• No results found

Operational Risk Management G-Cloud 7 Service Definition

N/A
N/A
Protected

Academic year: 2021

Share "Operational Risk Management G-Cloud 7 Service Definition"

Copied!
24
0
0

Loading.... (view fulltext now)

Full text

(1)

Operational Risk Management

G-Cloud 7 Service Definition

(2)

Copyright

© Copyright 2015 by 3tc Software Ltd. All rights reserved.

No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system or translated into any language, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual or otherwise, without the express written permission of 3tc Software Ltd. International copyright and treaties protect all 3tc Software Ltd programs.

Any copyright or other intellectual property right of whatever nature which subsists or may subsist in the presentation and/or content of the programs (including without limitation its look, feel, visual or other non-literal elements) remain the property of 3tc Software Ltd or its licensor(s) absolutely. Unauthorised reproduction or distribution of these programs or any part thereof is unlawful and may result in severe civil or criminal penalties.

Disclaimer

3tc Software Ltd makes no representations or warranties with respect to the contents hereof, and specifically disclaims any implied warranties of satisfactory quality or fitness for any particular purpose. Further, 3tc Software Ltd reserves the right to revise this publication and to make changes in the contents hereof without obligation to notify any person of such changes or revisions.

Trademarks

Windows is a registered trademark of Microsoft Corporation.

All product names mentioned in this publication, and not listed above, are acknowledged as the trademarks of the respective manufacturers and producers of such products.

(3)

Document

Change History

Version Date Initials Changes

1.0 02/10/2015 CLW Draft

1.1 06/10/2015 CLW Updated with feedback from reviews

Glossary

Term Definition

AWS Amazon Web Services

CAD Computer Aided Dispatch/Mobilising system/Command and

Control System

DCLG UK Department of Communities and Local Government (UK Government organisation)

OS Ordnance Survey or Operating System (context dependent)

PSMA Public Sector Mapping Agreement

SaaS Software as a Service – cloud based application provision WMTS Web Map Tile Service – a service allowing maps to be provided

(4)

Contents

1. Operational Risk Management Service Definition ... 6

1.1 Overview ... 6

1.2 Features ... 6

Overview ... 6

Operational Risk Auditing (Fire Risk Audit) ... 6

Fire Safety Auditing ... 9

Community Fire Safety ... 9

Job Management ... 9

GIS ... 10

Customisation ... 10

1.3 System Load Capacity and Scalability ... 11

2. Operational Risk Management Service System Design ... 12

2.1 System Architecture ... 12

One Customer One System Architecture ... 12

Pooled Service Architecture ... 12

2.2 FRS Access / Networking ... 13

2.3 Server Organisation ... 14

Application Server ... 14

Database Server ... 14

2.4 Customer Installed Components ... 14

Web Browser... 14

2.5 Security and Resilience ... 14

Web Traffic ... 14

Firewall ... 14

User Authentication ... 15

Network / Internet Security ... 15

Monitoring ... 15

Data Segregation and Data Access... 15

Data Storage ... 15

Asset Protection and Resilience ... 16

(5)

Standalone Instance ... 18 Pooled Instance ... 18 3.2 Optional Services ... 18 3.3 Supplied Documentation ... 18 3.4 Rollout Assumptions ... 18 4. Support ... 20 4.1 Software Releases ... 20 Software Testing ... 20

4.2 Web Browser Compatibility ... 20

4.3 Support SLAs ... 21 Target Responses ... 21 Priority Categories... 21 Definitions ... 21 Scheduled Maintenance ... 22 Unscheduled Maintenance ... 22 Service Availability ... 22 4.4 Resilience ... 22 4.5 Exclusions ... 22 5. Pricing ... 23

5.1 ORM Annual Prices ... 23

5.2 Training Prices ... 23

5.3 Microsoft Licensing ... 23

5.4 Costs for Additional Work ... 23

5.5 OS On-Demand and OS AddressBase Premium ... 24

(6)

1.

