BlackDackel GmbH

BlackDackel

BlackDackel is a professional solution for University administrators and academics to capture and manage project budgets and related information, calculate project costs and expected funder contributions, and make all this available to users, management, and funders for collaboration, approval, submission, and analysis in real time.

Features

• Web-based solution for costing and pricing of research projects
• Fully configurable calculation engine
• BPMN 2.0 process engine
• Flexible Reporting
• REST APIs for secure programmatic access to data
• Real-time integration with other corporate systems
• Modern and responsive user interface

Benefits

• Capture and manage project budgets and related information
• Calculate project costs and expected funder contributions
• Model multi-partner, multi-funder bids, delivered across faculties and years
• Increase productivity with automation where possible, full control where needed
• Provide self-service costing and pricing solution to academics
• Benefit from sophisticated workflows for collaboration and approval
• Improve bid quality and compliance with configurable validation rules

£10,000 to £100,000 an instance a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jf@blackdackel.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

128606723035061

Contact

Johannes Ferber
+49 152 52980980
jf@blackdackel.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements: Up-to-date web browser with JavaScript enabled.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The maintenance and support service is carried out on German working days (Monday to Friday) between 9 am and 5 pm CEST. BlackDackel will react to user queries at the latest within one business day.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: Support is comprehensive and included in the yearly subscription price. It is not divided into levels.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: For the implementation project, we use an iterative project methodology divided into sprints with weekly meetings which involves the University continuously over the course of the project and facilitates the early identification of problems and a quick reaction to changes in the requirements. During the implementation, the University has access to a test instance of BlackDackel to perform tests, develop interfaces, and review data. The University also has access to a web-based project management tool for communication, issue tracking, progress monitoring, and management reporting.; ; After an initial two-day kick-off workshop on campus, the implementation process typically covers systems integration, SSO setup, funder migration, costing and pricing setup, workflow configuration, and custom developments (if applicable). Interim testing is part of each sprint as the University reviews each iteration in the test environment. This offers the opportunity to reflect on data and functionality and to provide feedback as the system evolves.; ; Informal training is provided throughout the project, with an optional training workshop held post implementation.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Data extraction is offered for free using the API which provides access to all data in the system. Alternatively, a data extract directly from the database can be provided on a consultancy basis.
• End-of-contract process: At the end of the contract, all users are being logged out from BlackDackel and the system is set to read only mode for an agreed grace period to allow for data extraction. After the data extraction, all data is deleted (less contractual data and other data to be retained as per the applicable legislation).

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: BlackDackel uses a resposive design template to accomodate varying screen resolutions and aspect ratios.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The service interface is a Web-GUI running in a web-browser.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Screen-reader tests and accessibility analysis has been performed and passed.
• API: Yes
• What users can and can't do using the API: BlackDackel's RESTful API provides full read and write access to all data in the system, subject to authentication and authorization.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: BlackDackel provides a great number of customisation and configuration options for the costing and pricing setup, process definitions and forms, corporate design, in-system help texts and localisations, roles and rights setup, and more.

Scaling

• Independence of resources: Customer instance are single-tenanted, i.e. there is no resource sharing between customers. We are using cloud elasticity and auto-scaling to scale resources in reaction to changes in system load.

Analytics

• Service usage metrics: Yes
• Metrics types: BlackDackel provides an optional integration with Google Analytics.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: A number of generic and/or and purpose-specific export methods are available, including BlackDackel's powerful read/write REST API for integrations, direct data base access for integrations and bulk data feeds, the reporting module for the export of projects and budgets, and Excel exports for various content types.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Excel
  • PDF
  • JSON
  • XML
  • SQL
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • JSON
  • SQL
  • Excel

