SWIFTPRO CORPORATION LIMITED

ZedX Apps - Integrated suite for audit, contingent labour, project management and communications

Fully integrated suite of applications within a single platform covering GIAA, NAO & PAC Audit Management, Controls and Assurance, Contingent Labour, Corporate Workflows, PPM, Risk Management, Governance Statements, Group Communications via UK Gov Notifications, Agile Sprints and a Knowledge Hub. Special editions available for Central Government, ALBs, Agencies and education.

Features

• 1. Comprehensive configuration options to customise the apps.
• 2. Integrated platform with consistent easy to use interface.
• 3. Manage GIAA, NAO and PAC audit recommendations.
• 4. Project Portfolio Management. Integrated Risk Management. Updates Reporting.
• 5. Organisational Risk Registers. Mitigating Actions. Updates Reporting.
• 6. Central users, permissions and licence management.
• 7. Core workflow management for centralised reporting across apps.
• 8. Core apps for communications and knowledge sharing.
• 9. Import from CSV. Export to Excel and PDF formats.
• 10. Built in dashboards plus ability to integrate with PowerBI.

Benefits

• 1. Critical workflows and actions controlled by the platform.
• 2. Eliminate reliance on Excel lists.
• 3. Reduce need for custom developments.
• 4. Coordinate tasks with colleagues and external staff.
• 5. Cost effect with options to purchase site licences.
• 6. Significantly improve productivity.
• 7. Option to host in own Azure subscription.
• 8. Improve ability to make critical decisions.
• 9. Improve staff and external party’s satisfaction.
• 10. Keep data secure and GDPR compliant.

£300 to £500 a unit a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tas@swiftpro.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

914772711044188

Contact

Tas Tasniem
00447977577809
tas@swiftpro.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: The application is hosted on Azure API, Functions, Storage and SQL Server. These will be on a single Resource Group with a subscription that belongs to Swiftpro or to the buyer. The buyer will need a UK Gov Notifications account for sending emails, SMS and post.
• System requirements:
  • UK Gov Notifications account
  • An Azure subscription if own hosting required

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We respond within 24 hours during working weekdays. The application is not used over weekends,
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Each buyers will be assigned a dedicated account manager. All support emails, calls or tickets will be initially processed by our level 1 support staff who will escalate to the account manager if they can't resolve the issue. The account manager will decide on the most suitable resource to assign to resolve the issue and ensure the the buyers staff are kept informed. Support costs are included within the subscription costs.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Once the order is placed and a decision is reached on who hosts the application ( us or the buyer ), we will ensure that the system is fully operational with initial default settings. We have a concept of super users and these super users will be fully trained to manage the account and manager general settings and users.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: In cases where the buyer hosting the platform, all data is inherently within their own SQL Server and storage. Where we manage the hosting, the buyers staff can export all necessary data into Excel tables themselves prior to contract ending.
• End-of-contract process: Data can be exported by the buyer to Excel tables from within the application. We will maintain the data for a period of 3 months after the contract ends.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The application is fully usable from a mobile browser. We have made a huge effort to ensure that the application is fully responsive. In some cases on a mobile the user may need to press a button to see full information because the number of columns in a grid on a mobile are limited.
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: No
• Customisation available: Yes
• Description of customisation: The ZedX Apps platform consists of a number of applications. Each buyers can decide which apps within the platform they want to licence.

Scaling

• Independence of resources: We have the ability to host 1 or more buyers on a single installation and the number of buyers we place within 1 installation will be carefully analysed to ensure we have plenty of redundancy for smooth operations. Further, we have the tools necessary to move a buyer to a different installation if they report a degradation in performance. We encourage Gov Depts to provide us with an Azure Resource Group within their subscription so the performance is under their control.

Analytics

• Service usage metrics: Yes
• Metrics types: All actions taken by all users are logged into different categories which as "login", "Sent email" and these can be exported to PowerBI and analysed. In addition if the Buyer uses Azure for the hosting and its their own account then they get usage data from Azure too.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Other
• Other data at rest protection approach: All data will be in Microsoft Azure.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: We provide a comprehensive set of views of the data that can be output to Excel tables by the Buyer's Super Users. This is done from a Outputs module within the application.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network: Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: The hosting will be on Microsoft Azure on and so for availability of service we rely on Microsoft's SLA. In the event the system is non operational due to a fault with the software, ever effort will be made to ensure the issue is resolved as quickly as possible. In the event that it is not resolved within 48 hours, a prorata refund will be offered based on subscription price.
• Approach to resilience: We use Microsoft Azure for all hosting if we do the hosting but advise the buyer to take out a Azure subscription and provide us with a Resource Group within that subscription. All resilient issues should be taken from Microsoft's Azure SLA
• Outage reporting: We will inform the customer by email and a call in the event of a outage and provide updates at agreed intervals until the issue is reolved.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: The platform as a concept of Super Users per account and Super Users per app within the platform. Swiftpro staff manage the Super User accounts per customers and these Super Users in turn manage the app supers users. Within each app we have a further users access control module that handles the finer points of access control depending on the functionality of the module.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We take security governance extremely seriously and are constantly accessing and evaluating our staff, partners and processes to ensure all are operating to the highest standards and use the latest knowledge and techniques are being utilised and applied. We use our own Controls and Assurance app as well as our own Risk Register app to fine tune our approach to security governance.
• Information security policies and processes: We have a documented security police defined for us by an independent security consultant and core aspects of the policy are policed every 3 months using a self audit system based on our own Controls and Assurance application.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We constantly monitor usage of the application suite and improve the functionality based on users feedback. Forthcoming updates are posting directly on the site with a count down when the update will be made and what changes user can expect. The account manager will also email the users management of the change before it is applied.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Currently we monitor vulnerabilities using Snyk on an ongoing bases and resolve issues reported on an immediate bases. This process is under constant review and we access new vulnerability tools and services on the market on an ongoing bases to ensure our platform is as secure as it possible can be.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We make full use of Azure monitoring and logging facilities as well as logging all key activities within our own application and have rules in place for identifying normal and abnormal behaviour based on the logged data. We use a 3rd party security specialist to help understand the potential threat and to create a plan for mitigating it.
• Incident management type: Supplier-defined controls
• Incident management approach: Our government and education customers, are all provided with a dedicated account manager who they can contact at any time to report an incident. All incidents are logged and the customer is can be provided with a log of the incidents on request. We are developing our own incident logging within the platform which should be ready before Nov 2024. Some customers prefer to manage incidents reporting and resolution feedback via MS Teams which we are happy to facilitate.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Other
• Other public sector networks: UK Gov Notifications for sending emails

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity

  Fighting climate change

  As a SME we have policies in place that are appropriate for the size of the business to covering purchasing, waste disposal and use of energy to ensure all are kind to the environment. All staff, starting with the hiring process and the onboard process are guided on the seriousness of client change and of attitude towards it.

  Equal opportunity

  We believe all business owners, no matter how small the business should take equal opportunities seriously and the management should be aware of the impact of SMEs collectively on the wider society. We therefore make every effort to ensure that all sectors of society are considered equally for every opportunity within the business.

Pricing

• Price: £300 to £500 a unit a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We can provide a fully operational account with access to all applications for a period of 4 weeks on request.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tas@swiftpro.com. Tell them what format you need. It will help if you say what assistive technology you use.