Operational Risk Management Service Definition

1.1

Overview

Operational Risk Management allows customers to collect operational risk information (using a PORIS compliant scheme), conduct fire safety audits and provide related job management functions. Operational Risk Management is provided either as a self-hosted system, or as a SaaS cloud hosted system.

1.2

Features

Overview

Operational Risk Management is a web application that enables users to enter and manage information gathered during fire safety audits, fire safety work (such as community engagement) and fire risk audits.

The system manages this data for commercial and residential buildings as well as natural risks, generating output documentation (site specific risk information documents for example) and a re-inspection program based on the premises’ risk. Recorded data can be exported to all mobile terminals across the customer’s service, ensuring crews have access to risk critical data when traveling to and attending incidents.

The main areas that make up the Operational Risk Management system are:

 Operational Risk Auditing – Record operational risk audits of locations

 Fire Safety Auditing - Record fire safety audits of locations

 Community Fire Safety – Record fire risk and safety related engagements with the public

 Job Management – Track tasks through the system with options to delegate to other staff

 Performance Management Reporting – Monitor staff performance

 Mobile device support – Use the system using a compatible browser on any device with internet access

Operational Risk Auditing (Fire Risk Audit)

The system provides a PORIS compatible risk auditing facility suitable for conducting risk assessments with regards to the safety of operational crews. Samples of this can be seen in the screenshots below.

(7)
(8)

The system also provides a visual workflow status display allowing staff to easily assess the status of a particular risk audit as shown below.

Once completed, risk audits can be made available to mobile data terminals for use by operational crews or to other fire services using a built in ‘over the border’ facility designed to encourage the sharing of operational risk information with neighbouring fire and rescue services.

(9)

Fire Safety Auditing

The system provides a Regulatory Reform (Fire Safety) Order 2005 compliant fire safety auditing element allowing customers to keep their key safety and risk assessment tasks in one place, with assessors notified when other audits are required at the location.

Community Fire Safety

The system allows users to record fire prevention activities such as community engagements using a collection of jobs that mirror fire service guidance regarding these activities. The screenshot below illustrates a portion of one of these job sheets.

Job Management

The system is based around jobs that are used to task staff members with a particular item of work. Using the integrated job management facilities, work can be delegated to other staff or teams within the organisation. Shown below is the ‘My Open Jobs’ page that allows a user direct access to the jobs allocated to them.

(10)

GIS

1.2.6.1

Mapping

Integrated Mapping is provided using Ordnance Survey On-Demand Web Map Tile Service (WMTS) or the customer’s own map tile service (Cadcorp GeognoSiS for example).

Supported functionality:

 The user can view and set premise locations on a map (as shown above). This allows panning and zooming of the map.

1.2.6.2

Geo-Coding

Operational Risk Management provides integrated location (gazetteer address lookup) for geo-verification of premise locations. It also allows premises to be tagged with a UPRN (if this is in the source data set).

Geo-verification of premise locations adds value to the system by allowing linking to other corporate information, such as an Incident Recording System and Fire Investigations.

Users can search for premises using building names, company names and addresses (full or partial) and select the premise location from a list of matching or partially matching addresses.

Customisation

The standard service is supplied as is and cannot be customised. If modifications are required, a standalone modified system could be hosted on the AWS platform or the customer may self-host the solution. Please contact 3tc Software for further information.

The work required to setup a customised solution and modify it to your requirements would be provided as an additional service, as described in the pricing schedule.

(11)

1.3

System Load Capacity and Scalability

The system is hosted on the Amazon Web Services (AWS) cloud platform to provide a reliable scalable solution that can grow dynamically during periods of heavy load to ensure all customers are provided with their expected level of service.

(12)

2.

Operational Risk Management Service System Design

Operational Risk Management is a SaaS / Cloud system hosted centrally on a proven platform and accessed by customers via the internet.

