DELTATECH G-Cloud SaaS Services

(1)

1.1.1.1.1.1

Service Definition

DELTATECH G-Cloud SaaS Services

SecureOps Service

(2)

DeltaTech SaaS Services

SecureOps

Tactical Operations Management System

Managing secure transfer of data

and images in Tactical Operations

Document version 4.0, Sept 2013

Services delivered by

Delta Technical Consulting Ltd. 4 Wissen Drive

Letchworth Garden City Hertfordshire

SG6 1FN

http://www.deltatechcon.co.uk Tel: +44 (0) 203 289 1670

(3)

CONTENTS

1. Service Description ... 2

1.2 Key Functions ... 2

1.3 Security ... 2

1.4 Management Portal ... 2

1.5 Partnership Working - Interoperability ... 2

1.6 Partnership Working - Balanced Risk Approach ... 2

1.7 Mobile Device Support ... 2

1.8 Implementing the Service ... 2

1.9 Features and Benefits ... 3

1.10 Service Roadmap ... 4

2. Service Management & Support ... 5

1.11 Terms of Reference ... 5

1.12 Confidentiality of Customer Site Data ... 5

1.13 Server Farm Disaster Recovery Strategy ... 5

1.14 Scheduled Maintenance... 5

1.15 The DELTATECH Help Desk ... 5

1.16 Service Levels ... 6

1.17 Service Credits ... 6

1.18 Data Removal & Migration... 7

1.19 Training ... 7

3. Procurement & Billing ... 8

1.20 Service Ordering ... 8

1.21 Payment Options ... 8

1.22 The Self Service Provisioning Process ... 8

1.23 Invoicing ... 8

1.24 Billing and Real Time Management ... 8

4. Service Technical Specifications ... 9

1.25 Network Connectivity ... 9

1.26 Data Centre(s) and Data Storage ... 9

1.27 Security Accreditation ... 9

1.28 Anti-Malware ... 9

1.29 Web Browser Support ... 10

1.30 Attachments and File types ... 10

(4)

The DELTATECH SecureOps service is aimed at UK Police and government law enforcements bodies to help them manage their tactical operational deployments.

SecureOps offers two key facilities for managing a tactical operation:

(a) A secure way for a tactical operation to exchange sensitive information between the central operational control and teams of mobile operatives operating off-site under insecure conditions.

(b) A secure way of tracking mobile operatives when they are actively employed on their operations.

In transferring data to and from the field operative SecureOps assumes they will be using commercial-grade, off-the-shelf mobile handsets which are intrinsically insecure. It therefore applies strict security policies to mitigate the threats inherent when operating under those conditions, and in this way, delivers a system capable of being security accredited to IL3 RESTRICTED level.

In tracking operatives SecureOps has mechanisms for including partner location information in the information displayed. It also has interfaces that allow the system to be connected to an agency’s corporate GIS display system, so that this data can be viewed as a graphical ‘overlay’ informing a bigger picture of the operation.

Security has been integral to the design of SecureOps from the outset and governs all aspects of its operation. Architecturally, the system is designed around a ‘defines-in-depth’ security model where there are a series of different security ‘wrappers’ to lessen the risk of possible security breaches.

Data transfers between the system and the mobile devices are done through multiple layers of security encryption whilst data stored on the devices is always held in virtualised and encrypted ‘sandboxes’, capable of being completely wiped when not required. The mobile device’s capabilities for app download and general function usage is restricted by a set of centrally managed security policies. The risk of a breach when devices are lost or stolen is lessened with the capability of remote ‘stun’ and limited ‘keep-alive’ timers on the device. The system as a whole has extensive audit capabilities that ensure all operation activity is tracked and monitored in accordance with CESG GPG13 Guidelines for Protective Monitoring.

