Unisys Limited

AMANDA Enterprise Licensing, Permitting and Compliance Application

The AMANDA Cloud platform is an advanced Regulatory Case Management & Process Automation Platform, which fundamentally transforms how public sector organisations own, operate, and manage their regulatory business processes and interact with their citizens and businesses.

Features

• Multiple User Experience features: accessibility, responsive, touch-enabled, personalisation
• Data Management: flexible data model
• Workflow: powerful tool automates enforcement of agency policies and procedures
• Configurability: includes workflows, processes, data elements, users/teams, fees, security
• Payment Processing: integrates with the organisation’s payments provider
• Financial Management: fees, payments, invoicing, general ledger, cashier functions
• Document Management: upload and attach various document/file types and/or URL
• Inspection/Compliance Tracking: track and monitor non-compliances and deficiencies
• Public Portal: online internet access to the solution
• Reporting: easy-to-use ad-hoc query and report generator

Benefits

• Single database serving back-office, citizens and mobile users
• Facilitates collaboration with external agencies participating in cases
• Can serve as Master Data for people, property, assets etc.
• Optionally allows staff to view/manage schedules from Outlook/Google Calendar
• Client organisation can manage configuration themselves via Administrator Console
• Variable data model provides flexibility for current and future requirements
• Automatic data validation enhances accuracy and data quality
• Multiple integrations to leverage existing investment in technology
• Citizen self-service reduces resource demands and improves customer perception
• Mobile apps allow staff to work on-site reducing travel/lost time

£2,200 a user a year

Service documents

• Pricing document

  ODT

• Skills Framework for the Information Age rate card

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at cloudstore@unisys.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

932385769155486

Contact

Ruth Bishop
01908 380885
cloudstore@unisys.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Customer responsibilities and any constraints are described in the Service Description document.
• System requirements:
  • Buyer is responsible for provisioning suitable hosting platform for service
  • Server sizing will depend on user numbers and load
  • Data layer supports both Oracle and Microsoft SQL Server RDBMS
  • Pure Java implementation offers application server hardware platform independence
  • User device with a compatible browser
  • Network connectivity on HTTPS port 443
  • Integration uses industry standard communication protocols
  • Mobile Inspector App: iOS, Windows or Android-based tablet
  • Contractor App: iOS or Android-based smartphone

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: A Service Level Agreement will be agreed with the buyer setting out agreed response times.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Please see service description. A Service Level Agreement will be agreed with the buyer setting out agreed support levels and escalation arrangements.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Please refer to the service description for the details
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: See Service Description for a full description of the end-of-contract processes.
• End-of-contract process: Please see Service Description document for details.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Applications are available targeted at different user types: Inspector App (for iOS, Android or Windows tablet) and Contractor App (for iOS or Android smartphone). The functionality in each application is specific to the user role. Inspector App works even without an internet connection by collecting and storing data locally and synchronising with your AMANDA platform once an internet connection is available.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: A modern application, AMANDA provides several user experience features:; • Multi-browser Support – browser agnostic user interface supports Chrome, Firefox, Safari, Internet Explorer and Microsoft Edge.; • Responsive Layout – a responsive design ensures each page renders well on a variety of devices and screen sizes.; • Touch-enabled Interface – features an interface designed to work with touch-enabled devices (e.g., Apple iPad, Microsoft Surface).; • Application-level Personalisation – enables administrators to personalise the user interface for all users or a given department.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: AMANDA has adaptors, interfaces, web services and other tools to make integrations easy:; • User Authentication - LDAP, Active Directory, etc.; • Calendar Integration (Microsoft Outlook and Google); • Enterprise Application Interface – AMANDA EAI is a comprehensive integration solution that enables bi-directional information exchange with a third-party application, service or system. The EAI adaptor has a highly extensible architecture. Out-of-a-box it provides support for multiple communication protocols (HTTP/S, FTP, SMTP), offers flexible message format (XML, delimited file, etc.), push/pull initiation, event and time driven operation as well as synchronous and asynchronous data exchange. AMANDA EAI enforces application security rules (authentication, authorisation, encryption) as well as applicable validation and data integrity rules.; • EDMS Adaptor – Stores and retrieves documents from external repositories such as FileNet, SharePoint, Alfresco, etc. Retrieve, view and print documents from the EDMS.; • GIS Adaptor – Integrates your GIS system and/or Google Maps with AMANDA and enables you to retrieve, view and edit GIS and AMANDA data from either application.; • Outlook Email Adaptor; • Reporting - Crystal Reports, Oracle, Business Objects, SSRS, etc.; • Web Services – A SOAP and REST API that enables external systems to connect to AMANDA.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: AMANDA enables authorised administrators to fully manage all AMANDA configurations which include the definitions of workflows, processes, data elements, users, teams, organisations, fees, attachments, security, etc. Nearly all AMANDA clients manage their own AMANDA application configurations with minimal support. The client organisation can configure their AMANDA application using the AMANDA Administrator Console.