It is hosted on AWS and accessed by the customers across the internet. AWS has been proposed by DCLG as meeting security and resilience requirements, and is currently an approved G-Cloud supplier.

Naturally the exact design of the system and the security measures are commercially sensitive information, and disclosure of this could affect the security of the system.

2.1

System Architecture

The application is, as standard, supplied on a one customer one system basis, but may also be supplied as a pooled service available to a group of customers (a regional service for example).

One Customer One System Architecture

This is the standard service offering with each customer system being hosted completely independently on the AWS service. The installation will consist of a web server and a database server that will be used to host a single customer system.

Pooled Service Architecture

(13)

AWS EC2 Instances oooo

FRS A

Web

Clients

FRS B

Web

Clients

AWS Load Balancing

Application Server

Instance

Application Server

Instance

Application

Server

Instance

AWS Virtual Database Server

ORM Core

Database

FRS A

Database

FRS B

Database

AWS Managed Backups

2.2

FRS Access / Networking

The system uses a single top-level domain name (TLD). Each FRS accesses the system using a sub-domain of this. For example, if the TLD is orm.org, a sub-sub-domain for ‘Anyshire FRS’ may be

(14)

The sub-domains are associated with the IP address of an IIS web server specific to each FRS via DNS.

2.3

Server Organisation

Application Server

Operational Risk Management uses a single application instance hosted on the AWS elastic compute cloud (EC2). The number of instances will be dynamically scaled with demand when the system is running as a pooled instance.

The server OS version used is the latest available from the hosting provider at the time of installation.

Database Server

Each instance of the service will use a single database server to host all of the databases required that instance of the service. The database server is kept separate from the Web Server to provide additional security because the data is not stored on an internet facing server. Additionally, the data can be backed up separately reducing backup and restore times.

The SQL Server version used is the latest available from the hosting provider at the time of installation.

2.4

Customer Installed Components

In order to use the system, customers must install some components on their system.

Web Browser

In order to access the system, customers must install a web browser compatible with Operational Risk Management (see the relevant section in this document). The installation and support of this is the responsibility of each customer.

2.5

Security and Resilience

Security of the system is important as it contains potentially sensitive data. The system is secured as described below.

Web Traffic

All web traffic is secured by HTTPS – the system uses a wildcard SSL Certificate for the TLD. The SSL Certificate is provided and managed by a trusted certificate provider.

Firewall

The AWS hosting provides software firewall provision, which we configure to only allow the traffic required to access the Operational Risk Management system and the incoming and outgoing interfaces.

(15)

User Authentication

Users are authenticated using Forms authentication against credentials stored within the system. Passwords have to meet minimum complexity levels. User sessions automatically time out after a system-wide configurable time period.

Network / Internet Security

The system undergoes annual penetration testing, which is performed against the server by a reputable third party. We resolve any issues that are identified that potentially allow sensitive data to be compromised.

The internal network on AWS is a private network, not accessible to the outside world other than via the defined entry points.

It is the customer’s responsibility to ensure that the connections are secured at their end of the connection. For example, by ensuring browsers and operating systems are correctly patched and anti-virus and anti-malware software is used.

Monitoring

Access is monitored using the AWS provided tools and infrastructure.

Additional monitoring and auditing is provided by the application layer logging infrastructure and event logs.

Where appropriate, automated notification of issues is provided to our support team to allow pro-active resolution of security and resilience issues.

Data Segregation and Data Access

All customers use separate databases and are therefore segregated from each other. Customers are not able to access each other’s data via the web application.

Customers are not able to access the databases directly. All data access is via the supplied web applications.

3tc Software is able to access all the FRS’ data for the purposes of delivering and supporting the system only. This is subject to Data Protection and Information Security policies covered under ISO 27001.

Data Storage

2.5.7.1

Data Backup, Disaster Recovery and Resilience

Data is stored within the database server. No sensitive data is stored on the internet facing Web Server.