The SecureOps operations management portal, through which all central management tasks are undertaken, allows operations controllers to define their operations and set various security parameters governing the security policies, and then allocate various operational resources to it (teams, field operatives and comms channels, etc. The portal manages all exchanges of operational data between the operation and the mobile field operatives; with the system itself assessing the risk of transferring data with different protective markings to operatives will varying levels of security assurance.

A key feature of SecureOps is its multi-agency support. Partner agencies can efficiency share the system on their own tenancy and work collaboratively as and when required. SecureOps provides accredited confidentiality across tenancy boundaries but retains the ability for partners to collaborate by sharing the control of joint team assets.

Balancing the risk in partnership-working has been built into SecureOps and the system incorporates a ‘risk evaluation engine’ that can assess the risk of transferring sensitive assets across different trust boundaries and notify the operator accordingly. The SecureOps system can exchange information with similar tactical operations management systems that can exchange messages via SMTP or a Web Services ‘store-and-forward’ interface.

The current release of SecureOps system supports Android and (legacy) BlackBerry OS7 mobile handsets. The service roadmap recognises the need to be device agnostic and aims to have generic support for BlackBerry OS10, Android, Apple and Microsoft handsets available as comparable communication channels. This will leave the customer free to deploy such devices as preferred.

DELTATECH is offering the service to UK government law enforcement bodies either as an IL3 accredited SaaS service through the G-Cloud G4 Framework with access through the GSi/CJX (and when available, the PSN). The G-Cloud

(5)

service is provided through a server farm hosted from an IL3 accredited Tier 2 data centres, supported by suitably SC cleared DELTATECH staff. The SaaS solution will have been previously accredited and has been submitted for PGA accreditation.

Alternatively the customer can lease the system as a pre-installed ‘appliance’ for easy implementation in their own environments, in which case the system would be supported by the customer’s own infrastructure teams with DELTATECH as 2nd_{line support. Accreditation under such circumstances will ultimately be the responsibility of the} customer, but the application will be pre-assured (i.e.: have a full RMADS and have full pen test documentation); this should enable some degree of fast tracking of the process.

The customer can ‘enrol’ their own mobile devices to the SecureOps service or they can procure mobile devices through DELTATECH as an option.

 Allows a simple and rapid sharing of files with special security settings to maximise confidentiality

 Provides configurable security settings regarding the lifetime of contents of the SecureOps

 Accessible from any GSi connected workstation, or from the Internet via IL2 site

 No Crown CapEx investment required

 Impressive service wrap with service credits

 Self-service management portal through which users can order, provision and manage their SecureOps, usage and billing

 Accredited to manage up to and including Business Impact Level 3 (IL3)

 Offered to the government as a Private G-Cloud service

(6)

The roadmap for the current service includes a number of planned enhancements as follows:

Timeframe * Service Area Enhancement

6 months

IL2/IL3 SecureOps

Service

Addition of Web Service Object Encryption Service – to enable any file or folder within a SecureOps to be encrypted to CESG standards Addition of an accredited IL2 / IL3 version of the service users to communicate high volume IL3 rated content across the IL2/3 barrier, supplementing the current CJSM Secure Email service

Mobile devices Support for Apple iOS7 and MS Windows 8 mobile devices

(7)

SecureOps Tac tical Opérationnel Management Service

Every site deployed will need to identify one or more Site Administrators who will be responsible for the site and managing their users’ subscriptions to the site. The responsibilities of the Site Administrator and the service suppliers (DELTATECH and their hosting supplier Savvis) are shown below in figure 4.1

Figure 4.1 – Service support responsibilities

Security stipulations for IL3 accreditation for the Collaboration Service’ sites means that DELTATECH support staff will not generally have access to a Customer’s site content.

This is a part of the multi-tenancy SecureOps operating model; meaning that SecureOps Site Administrators can be confident that they have full control over their site and would have to assign specific rights to the DELTATECH support staff team to that site if they wanted their help with that site’s content.

The database servers and underlying storage on which the service server farm is operated is backed up daily to prevent the loss of service data and allow system recovery in the event of a major system failure.