Scaling

• Independence of resources: The customer will be responsible for provisioning hosting, which will include capacity management and scaling.

Analytics

• Service usage metrics: Yes
• Metrics types: The solution includes a powerful reporting capability. 60+ reports come out the box and custom reports can be developed also on a per-customer basis. AMANDA Analytics (based on the Yellowfin BI suite) is a full featured Business Intelligence, Dashboard and Reporting platform available to all authorised internal users. It empowers users to act on their data with real-time analytics that is easy-to-use and secure. From reducing processing times to measuring the impact of new policies, it helps management see the story behind the numbers, track expenditures to more effectively allocate public funds, reduce costs, increase transparency and identify innovation opportunities.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Granicus, Yellowfin and Alphinat

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: The system supports data import and export in various formats.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Microsoft Excel
  • Microsoft Word
  • PDF
  • Text
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XML
  • Microsoft Excel
  • Text

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: • CPA Foundation-grade assured components; • FIPS-assured encryption; • Other encryption; • Secure containers, racks or cages; CESG assured components

Availability and resilience

• Guaranteed availability: Availability will be largely dependent on the hosting provision, which will be the responsibility of the customer to arrange.
• Approach to resilience: Resilience is largely dependent on the hosting provision, which will be the responsibility of the customer to arrange.
• Outage reporting: Email alerts and landing page portal

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: This will be the responsibility of the hosting provider, which the customer is required to arrange.
• Access restriction testing frequency: Never
• Management access authentication:
  • Username or password
  • Other
• Description of management access authentication: This will be the responsibility of the hosting provider, which the customer is required to arrange.

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 14/10/21
• What the ISO/IEC 27001 doesn’t cover: Not applicable. All controls identified in ISO 27001 annex A are implemented across the Unisys domains including our UK business Unisys Ltd and covered by Certificate Number IS 58442.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Control Gap
• PCI DSS accreditation date: February 2022
• What the PCI DSS doesn’t cover: Unisys PCI Certification scope involves adherence to the Payment Card Industry Data Security Standard (PCI DSS) v3.2.1. Anything outside that scope of security requirements is not covered by our PCI Certification.
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: ISO 27018