Data is backed up from the database server regularly using AWS’s automated backup systems. In between backups, transaction logs are recorded. This allows point in time recovery of the system and minimal data loss. Typically AWS point in time restores provide restorations to within five

(16)

Data backups are only maintained for the purposes of recovery, and therefore only kept for a short retention period.

2.5.7.2

Data Extraction / Removal

Should a customer decide to end their usage of the system, or migrate to the self-hosted model, their data will be permanently removed from the system.

Their data is removed as follows:

 Data is removed by permanently erasing the databases from the system.

 Backups of the databases are permanently erased (subject to the short retention period).

 Any user accounts or other access information used by the customer is removed. Note: Once the retention period has passed, there will be no ability to restore the system. Prior to the permanent removal of their system, the customer is given the opportunity to extract their data to enable them to migrate it to their own system. This will be subject to an administration charge at the prevailing contracted day rate.

Note: For customers migrating to the self-hosted Operational Risk Management system, the migration will be included in the migration process and no separate administration charges will apply.

Asset Protection and Resilience

2.5.8.1

Data Centre Protection

Data centre protection is provided by AWS as described in this white paper:

https://d0.awsstatic.com/whitepapers/compliance/AWS_Risk_and_Compliance_Whitepaper.pdf: In particular:

AWS can help relieve customer burden of operating controls by managing those controls associated with the physical infrastructure deployed in the AWS environment that may previously have been managed by the customer.

Controls provide reasonable assurance that physical access to data centers is restricted to authorized personnel and that mechanisms are in place to minimize the effect of a malfunction or physical disaster to data center facilities.

To help customers better understand what controls we have in place and how effectively they are operating, we publish a SOC 1 Type II report with controls defined around EC2, S3 and VPC, as well as detailed physical security and environmental controls. These controls are defined at a high level of specificity that should meet most customer needs. AWS customers that have signed a non-disclosure agreement with AWS may request a copy of the SOC 1 Type II report.

(17)

In particular:

Storage Device Decommissioning

When a storage device has reached the end of its useful life, AWS procedures include a decommissioning process that is designed to prevent customer data from being exposed to unauthorized individuals. AWS uses the techniques detailed in DoD 5220.22-M (“National Industrial Security Program Operating Manual “) or NIST 800-88 (“Guidelines for Media Sanitization”) to destroy data as part of the decommissioning process. All decommissioned magnetic storage devices are degaussed and physically destroyed in accordance with industry-standard practices.

(18)

3.

Customer System Rollout (On-Boarding)

3.1

Delivery

Standalone Instance

When delivered as a standalone service, the basic roll-out process requires the creation of new server instances on the AWS service, along with the creation of administrative and support users (for the main administrative contact and 3tc Software staff respectively). When this has been completed (typically within 1 business day), the customer is free to load their gazetteer data, create the users for their organisation and begin using the system.

Pooled Instance

When delivered as a pooled service, if the customer is being added to an existing pool the setup is merely a case of adding the customer to the existing system. When that is completed (typically within 1 business day), the customer is free to load their gazetteer data, create the users for their organisation and begin using the system.

If a new instance is required, a new standalone instance will be created to host the pool. When this is complete (typically within 1 business day), customers would be added to the pool as described above.

3.2

Optional Services

The following chargeable services are available during the roll-out:-

Training – Training can be provided to cover system administration and use of the system, the later being delivered on a ‘train the trainer’ basis

Data Loading – 3tc Software can assist with the automated loading of users, gazetteer data and the import of data from existing systems (if compatible)

Please contact 3tc Software for further information and to obtain a quote for the services outlined above.

3.3

Supplied Documentation

The following documentation is provided:-

 System administration guide

 System user guide

3.4

Rollout Assumptions

In order to make the provisioning and transitioning as rapid as possible for new customers, 3tc Software has made various assumptions:

(19)

accept any issues raised that pertain to faults in the system or relating to any customisations for a particular customer.