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We guarantee 99.5% availability excluding scheduled maintenance. Our service level agreement includes provisions and service credits if availability drops below 99.5%.
• Approach to resilience: The key to service resilience is a clear distinction between stateless and stateful resources. Stateless resources hold data only in a transitory or temporary manner. Stateful resources hold permanent data and their destruction leads to a loss of data or operational capability. Most of BlackDackel's cloud resources are stateless and self-healing, i.e. will automatically restart and become operational again in the event of detected failures and disruptions. Those include: BlackDackel itself, i.e. the core server component), the reporting engine, the web server, and the authentication service. Stateful resources include the data base and the file storage for which we use dedicated ISO-certified cloud services with specific failover and redundancy arrangements. This includes redundant storage in different locations, daily backups, and additional transaction logging to facilitate a recovery point objective (RPO) of as little as 10 minutes.
• Outage reporting: Services outages are reported by our monitoring solution via email alerts and (optionally, if configured) an integration into the customer's monitoring solution.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: Data access levels are controlled by user privileges. Fine-grained privileges are available to restrict the scope of the access in terms of (i) what data is accessible and (ii) what are the permissible operations performed on that data.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: At BlackDackel, information security management is a combination of security policies, processes, and tools to protect our and our customer’s assets from from accidental or deliberate theft, leakage, integrity compromise, and deletion.; ; Details are available upon request.
• Information security policies and processes: Information security efforts are guided by (i) Confidentiality, (ii) Integrity, (iii) Availability, and (iv) Recoverability. Detailed policies for each security aspect are in place and all employees know their role in the implementation of these. All policies, processes, and tools are reviewed on a regular basis in terms of past performance and future improvement potential.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Configuration Management: all configuration options are managed in a dedicated, hierarchical configuration store which also keeps a history of configuration changes for rollback, debugging, and audit purposes.; ; Change management: each change is subject to human peer review and approval (four-eyes principle) as well as automated testing including granular tests on technical level (unit tests) and human-like click-through tests (end-to-end tests). All acceptance criteria are captured in a “Definition of Done” which represents the documented quality policy for the development process. Changes are then rolled out to test environments for customer review, and, once approved, promoted to the respective production environments.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Potential threats are reported by a number of sources including automated configuration validation against recommended security practises and rules, application monitoring, relevant CVE notifications, and automated penetration tests run on a monthly basis. Reported threats are investigated immediately and if a vulnerability is confirmed, the required remediation measures are taken. We run a continuous delivery pipeline covering both the application (automated tests and build) as well as the infrastructure (automated test and deployment) which reduces patch delivery and deployment times and minimises the impact on availability.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Telemetry and log data is automatically collected from customer instances at all times. Alarms are set up to warn if systems operate outside of normal parameters or if anomalies are detected. Access to real-time log data for ingestion into an institutional log analysis solution can be provided upon request and BlackDackel provides a public health endpoint for integration into an institutional monitoring solution.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents are reported automatically via our monitoring systems or by users through our service desk solution. All issues and incidents are collected and triaged in our issue tracking tool and information is fed back back to the reporter about the status of the issue and the expected resolution time. In case of an incident, a post mortem is provided through the issue tracking tool after resolution, including a written analysis of the extent of the incident, its causes, a timeline of relevant events, and details of the measures taken and lessons learned.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality

  Fighting climate change

  Environmental benefits achieved through delivering the BlackDackel solution are most importantly realised by its new, disruptive computing paradigm: the system is provided through a set of event-driven, light-weight computing resources that provide far greater energy efficiency than the "always-on" legacy solutions it replaces. This amounts to a reduction in carbon emissions compared to a prior baseline which is considerable for systems with thousands of users. Moreover, remaining carbon emissions are partially offset by renewable energy purchases, with the goal of 100% renewable energy by 2025.

  Tackling economic inequality

  Being an enterprise software solution, BlackDackel both depends on and nurtures the ecosystem of suppliers that are part of its contract supply chain. Contract related opportunities often focus on the identification and mitigation of cyber security risks (e.g. third-party penetration testing), as well as project management, two functions that are typically contracted to SMEs, hence adding to the diversity and agility of the supply chain and the sector at large.

Pricing

• Price: £10,000 to £100,000 an instance a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Free trial is available for 30 days upon request with no restrictions.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jf@blackdackel.com. Tell them what format you need. It will help if you say what assistive technology you use.