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Client Information Security policy (IS) incorporates Unisys Corporate IS policy. Adherence and compliance to both of these policies, for delegates engaged in providing the services, is mandatory requirement to joining the team. All UK-based delegates are security vetted and are provided annual Security briefings. Compliance, renewals and Joiners & Leavers registers are reviewed, monitored and reported on quarterly bases. Ad-hoc unannounced spot checks are also carried out by the Security Authority who is responsible for managing and reporting on all service related Information Security incidents. Further, delegates are also presented with the Service SyOps as well as the individual client SyOps that details how the system meets and delivers the G Cloud Security Principles. Delegates roles and responsibilities are defined by the processes and procedures outlined in the accompanying SOPS documentation. The Service Description details the Security Risk Incident and Emergency Security Incident management procedures. The service Security Authority has a dotted line into the Unisys UK CIO and has a seat on the Corporate Security Governance board. Unisys operates an anonymous incident and dispute reporting scheme.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: AMANDA is managed against a set of processes and procedures in place for every Unisys product. All artefacts are held in a version control and fault tracking repository which ensures all components are tracked through their lifetime.; Changes are assured by independent validation of assertion
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: At the infrastructure level, the AMANDA infrastructure will be the responsibility of the hosting provider arranged by the customer.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The Infrastructure will be the responsibility of the customer to provide either directly or through a cloud hosting provider.
• Incident management type: Supplier-defined controls
• Incident management approach: During on-boarding stage, tenants are introduced to Unisys IM process that details how incidents are logged with the service desk, how to allocate priority and how incident flow takes place from being received by the appropriate resolver-groups until it is resolved. The Incident severity levels are defined by the incident characteristic that are defined in the service description, which also details the process flow between Incidents and Problem record and how Incident and Problem Management tracking and reporting is performed.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Unisys is committed to preserving the environment and have a number of strategies to do this, for our own business, our supply chain and our customers. Solutions to help our clients reduce their carbon footprints largely focus on applying advances in technology to improve the energy efficiency of IT Platforms through migration to the cloud and by enabling secure home working. Our security, collaboration and application services enable our workforces and those of our clients to securely work from home and collaborate and share data. This helps reduce real estate footprint for office space, as well as minimising the impact of business travel. Our consultancy and application services support the migration of workloads to the cloud. This delivers many environmental benefits, primarily increased energy efficiency of IT platforms and more efficient and sustainable use of IT infrastructure. Cloud based infrastructure is more energy efficient than on-premise models for many reasons. For example, additional capacity for temporary requirements such as capacity for peak workloads or development environments can be decommissioned when not in use. Unisys has deployed many secure cloud services to meet highly classified Public Sector requirements, with cloud services delivered from our PASF, ISO27001 and ISO22301 certified secure UK data centres. We bring proven government security compliance coupled with the additional layer of Unisys Stealth® Zero Trust security software built on a foundation of the NIST Risk Management Framework (RMF). Our deployment approach focuses on making decisions about security and cost-effectiveness during planning and features a Zero Trust approach to achieve no failures in compliance or security vulnerability. The use of these measures internally within Unisys have contributed to exceeding our target of a 75% reduction in our Scope 1 and 2 carbon emissions by 2026, five years ahead of plan, with a reduction of 80% achieved in 2021.
• Covid-19 recovery:

  Covid-19 recovery

  Unisys services helped support the workforces of Unisys and our clients in the almost overnight transition to remote and flexible working. This helped our employees and those of our clients to adapt the traditional work week and cope with the many challenges of lockdown, such as home schooling. We also supported businesses in adapting to specific business challenges. Our products and services, particularly cloud UC, digital workplace and Stealth security services enabled our clients to rapidly adapt their operating models and keep running during the pandemic. We amended the operational support model of our public and private cloud hosting services to enable working from home, even for high security government customers. To allow social distancing and reduce the number of staff required on site, operational team members were split according to data access. Those working below the application layer with no access to data could work from home. The subset of team members with access to data with a Government security classification continued to work on-site, with all access monitored and audited using a SIEM solution. Employees were rotated in a 2-week shift pattern. At a company-wide level, Unisys is committed to making a positive impact in the communities where our employees and clients live and work through corporate philanthropy. Through the global Unisys Cares programme, we partner with non-profit organisations driving better outcomes and positive change around the globe. We created a campaign across Unisys to support families impacted by COVID-19. A dedicated 24/7 COVID-19 Task Force assisted employees and their dependents during medical emergencies. During the pandemic, we partnered with a healthcare services provider in India, which was heavily impacted by COVID-19. We organised two vaccination drives in Bengaluru and Hyderabad. More than 1,400 employees and their dependents were vaccinated across both cities.
• Tackling economic inequality:

