BRUHATI SOLUTIONS LTD

Bruhati offering of Ardoq - automated, data-driven SaaS for Enterprise Architecture & transformation

Ardoq, a modern tool for Enterprise Architecture, helping organisations with change management across their projects, strategies, business processes, applications, infrastructure, capabilities.
Ardoq goes beyond traditional EA modelling through its automated, data-driven approach to EA. Impact assessment, managing change, analysing interdependencies, are all easier. The result is quicker, more reliable decision-making.

Features

• A true-SaaS, cloud-hosted, modern, flexible EA tool with quick time-to-value
• A data-driven, interconnected repository of all aspects of your architecture
• Proven use-case solutions defining industry best-practices to drive business outcomes
• Crowd-source data through customisable surveys, automated alerts, and customisable workflows
• Business-friendly UI to enable data exploration via dynamic, automated views
• Compare and analyse transition and future states for change management
• Automatic calculation of attributes like risk, cost, and criticality
• Automatic visualisations that can be shared as business-friendly, explorable presentations
• Out-of-the-box integrations with CMDBs, cloud providers and business process solutions
• Open REST API for building custom integrations

Benefits

• Instant access via browser, with daily updates and minimal downtime
• Automate organisational documentation for business transparency and organisational governance
• Faster change planning, and prioritisation of initiatives underpinning business objectives
• Optimise application portfolio and reduce operational costs through rationalisation
• Better quality, faster decision making via management-friendly insights
• Improve change possibilities and change success by distributing decision-making
• Improve accessibility of architecture and improve efficiency of data collection
• Engage users in change initiatives and enable business agility
• Collect data and update data easily using integrations and crowd-sourcing
• Avoid data duplication and leverage existing data with automated refreshing

£91 to £168 a user

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@bruhati.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

100625648583442

Contact

Manuel Di Toma
07554871926
sales@bruhati.com

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: Ardoq Cloud Service
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: No constraints
• System requirements:
  • Ardoq Software licenses for the selected Modules
  • Ardoq Software licenses for the number of users

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Response times are SLA specific and dependent on overall solution needs.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Ensured the keyboard is accessible and text-to-speech is reader-friendly. We’ve made all the default colour settings WCAG 2.1 AA compliant by default.
• Onsite support: Yes, at extra cost
• Support levels: With standard support offerings, we provide 4 Support levels termed as Critical Priority, High Priority, Medium Priority and Low Priority - all of which have target response times detailed in the SLA. Standard Support comes with the product for a standard fee. For more tailored support, clients can selects a Managed Service option whereby the SLA’s and response times are configured in accordance with their requests. This service can include aspects such as Technical Account Manager, Capacity Management and any other service the client might want to add. The fee for the managed service is determined by the service required.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Standard Training and Full documentation provided - Training and documentation and video's can also be tailored / created to meet specific customer requirements. Train the trainer is also available upon request.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Open standard exporting of Data can be provided at Contract end using tooling capability.
• End-of-contract process: At end of contract - customer typically decide to continue with the service. Alternatively they can choose to export the data to another Service Provider, we can assist with this process.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: All applications have been optimised to work with both Android and iOS; User experience can be designed to ensure that the user interface is optimised to be used on the mobile device.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: The cloud-based service enables instant, intuitive management of IT portfolios. Best practices and end-to-end guidance for collecting, connecting and assessing available data to support IT and business decision-making.; • Application inventory: Manage inventory data using intuitive wizards and workflows. Business, technology, information and functional perspectives, among others, are supported. Monitors and reports ensure inventory completeness and data quality. An import/export framework supports initial load and synchronisation with other sources. ; • Stakeholder support: Web, mobile portals access to information on the application landscape. Application life-cycle reports enable technology owners to align their technology support plans and to understand application road-map impacts. Ad-hoc reporting.; • Portfolio assessments: Analyse the portfolio along multiple dimensions, such as technology health, cost, risk, usage and business fit. A multitude of diagram and report types support making and communicating decisions. Adding new information attributes on the fly supports ad-hoc application assessments. ; • Portfolio governance: Manageable portfolios are created with clear responsibility for capturing information, assessing portfolios and decision-making. Standard business portfolios are supported, e.g., along business capability or organisational responsibility, as well as ad-hoc portfolios. Workflows and monitors for portfolio governance. Support processes, such as approving application usage and processing of change requests, increases accountability and efficiency.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: End user interfaces - look and feel can be completely customised and branded.; Meta Data - can be extensible using out-of-the-box mechanisms, keeping the data integrity.

Scaling

• Independence of resources: Scoping and on-boarding processes defines the optimum specification for the customers requirements in the form of the number of users and the modules selected by the Customer. Based on this, the required amount of computer capacity is assigned to the customer. Ardoq solutions are fully equipped to leverage via AWS scalable hosting.