Note that this process does not facilitate the recovery of data in the event of the customer mistakenly deleting content - data recovery is the responsibility of the Site Administrator, either using recovery tools provided within SecureOps or the administrator can contact DELTATECH to discuss a backup and recovery optional service

Scheduled maintenance will be carried out between 1am and 5am everyday. There may also be planned downtime to facilitate preventative maintenance. All planned downtime shall be agreed with customers in advance. DELTATECH will use all reasonable endeavours to ensure that all planned downtime is kept to a minimum.

Communication with the DELTATECH help desk will be from either the customer’s site administrators, departmental help desks or local desktop support help desk. The DELTATECH standard service does not provide user support, though if desired please discuss with DELTATECH accordingly.

The DELTATECH Collaboration Service Help Desk is available from 8am to 6pm Monday to Friday, normal working days, with support hours and SLA targets identified in Section 7 below.

Tel No: 0203 289 1670, email[email protected] Manager: Jenny Pickett, [email protected]

Customer site administrator

Customer Responsibility Supplier Responsibility

User access to site Site document IA & recovery

DDS responsibility

Server farm management, inc DR 2nd_{level support helpdesk}

Automated password changes/resets 1st_{level user site support}

Hosting supplier responsibility

3nd_{level infrastruture support}

hosting & infrastructure & accreditation

Server farm accreditation

Site configuration options _{Customer local network supplier} 1st_{level corporate help desk}

(8)

The DELTATECH Help Desk registers all reported Incidents, Service Requests, Complaints, Queries, and Escalations in its help desk recording system in accordance with ITIL 3 recommended best practice. An appropriate Priority Code will be assigned by the DELTATECH Help Desk.

The customer agency that raises the call will receive regular updates on incidents to inform on progress.

DELTATECH will undertake proactive Escalation of Incidents likely to exceed the Service Levels in accordance with this process.

Occasionally a situation arises whereby a Call is not handled as effectively as expected and DELTATECH has recognised that an Escalation procedure is a necessary requirement to assist in avoiding the exceeding of Service Levels. A Customer may at any time initiate an Escalation in respect of any Incident, Problem or Complaint.

A customer may raise a Complaint at any time, Service Complaints are to be logged with the DELTATECH Help Desk so that they can be accurately logged and progressed in the most effective manner Complaints regarding individuals are to be logged directly with the DELTATECH Service Director Sam Huggill [email protected]

The DELTATECH help desk is available 8-6 Monday to Friday. Service Levels for the DELTATECH help desk in respect of Calls are as follows:

Priority Code Initial Response Time _TimeResolution Plan _TimeService Restoration _IntervalsCommunication Update

1 15 minutes 2 hours 1 day 2 hours

2 30 minutes 4 hours 2 days 4 hours

3 45 minutes 1 day 3 days Daily

4 60 minutes 4 days 4 days Daily

The availability of the service is 99.5%. The maximum unplanned service downtime shall be 3.6 hours per calendar month.

Availability of the service is measured by the ability to deliver a SecureOps service to the GSi, not end user accessibility, nor individual site access availability which may be affected by an agency’s local network supplier. Periods of scheduled maintenance are excluded from the calculation of Availability.

The DELTATECH Help Desk shall be used as the source of information for calculating Availability. The Availability of the DELTATECH Service shall be measured as a percentage of the total actual available time against total planned available time incurred during a Payment Period.

DELTATECH will provide reports to support effective service management.

Incident Management will be measured via the number of service affecting Incidents raised with the DELTATECH Help Desk. This will include:

 Total numbers of Incidents per month

 Breakdown of incidents at each stage (e.g. logged, work in progress, closed etc.)

 Size of current incident backlog broken down by priority code

 Mean elapsed time to achieve incident resolution or circumvention, broken down by priority code

DELTATECH will perform annual customer satisfaction surveys and will conduct sample assessments of Incident Resolution.