  Tackling economic inequality

  Unisys is committed to a sustainable and socially conscious future and are a member of the United Nations Global Compact, the world’s largest corporate sustainability initiative focusing on advancing human rights, labour, anti-corruption, environment, and other societal goals. Our investment in professional development remains focused on building a diverse and inclusive bench of future leaders empowered to improve our business. This includes reskilling initiatives to ensure that our associates remain as competitive as possible in rapidly evolving technical fields. This is delivered in a number of ways, including (1) the Unisys University with more than 50,000 on-demand development programs supporting a wide range of development opportunities; (2) partnerships with training organizations such as Skillsoft, Global Knowledge and Franklin Covey; (3) Tuition reimbursement for degree programs or certifications and (4) Our Connected Leadership programme focused on developing underrepresented ethnic groups at executive and management levels. Our technology solutions including cloud based hosting, digital workplace services and secure connectivity for flexible remote working support the creation of similar initiatives in our customer base. In addition, our products and services that enable home working tackles economic inequality for job candidates, removing the restriction of requiring candidates to live in a commutable distance from company office locations and reducing the cost of business commuting. We also promote equal opportunity in our Supply Chain: While there is no official policy, Unisys is by the nature of our business a supporter of small and medium providers. We work with many niche and specialist providers to build bespoke client-specific solutions. Suppliers for these requirements by the nature of the services they provide tend to be smaller in size.
• Equal opportunity:

  Equal opportunity

  From the top down, Unisys’s mission is not only to offer excellent products and services, but to make the world a better place. We are a member of the United Nations Global Compact and follow its ten principles, which addresses equal opportunity under Principle 6. We encourage equal opportunities and treat all people in a fair and impartial manner, without prejudice as to race, colour, nationality, ethnicity, religion, gender, sexual orientation, marital status, age, and disability or family responsibilities. This is the definition of the fundamental right to equality, safeguarded by the Unisys approach to Diversity, Equity and Inclusion (DEI). We actively represent, develop, promote and celebrate the rich diversity of our workforce. Evidence of this includes our perfect score on the 2021 Disability Equality Index, the world’s most comprehensive benchmarking tool to measure disability workplace inclusion. Ongoing skills development is open to all our employees through the Unisys University, which includes more than 50,000 on-demand development programs. Our Connected Leadership programme focuses on developing underrepresented ethnic groups at executive and management levels. Our products and services help level the playing field for employees, both within Unisys and for our client workforces. For example, our products and services that enable home working opens the pool of potential candidates to a much wider audience, removing the restriction for candidates to live within a commutable distance of company office locations. We also promote equal opportunity in our Supply Chain: While there is no official policy, Unisys is by the nature of our business a supporter of small and medium providers. We work with many niche and specialist providers to build bespoke client-specific solutions. Suppliers for these requirements by the nature of the services they provide tend to be smaller in size.
• Wellbeing:

  Wellbeing

  Unisys is a people company. We strive for greater outcomes for our employees, clients and partners. We continually expand our Diversity, Equity and Inclusion programs and deploy new ways to engage, recognise and develop our employees. A large part of recent workforce wellbeing activity focused on keeping our own employees and those of our clients safe during the pandemic. We limited the number of people working on-site at any given time to ensure social distancing and required face coverings and thermal screenings, as necessary. We maintained safety standards across our sites. Now that the world is returning to normal, wellbeing efforts now focus on the provision of products and services to support flexible working. This contributes to the wellbeing of our employees and those of our clients by enabling the traditional work week to flex to cope with the many challenges of daily life, such as child care, while remaining in full-time employment. Unisys products and services that support flexible home working include Stealth® Zero Trust security software, cloud-based unified communications and collaboration services and digital workplace services with a managed service for ergonomic equipment for home based employees. Unisys has a zero-tolerance policy toward slavery and human trafficking and will not support or conduct business with any organisation involved in such activities. We respect individual human rights and require that our business partners do the same. We recognise our responsibility to protect human rights globally and to provide a fair and ethical workplace for our associates. General awareness on this topic is communicated to all Unisys employees annually.

Pricing

• Price: £2,200 a user a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  ODT

• Skills Framework for the Information Age rate card

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at cloudstore@unisys.com. Tell them what format you need. It will help if you say what assistive technology you use.