Analytics

• Service usage metrics: Yes
• Metrics types: Ardoq Cloud Operations provides SLA performance monitoring for AWS cloud resources and the applications executed by customers and publishes our most up-to-the-minute information on service availability on the Service Health Dashboard. AWS Cloudwatch provides monitoring for AWS cloud resources and the applications customers execute on AWS - Refer to aws.amazon.com/cloudwatch for additional details.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Ardoq

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data can be exported using open standards such as CSV and SQL formats
• Data export formats:
  • CSV
  • Other
• Other data export formats: SQL
• Data import formats:
  • CSV
  • Other
• Other data import formats: SQL

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Above 99, assured by contractual commitment of Ardoq.
• Approach to resilience: Ardoq's cloud services provide above 99% infrastructure availability (over AWS) and above 99% availability for the solution itself.
• Outage reporting: Ardoq’s website provides web-based access to ; • Live data on our cloud system availability; • Current and historical information on system performance

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Authentication is required and is implemented access cloud accounts and account activities are logged using AWS Cloud Trail services. In addition, The cloud product permits the configuration of a connection to customer's Single Sign On Services through an Identity Federation Capability via SAML2. In addition, the AWS Identity and Access Management (IAM) service provides identity federation to the AWS Management Console. Multi-factor authentication is an optional feature that a customer can utilize. A certification based authentication is not required.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • Bruhati has IASME Governance
  • Ardoq ISO/IEC 27001:2017
  • Ardoq complies with SOC 2 standards
  • AWS complies with ISO/IEC 27001, ISO/IEC 27017 and ISO/IEC 27018
  • Ardoq has CSA STAR Level 1 certification
  • Bruhati have Cyber Essentials certification

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Ardoq undergoes annual SOC 2 (Type II) audits which are based on AICPA TSC 2017 Trust Services Criteria. Ardoq have STAR Level 1 entry of Cloud Security Alliance for their SaaS service.; CSA Consensus Assessment Initiative Questionnaire (CAIQ) ; Security testing type; Penetration testing ; IT Health Checks ; Risk analysis ; Other

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Components of the service are tracked through the lifetime via standard services which include regular upgrades to latest software versions (following release cycle); seamless patching during maintenance windows to minimize vulnerabilities or bug impact; performance monitoring and service continuity and recovery procedures for high up-time.; ; Changes are assessed for potential security impact through security testing performed after each release or change to the cloud environment. A standard release process is used to manage the changes and track through to completion.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: A formal risk management program is used to identify potential new threats, vulnerabilities or exploitation techniques which could affect the service. These are assessed and corrective action is taken. Depending on severity, Critical patches are assessed and installed within 48 hours, Important patches in the next maintenance release and moderate patches in the next general release.; ; Relevant sources of information relating to threat, vulnerability and exploitation techniques are monitored by the service provider. This includes threat/security awareness systems, vulnerability databases, security bulletins/advisories/RSS feeds.; ; Service provider timescales for implementing mitigation's are understood and are deemed acceptable.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Ardoq auditor’s SOC 2 Type II report certifies the operational effectiveness of the systems that keep your sensitive data secure. This provides a high level of transparency into our controls that mitigate operational and compliance risks. Because it requires an attestation by an independent and objective CPA who bears professional liability for his or her opinion, the SOC 2 is more stringent and credible than other types of reporting on information security controls
• Incident management type: Supplier-defined controls
• Incident management approach: All Cloud Products are covered by Bruhati's & Ardoq's Standard Support Agreement. Bruhati raises support issues through Ardoq's customer service portal, which is available 24x7. Three levels of support are available, with standard support offering 24x7 access to the support portal, 9 to 5 telephone support for standard and critical incidents and 24x7 support service for crisis incidents.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Our service can help organisations deliver social value for fighting climate change, by providing solutions that reduce carbon footprint, optimise energy efficiency, and promote sustainability practices. For example, the service can help design and implement cloud-native applications that leverage serverless computing, microservices, and green data centres, which can lower the environmental impact of IT operations and enable faster and more frequent deployments.

  Covid-19 recovery

  Our service can help organisations deliver social value for Covid-19 recovery, by providing solutions that enable business continuity, resilience, and agility in the face of uncertainty and disruption. For example, the service can help design and implement cloud-based collaboration tools, remote work platforms, and digital services, which can enhance productivity, communication, and customer satisfaction, and support the transition to new ways of working and interacting.

  Tackling economic inequality

  Our service can help organisations deliver social value for tackling economic inequality, by providing solutions that create opportunities for employment, education, and entrepreneurship, and that support the development of skills and capabilities. For example, the service can help design and implement cloud-based learning platforms, online courses, and certification programs, which can increase access to quality education and training, and foster lifelong learning and career development.

  Equal opportunity

  Our service can help organisations deliver social value for equal opportunity, by providing solutions that promote diversity, inclusion, and accessibility, and that prevent or address discrimination and bias. For example, the service can help design and implement cloud-based solutions that use artificial intelligence, natural language processing, and computer vision, which can enhance the accessibility and usability of digital products and services and ensure fairness and accountability in decision making and outcomes.

  Wellbeing

  Our service can help organisations deliver social value for wellbeing, by providing solutions that improve the health and happiness of employees and customers, and that support the balance between work and life. For example, the service can help design and implement cloud-based solutions that use gamification, analytics, and feedback, which can increase engagement, motivation, and satisfaction, and foster a culture of recognition and appreciation.

Pricing

• Price: £91 to £168 a user
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: A free trial offering full functionality for testing is available for a period of 30 days

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@bruhati.com. Tell them what format you need. It will help if you say what assistive technology you use.