Service credits are considered a last resort to a service issue, the intent of the DELTATECH service is to provide an excellent service. DELTATECH will be striving for excellence through its service delivery however in the event of unscheduled outages service credits will be applied.

(9)

The DELTATECH SecureOps service supports a set of user level function for data transfer and migration as follows:

 A Site Administrator can, upon the termination of their site, migrate the SecureOps site content away from the DELTATECH Service as a backup file to be imported into another SecureOps site. This can be addressed either by downloading the site content directly using the inbuilt SecureOps site download functions or by making a request to the DELTATECH Help Desk to export the data on their behalf.

 DELTATECH can provide all site content, in a standard Windows format which can then be imported into a standard Windows file store.

 If the extract is required on termination of the site, it is to be requested via the DELTATECH Help Desk within 5 working days of the service termination. Sites where extraction has not been requested within this period will have their data erased.

 The requested data will be made available by the DELTATECH Help Desk to the Site Administrator via a secure download web site on the DELTATECH Service, for data download using a compatible browser over the GSi. The data will be automatically removed after it has been downloaded, or after a fixed period of 24 hours. The download site address will be identified to the Site Administrator via an email but the password will require contact with the DELTATECH Help Desk.

Downloading large volumes of data across a customer’s GSi link may be an issue and is only recommended for small sites (i.e.: <4GB). No guarantee of the data integrity or duration of transfer is available; and the Site Administrator may be required to transfer the data outside of the business hours 8am-6pm, to minimise impact on the service. The site administrator is required to notify the DELTATECH Help Desk prior to any site administrator data downloads. If the extract is done over the GSi, there is no charge for the DELTATECH component of the data extract, though local networks charges may apply.

Download of larger sites ( >5GB) using this approach requires specific approval of the DELTATECH Help Desk and they may recommend an alternative approach which requires an export to removal media and delivery via a secure courier in accordance with HMG data security standards with guidance from the site administrator’s DSU.

The charges for data removal and migration are as follows:

Data Extraction and Delivery charges Extraction _Charge Delivery _{Charge *}

Up to 5 GB Site, extracted to download site on GSi, CJX or

PSN for customer to download Free Free

From 5 GB to 10GB Site, delivered via secure courier £50 £300 From 10 GB to 100GB Site, delivered via secure courier £150 £300 Greater than 100 GB Site, delivered via secure courier POA

 Delivery charge based on delivery to customer sites within central London, other addresses in the UK may require an additional charge

It is assumed that users will be sufficiently familiar with the Windows desktop and Microsoft Office products to be able to use SecureOps and so no specific user training is included with the standard Service.

However DELTATECH can arrange competitively priced training courses for groups of users on the organisation’s own premises and can also offer training courses for SecureOps Administrators.

DELTATECH maintains an eLearning development team that are actively involved in producing short CBT training videos on existing DELTATECH products. This team will be adding CBT video’s covering general usage of standard SecureOps facilities and if Site Administrators require, can produce short site-specific videos to order. Producing CBT Training materials to order is chargeable; interested parties should contact DELTATECH for further information.

(10)

This DELTATECH Service utilises the DELTATECH Cloud User Portal service (called the “CUP”) for delivering procurement and billing capabilities.

The CUP service enables public sector procurement teams to order Cloud based services using standard procurement review and approval processes, view online invoices for each service, review spend data based on service and even facilitates electronic payment of suppliers utilising existing back office processes such as GeM.

The CUP can raise monthly invoice for each of the SaaS services, and include on the invoice critical items such as identifying supplier, service, budget holder, service value etc. The monthly bills or invoices can be electronically sent to public sector organisations for approval and electronic payment.

To Order this service, please access the CUP and select the service from the available applications and follow the online ordering process.

Payment can be made and accepted through a standard Purchase order. The CUP however provides management information on usage that be used to define the monthly invoices.

The Self-serve capability of this service is through the CUP; it provides an online self-serve portal for users to request approval to purchase a service or can be used by budget holders and procurement professionals to directly procure the service.

