StableLogic

Cloud, Technology & Telecom Expense Management

Technology Expense Management (TEM) helps organisations with the operational management of technology services. These services include traditional telecom, mobile, unified communications, contact centre, cloud (SaaS) and network services.

The application audits supplier billing and streamlines service management to improve efficiency and deliver cost savings.

Features

• Auditing of every supplier invoice to ensure contract compliance
• Complete inventory of all services, suppliers, employees, sites and allocations
• Integration with all common HR systems to sync employee data
• Integration with finance systems to automate invoice payment (optional)
• Built in Asset Management solution
• Integration with leading MDM and Device Management services
• Comprehensive reporting tools
• Dashboards and Data Visulation tools to interpret supplier spend
• Built in IT Service Management module to manage MACD requests
• Integration with leading ITSM tools (helpdesk & self serve)

Benefits

• Cost Savings: average year 1 savings in excess of 30%
• Enhanced control and visibility of spend
• Automate routine tasks to free up expensive resources
• Improved security compliance with integration to End Point Management tools
• Hierarchical reporting based on employee profile / level
• Create workflows to provision and decommission services & assets
• Integration with Microsoft Teams platform for end user reporting
• Improved supplier management
• Allows quick comparison of current costs to market rates (optional)
• Fully automated chargebacks to business departments for their usage

£2.50 a device a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@stablelogic.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

143836141539599

Contact

Joel Barnett
020 7365 4777
sales@stablelogic.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements: Access through supported internet browsers on desktop, mobile or tablet

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our service hours are 9:00 - 17:00 Monday - Friday; Within our service hours, our ticket response times are:; Priority 1 - 15 minutes; Priority 2 - 2 hours; Priority 3 - 4 hours; Priority 4 - 5 hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Users can ask general support questions via a web browser. If the question requires additional support or management approval, a ticket will be created to track the correspondence and to provide an audit trail.
• Web chat accessibility testing: We use market leading web chat tools that have been tested to work with all major browsers. These browsers support view controls and audio captioning for assistive technology users.
• Onsite support: Yes, at extra cost
• Support levels: All customers have access to a named account manager at no additional cost. The account manager is responsible for the success of each customer relationship.; ; Supporting the account management team is a support desk that handles day to day requests.; ; Each quarter we conduct a detailed business review to ensure the customer is achieving maximum value from our service. A member of the senior management team attends these sessions to provide strategic insight and recommendations on how to deliver further efficiencies.; ; If a customer requires enhanced access to any of our team, we do offer bespoke support models at an additional cost.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We fully project management implementation of our service. This includes on site support if required and technical assistance for any complex integrations.; ; Once implemented, we conduct training with all end users either face to face or through a series of webinars.; ; Customers also have access to a knowledge base which includes guides and FAQs to self serve and learn about the solution.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: If a customer decides not to renew our agreement, we provide a full extract of all customer data. We typically ask the customer how they would like to recieve this data. Common methods include sFTP or AWS S3 but we are flexible.
• End-of-contract process: All customer data is extracted and shared free of charge. We do not charge any exit fees.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The user has the option to use the mobile app or to access the desktop experience from a browder on a mobile device.; ; The mobile app has limited functionality based on the following use cases:; ; - Ticket management; - Placing support ticket; - High level spend reporting
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: The API allows customers to transact the following data categories:; ; - Ticket data for MACD requests; - Spend data for suppliers managed by our solution; - HR employee sync with common HR systems; - Invoice creation for automated payments
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: Our solution utilises a microservices architecture. This allows us to scale the software application automatically as demand increases. We leverage Amazon Web Services for this functionality.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide usage statistics for ticket requests.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Customer data can be exported from our management portal via a web browser. The data can be exported into different formats dependant on the data type.; ; Data can also be scheduled to be emailed to a user as well as uploaded to a sFTP server.
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats: XLSX

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We guarantee 99.9% uptime availability of our software solution.; We have never had to compensate users for breach of this SLA.
• Approach to resilience: Information available upon request.
• Outage reporting: In the event of an outage, the account management team will recieve an automated SMS and email alert. This would then be communicated with any affected customers.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: Single Sign On (SSO)
• Access restrictions in management interfaces and support channels: Customers have three configuation options for our solution:; ; 1. Standalone Permissions - this is allows customers to configure users and roles within our system. We can support any number of permission levels which can be duplicated and assigned to other users in the system.; ; 2. Azure AD - we can integrate directly with Microsoft AD to pull user names and roles-based permissions.; ; 3. Other SSO - we support other third party SSO solutions and configure the permissions structure on a case by case basis in line with our clients requirements.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We follow the security principles of ISO/IEC 27001 and are currently working towards certification.
• Information security policies and processes: StableLogic clearly recognises that information, systems and networks are valuable and that the management of both client and personal data has important implications for the firm, clients and individuals. Through its security policies, procedures and structures, StableLogic will secure information, both within the organisation and in external communications. StableLogic believes that security is an integral part of the information sharing which is essential to business and the policies outlined below are intended to support information security measures throughout the organisation.; ; Our policy is based on recommendations contained in British Standard 7799 – A Code of Practice for Information Security Management.; ; StableLogic’s policies and processes are fully compliant with the content and principles of the EU Data Protection Directive (95/46/EC).; ; StableLogic maintains compliance, and is audited in accordance with the relevant requirements of each scheme, with the following:; ; a) Cyber Essentials – As defined by the UK Government; b) Baseline Personnel Security Standard (BPSS) – Employee Vetting

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: StableLogic has a documented Change Control Procedure. In the event a client requests a material change to the service or solution, a Change Order must be completed. The Request will be reviewed by the Account Manager and processed within 48 hours.; ; For day to day changes (Service Requests / MACDs), these can be made through the self serve portal and are logged as a ticket including the logged in administrator's name.; ; All Change Requests include a full audit trail. Material changes are assessed by Information Security prior to implementation.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: StableLogic's technology is hosted exclusively in Amazon Web Services (AWS) and is hardened to reduce the risk of potential threats.; ; We use AWS security products to identify any potential threats as well as regular penetration testing to identify any potential weaknesses in solution architecture.; ; In the event of a security threat, we are able to deploy patches in minutes to remediate the issue. To date, we have not been victim to a successful attack.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We use AWS products to identify potential compromises.; ; We can respond to an incident in minutes and if required push a patch to the affected server to remediate the issue.; ; Our security and development team receive alerts via email and SMS in the event of a potential compromise.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our incident management processes are built on ITIL principles and allow customers the ability to log incidents via our application.; ; The customer has a choice pre pre-configured incident forms which automatically trigger pre-determined alarms and alerts.; ; The customer can also log an incident as 'other' and select a Priority (P1 - P4) and StableLogic will respond within the given SLA.; ; StableLogic runs monthly operational reviews which includes a section on incident management. Customers can also access full incident reporting via the web application.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  StableLogic understands the importance of equality and works closely with its clients to identify ways in which we can give back to communities, customer and employees.; ; We offer training for client stakeholders in relation to cyber security and technology adoption. Common stakeholders for this social value include people in the community who may lack technology skills and looking to learn and better / protect themselves.

Pricing

• Price: £2.50 a device a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@stablelogic.com. Tell them what format you need. It will help if you say what assistive technology you use.