 No data is imported from existing systems (available as a service).

 Each customer system is configured identically.

 Each customer may require configuration of their internal systems (such as networking, firewalls, CAD systems). This is the responsibility (in terms of cost and effort) of the customer.

(20)

4.

Support

We provide technical support between the hours of 0900 and 1700 Monday to Friday. This excludes bank holidays and the days between Christmas and New Year.

Support is via a dedicated telephone number, email and self-help portal. Urgent issues should be raised by telephone. Issues raised by email or by the portal generate an auto-response email acknowledging the issue has been raised and issuing a unique incident number.

Support is primarily provided from our company premises in Leicester.

All support is remote, as there is no facility to physically attend the AWS hosting environment. Support provided to FRSs will also be remote.

4.1

Software Releases

3tc Software typically releases updated versions of the software on a six-monthly basis. The software updates include a roll-up of any new features and bug fixes made during the preceding period. It may be necessary to release software more frequently than the six-monthly schedule. For example should the need arise to address a serious issue, a patch release may be released quickly and directly to the live system.

Software Testing

Software is tested internally prior to release by our internal test resource. This includes a mixture of automated low-level testing (unit testing) and manual user testing against defined test scripts. The test scripts are designed to test the software to prove functionality and to test issues that have been resolved.

Once the release is signed off internally, it is deployed to the customers’ Test systems. It is then available for a period of one month for familiarisation and testing. After this preview period it is installed on the live system. We resolve any serious issues reported during the preview period prior to release, which may cause a delay of the release to the live system should further testing be required.

4.2

Web Browser Compatibility

Operational Risk Management is currently compatible with the following browsers:

 IE 10+

 Chrome

 Firefox

 Opera

 Safari

(21)

4.3

Support SLAs

The period during which the Contractor provides System support shall be office hours only from 0900 to 1700 hours from Monday to Friday excluding Public Holidays and weekdays between Christmas and New Year.

Target Responses

These are our target responses.

Priority Category

Primary Response Initial Analysis Restoration of Service

1 2 hours * 4 hours 8 hours

2 4 hours * 1 day 4 days

3 1 Working day 5 working days 10 working days

4 2 Working days 10 working days 15 working days Notes:

 All time shown in above table are working minutes/hours/days

 Lower priority issues may be released as part of the planned updates instead of patches

Priority Categories

Report Category

Description

1 A Single Fault preventing the use of core features for all users

2 A Single Fault preventing the use of core features for multiple users

3 A Single Fault preventing the use of core features for one user

A Single Fault preventing the use of secondary features for multiple users

4 A Single Fault preventing the use of secondary features for one user A Single Fault of a cosmetic or minor nature affecting any number of users All general enquiries

Definitions

Term Definition Primary

Response

Contact from the Contractor’s Support Division to clarify the problem and discuss potential actions that can be taken immediately

Initial Analysis Contact from the Contractor’s Support Division reporting the results of an initial analysis into the problem, giving details in to the possible causes of the problem and, where possible, proposing a solution for a temporary and/or permanent fix and a timetable for achieving that solution

Restoration of Service

An acceptable temporary work around into the problem that allows the users to operate the system without substantial degradation in performance. A temporary fix will only be applied where suitable. In some instances a temporary fix may not be available.

(22)

Scheduled Maintenance

We perform scheduled maintenance on the system from time to time in order to optimise

performance, resolve issues, update data sets (such as gazetteers) and update system components. We plan these events on a quarterly basis, and FRSs are notified in advance of the date and

estimated duration of the downtime.

Unscheduled Maintenance

We do anticipate that there may be instances where there are unplanned events during which the system is unavailable for periods of time.

In such events we will work to resolve the system issue as quickly as possible. If the downtime looks like it may be protracted, 3tc Software will notify the FRSs’ primary contact and advise them of the status of the incident.