Invoicing of this service is addressed through the CUP. The CUP raises monthly invoices in arrears on each service per purchasing entity; the CUP can also raise invoices for each service based on the number of subscribers to the service for that month. This enables public sector to grow and shrink usage based on actual business demand and provides a method for suppliers to create and offer services based on individual users.

This service uses the CUP for delivery of billing and real time management information, as it provides spend data information to public sector and usage figures to suppliers alike.

The CUP is available for all suppliers to subscribe to for their own SaaS services, for additional details of the CUP service please refer to DELTATECH CUP service description.

The DELTATECH Cloud User Portal tracks usage of all services it manages. This supports an automated billing process that can either bill a customer on behalf of the supplier, or supply a billing schedule for the supplier for them to bill the customer directly.

(11)

The service is currently delivered over the GSi. In order to access the service the user will need to be able to securely access the GSi using an appropriate web browser from their GSi network attached agency workstations and use standard HTTP and HTTPS (TCP/UDP ports 80 and 443).

The service utilises the GSi network for delivery to users on their agency local networks. The service delivery can only guarantee performance of the service to the customer’s GSi interface, performance across the GSi and across local networks to local end user’s desktop is out of scope for the DELTATECH collaboration service. Local issues of gaining access to the service are the responsibility of the agency to address with their local desktop & network providers.

All user data stored in the Service will be stored on SAN data storage facilities held our hosting partner’s Tier 2 Data Centres in the UK.

Data storage meets the necessary standards to comply with Safe Harbour requirements established under EU Directive 95/46/EC EU Safe Harbour definition.

The DELTATECH Collaboration Service has been designed to operate in a secure environment and has been security accredited to IL3 (RESTRICTED) level to be accessible via the government GSi network. As a part of that accreditation the service (and supporting services) have RMADS in place and have been penetration tested by authorised IT HEALTH CHECK specialists.

The DELTATECH Collaboration Service is currently available via the GSi at IL3, future enhancements to the service will offer a joint IL3/IL2 service that operates with IL2 connectivity over the Internet – see the Service Roadmap for details.

User On-Boarding – ‘Recipients’ are added to a DELTATECH SecureOps by the designated SecureOps Owner (Site Administrator) and granted specific permissions over that site. This operation is carried out in the DELTATECH Cloud User Portal

User Off-Boarding - Users are automatically ‘retired’ from the DELTATECH SecureOps facility when it is closed.

Anti-malware is provided by the hosting provider Savvis as a part of the server managed service and is in use on all servers in the DELTATECH Collaboration Service server farm.

The Anti-malware includes Managed Firewall Services, Intrusion Detection Services and Web Protection functions which together provide comprehensive protection for SecureOps document libraries using multiple scan engines and content controls to help eliminate documents that contain malicious code.

(12)

To ensure the best possible experience across multiple browsers the DELTATECH SecureOps service operates on the following browsers:

 Microsoft Internet Explorer 7 (and later)

 Firefox 3 and later and Safari 3.1.2 (with Macintosh OS X 10.5) – with some limitations

NB, Internet Explorer 6 is still commonly used on some government desktops but does not support all of the features necessary for correctly rendering SecureOps screens.

The DELTATECH SecureOps allows for all standard file types to be uploaded and retrieved. All MS Office file types are included, together with common multi-media and downloadable objects found on the Internet.

To protect users’ computers from potentially harmful code, the DELTATECH implementation of SecureOps blocked certain file types from being uploaded to or retrieved from the SecureOps environment (e.g.: .exe, .aspx, etc.). Files are blocked on the basis of the file name extension - a list of file name extensions that are blocked can be provided if required, but customers should note that this list is defined in the service’s security accreditation and is therefore not negotiable.

A full list of allowed and disallowed types can be provided on request. Customers requiring to work with attachments not noted on either list can request for these to be added by contacting the DELTATECH Help Desk.