saadian captures logging data in relation to e.g. network traffic and infrastructure configuration changes - and guards against known vulnerabilities. This is included the service charge where Saadian our providing Cloud hosting.

(ii) Saadian can provide additional operational services such as proactive intelligent monitoring and alerts. This is an additional chargeable service upon request.
Incident management type: Supplier-defined controls
Incident management approach: The Saadian Incident Management process is based upon ITIL best practices and consists of a set of documents, processes and routines that form part of Saadian IT Service Management

Secure development

Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks: Yes
Connected networks: Public Services Network (PSN)

Social Value

Covid-19 recovery
Tackling economic inequality
Wellbeing

Covid-19 recovery

To support the 2 delivery objectives below, Saadian has expanded its support team in the UK and recruited these from out of London locations including Nottingham, Cambridgeshire and Manchester. Saadian has introduced flexible working arrangements for its employees including predominantly home working, optional flexible office space for those whose well being requires greater in person inter actions and an option for a 4-day working week. 1. Create employment, re-training and other return to work opportunities for those left unemployed by COVID-19, particularly new opportunities in high growth sectors. 2. Improve workplace conditions that support the COVID-19 recovery effort including effective social distancing, remote working, and sustainable travel solutions.

Tackling economic inequality

To support the 3 delivery objectives below, Saadian has expanded its support team in the UK and recruited these from out of London locations including Nottingham, Cambridgeshire and Manchester. We are training the support team in areas of skills shortage and high demand including Cloud services and Security. 1. Create employment opportunities particularly for those who face barriers to employment and/or who are located in deprived areas. 2. Create employment and training opportunities, particularly for people in industries with known skills shortages or in high growth sectors. 3. Support educational attainment relevant to the contract, including training schemes that address skills gaps and result in recognised qualifications.
Wellbeing

Wellbeing

To support the delivery objective below, Saadian has introduced flexible working arrangements for its employees including predominantly home working, optional flexible office space for those whose well being requires greater in person inter actions and an option for a 4-day working week. 1. Demonstrate action to support the health and wellbeing, including physical and mental health, in the contract workforce.

Pricing

Price: £7,263 a server a year
Discount for educational organisations: No
Free trial available: Yes
Description of free trial: Access to a demo server is available

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

PINS

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents