OPEN INTELLIGENT TECHNOLOGY LIMITED

Open Banking & Open Data Platform

We offer easy to-implement technology for banks and organisations to publish secure Financial APIs and build applications that leverage Open-Banking, Open-Finance and Open-Data sharing.

Our products remove technical & regulatory complexity around multi-geo Open API publishing, bringing digital identities to the core, to deliver Open-Banking, Open-Finance, Embedded-Finance and Panoramic Banking.

Features

• Financial API Access control & security
• FAPI: Financial-grade API Security
• Strong Customer Authentication (SCA)
• Consent Management & Revocation
• Bank as Fintech
• Open Banking
• Open Finance
• Dynamic Client Registration (DCR), PAR & JARM
• Aggregated Payments & Accounts APIs
• Zero Trust

Benefits

• Works with existing API Management technology
• Secures existing API Gateways & Open APIs
• Works with any Core Banking platform
• Fast, easy and non-disruptive compliance
• Multi-country ready: OBIE-UK, BCB-BR, PSD2-EU, CDR-AU, FDX-USA/CA
• Self-service Consent Management portal
• Change banks role to API consumer / Fintech
• ZT: Secure Core Banking APIs
• ZT: Deliver Embeded Finance APIs to external channels
• Open Finance

£30,000.00 to £60,000.00 a licence a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bianca@openit.io. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

953692450443004

Contact

Bianca Hohn
07393590656
bianca@openit.io

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: For API publishing security:; API Management tools, platforms and gateway; API Gateway; ; For API consumption & Bank as Fintech proposition:; Open Banking APIs (from banks) as data consumer.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Currently built on x86 intel chipsets and associated hardware.; The OpenIT stack is cloud-native and multi-cloud ready.
• System requirements:
  • Network firewall
  • Load balancer
  • Container environments such as Kubernetes or OpenShift
  • Virtual machines

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Depending on service priority and committed service levels, response times to logged tickets are as low as 15 minutes.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide different levels of offsite and onsite support, ranging from: ; - Standard support (0800 - 1700), Monday to Friday, Online; - Premium support (0800 - 2200), Monday to Friday, Online & Phone with named account managers ; - Dedicated support (24x7x365) with dedicated account and success managers; These are further detailed under 'Overview of support models' in our Pricing document.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide online/remote training, user documentation and onboarding support via conference calls, slack channels and CRM based ticketing systems.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Swagger Open API
• End-of-contract data extraction: When agreed with the customer, the OpenIT platform only stores data received via. explicit consent from customers. OpenIT is able to delete this data if required at the end of a contract.
• End-of-contract process: As part of the contract we provide unlimited usage of our platform as well as standard support. At the end of the contract we provide a clear pathway based on notice for cessation of services. We also provide options of higher levels of support that may involve additional costs.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Linux or Unix
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Our SCA app. works on mobile devices.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: OpenIT service interfaces are normally behind the scenes as our AUTH server works in the background to support critical FAPI related TPP onboarding and customer authentication processes.
• Accessibility standards: None or don’t know
• Description of accessibility: The majority of functions can be accessed through APIs.
• Accessibility testing: As a programmatic interface, OpenIT APIs are not intended for direct user consumption, instead interface with API Gateways and TPP sytems, hence there are no specific assistive technologies that can be applied. Assistance required with our online portals is supported by our front line and developer advocate teams.
• API: No
• Customisation available: Yes
• Description of customisation: Our Open Banking Fintech platform provides a base capability based on aggregated Open Banking transactional data. Customisation of insights, analytics and offers to customers for banking/fintech products and services can be built on our Open Banking Data Warehouse.

Scaling

• Independence of resources: The OpenIT platform is a Kubernetes deployed Cloud first solution, deployed on a customers choice of cloud (Azure / AWS / GCP / private) environments, taking advantage of the most current scalability models available from cloud platforms and optional Kubernetes clusters, including the ability of clusters to auto-scale while staying within service-level objectives.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide usage logs including dates and times as related to specific API end point calls.
• Reporting types:
  • API access
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: As a programmatic interface, OpenITs AUTH server does not offer any direct engagement for end users or hold user specific data / Personally Identifiable Information (PII). Our systems are not intended for direct user consumption and all data stored is only that as relevant for Open Banking communication services. Users of the platform are developers and hence there are no specific export requirements for end users. Wherever necessary this is supported directly via. APIs, or in specific cases as CSV files.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Uptime availability targets and SLAs begin at 99.5% four our standard support service and range till 99.9%. Based on the support service level option chosen, Service Credits are available for subscription and kick-in as applicable. Further details are in our pricing document.
• Approach to resilience: OpenIT Servers are normally deployed in a client-specific and optimised deployment format, with High Availability being the default setup for Production servers and sandbox environments. ; ; High Availability resilience at OpenIT server application levels is further enhanced by leverage cloud-partner availability zones for redundancy for Asset protection.
• Outage reporting: An API

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Management interfaces are separate and restricted endpoints, enabled with client certificates.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: OpenID Foundation - Financial-grade API (FAPI) certification

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: OpenIT Servers are normally deployed within client (Bank / Financial Institution) data center / cloud environments, and go through rigorous bank-grade hardening and security audits by independent 3rd party auditors and vulnerability specialists before being cleared for live production usage.
• Information security policies and processes: Our processes are based on BS 7799-3

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We use GitLab for Configuration Management and leverage inbuilt mechanisms to detect and alert on deviations from baseline configurations in production environments to ensure that configuration standards are being applied to all OpenIT production systems, through standardised CI/CD processes.; ; Potential security impacts are assesed and managed through a documented Security Control Lifecycle through which impact from changes are assessed, tiered based on criticality, ownership assigned and scoped.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: For vulnerability management, we use a combination of Kubeaudit, Kube-bench and Kube-hunter to:; - Audit Kubernetes clusters against common security controls.; - Scan Kubernetes clusters and assign risk numbers for workloads based on the KCCSS risk framework for Kubernetes.; - Scan and control network access to sensitive ports, the Kubernetes API, Kubelet and etcd, implementing role-based access control and using transport-level security.; - Scan Kubernetes clusters and pods for additional weaknesses outside the CIS database using active-hunting modes.; Only scanned and secured images are deployed / approved for release.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We use active firewalls to manage network level traffic, clubbed with periodic application audits, Kubernetes monitoring and system logs fed into SIEM.; In addition we isolate and restrict inbound / outbound servics interfaces and continuously assess systems for potential compromises.; Recovery and cleanup tools are also deployed as required.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Yes. Users are able to report incidents to our JIRA based helpdesk, which is clubbed with a documented internal triage process for Incident Management ticket allocation and resolution, with measured and tracked SLA at all stages which roll-up to SLA targets and commitments contractually confirmed to customers.; Automated reminders and escalation alerts are built in to all stages of the triage process.; For organisations on an active management plan, we publish client-wise and common incident reports on a monthly basis which provides details of the number of reported incidents by-service in a given time period.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Equal opportunity:

  Equal opportunity

  OpenIT is an equal opportunities employer. We make genuine efforts to comply with the spirit and letter of the equality laws, and promote a good and harmonious working environment in which employees are treated with dignity and respect. We:; - Promote a diverse and inclusive workplace;; - Help employees manage an excellent work-life balance;; - Have removed the gender pay-gap;; - Actively mentor staff; - Have a zero tolerance policy towards harassment and abuse of any kind.
• Wellbeing:

  Wellbeing

  OpenIT places high priority for workplace wellbeing, as relating to all aspects of our staff's working life, from the quality and safety of the physical environment, to how they feel about their work, their working environment, the climate at work and work organization.

Pricing

• Price: £30,000.00 to £60,000.00 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bianca@openit.io. Tell them what format you need. It will help if you say what assistive technology you use.