Service Availability

The system availability is 99.9%. This allows for average unplanned down-time as followings: 8.76 hours per year 43.8 minutes per

month

10.1 minutes per week

1.44 minutes per day

Availability is measured on a per customer basis, not across the entire system and does not cover planned down-time for maintenance as defined in 4.3.4 Scheduled Maintenance.

4.4

Resilience

The AWS hosting provides backups of SQL Server as follows:

 Daily instance backups.

 Five minute transaction logs.

This allows point-in time recovery in the event of a database server loss. The loss of a server is anticipated to be extremely low.

4.5

Exclusions

(23)

5.

Pricing

All costs are exclusive of VAT.

The costs provided have assumed a minimum contract length of two years. Extensions would be possible.

For the purposes of costs, we have assumed the AWS hosting will be in the Europe (Ireland) region.

5.1

ORM Annual Prices

ORM

Annual Licence Cost Per FRS £35,635.00

We also provide the service using a pooled application (for a regional consortium for example). See below for pricing:

 1 to 5 customers: £35k per annum, per customer

 6 to 10 customers: £32k per annum, per customer

5.2

Training Prices

Item Per Course

Training, up to a maximum of 6 delegates per course, based on a train the trainer course delivery

(this includes training on all functional modules)

£6,400.00

Each Training course covers the following:

 ORM Administration (1day)

 ORM User training (2 days)

The above syllabus training is provided over a three day session, with the syllabus running back to back.

5.3

Microsoft Licensing

AWS licensing for MS SQL Server and MS Windows is included in the hosting costs.

5.4

Costs for Additional Work

(24)

For larger packages of work it will be more economical for us to provide a quote against a scope of work.

5.5

OS On-Demand and OS AddressBase Premium

It is assumed that end-user organisations are FRSs covered by an OS Public Sector Mapping

Agreement (PSMA) allowing free access to OS On-Demand. This is subject to Ordnance Survey’s Fair Usage Policy. The system will be configured with your unique API key (available from OS), which will provide access to the mapping service under your existing PSMA.

Note: Any usage outside of the Fair Usage policy or exceeding the free entitlement, or outside the PSMA (and any resulting charges from OS), will be the responsibility of each customer.

5.6

General Caveats

All IPR for the software designed and developed by 3tc Software will remain with 3tc Software. This includes the application software, database design, overall solution design and any other IP

pertinent to this solution.

Each Fire & Rescue Service will require a licence, which will cover them for their current geographical area of operation and they will be required to sign an end user licence agreement as detailed in the contract document.

https://d0.awsstatic.com/whitepapers/compliance/AWS_Risk_and_Compliance_Whitepaper.pdf: http://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf:

References

Related documents

Lockhart, W: “Health Care Quality: Development of Benchmarking Indices for Health Regions” National Health Leadership Conference, Canadian College of Health Service Executives,

Any licensee proposing to monitor emissions to atmosphere from a licensed emission point for assessment of compliance with a licence emission limit value must notify the EPA of the

Abstract: The present study assessed whether motor imagery (MI) produces electromyographic activation in specific muscles of the upper limb during a hand grasping and arm-lifting

Average genetic distance (maximum composite likelihood distance of HVR-I haplotypes, see Material and Methods) between pairs of sites in five orangutan populations, for two

*Correspondence: E-mail: virology@oncology.tomsk.ru Abbreviation used: DFS — disease-free survival; HNC — head and neck cancer; HNSCC — head and neck squamous cell carcinoma; HPV

El segundo tipo de instrumento utilizado en la fase 1 de la investigación fue la entrevista. La decisión de utilizar la entrevista responde a la necesidad de profundizar en

18 Modern M/098 Designed by TOMASZ OGRODOWSKI 2014 Direct Print Transfer Print Sensitive Touch. Imprint on the handle

A number of case studies have also documented durable participation declines in the aftermath of past recessions as a result of large inflows into disability, sickness and