APaaS Application Packaging Services

Software Asset Management

Our Software and Hardware Asset Management service ensures comprehensive oversight of your IT resources. We track licences, monitor usage, and optimise inventory to minimise costs and enhance security. Gain control over your technology assets with our tailored solutions, reducing risks and maximising efficiency across your organisation.

Features

• Inventory Tracking: Monitor hardware and software assets for accurate management.
• Licence Compliance: Ensure adherence to software licensing agreements.
• Usage Monitoring: Track utilisation patterns for efficient resource allocation.
• Automated Reporting: Generate comprehensive reports for informed decision-making.
• Lifecycle Management: Manage assets from acquisition to disposal.
• Security Monitoring: Identify vulnerabilities and ensure software patching/updating.
• Cost Optimization: Identify cost-saving opportunities and eliminate unnecessary expenditures.
• Centralised Control: Maintain a unified view of all IT assets.
• Asset Segmentation: Categorise assets based on type, location, and ownership.
• Integration Capabilities: Seamlessly integrate with existing IT management systems.

Benefits

• Optimises resource allocation and reduces procurement overhead costs.
• Mitigates legal risks and avoids unnecessary penalties.
• Identifies underutilised assets for cost savings and optimisation.
• Facilitates data-driven insights and compliance audits.
• Extends asset lifespan and minimises maintenance costs.
• Enhances cybersecurity and protects against potential threats.
• Maximises ROI and budget efficiency.
• Streamlines management and simplifies IT governance.
• Facilitates targeted management and resource allocation.
• Enhances workflow efficiency and supports interoperability.

£1.00 to £2.00 a licence a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at admin@apaas.org. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

173420283295693

Contact

APaaS Sales Team
07442010362
admin@apaas.org

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Application and Device Management migration to Microsoft Intune. We handle application discovery, rationalisation, optimisation, packaging and deployment, device configuration and security policies for true end to end lifecycle management. Benefit from enhanced device control, simplified management, and robust security measures tailored to your organization's needs.
• Cloud deployment model:
  • Public cloud
  • Hybrid cloud
• Service constraints: None
• System requirements: No specific requirements

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: 8 hour business day response
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Technical account manager support including usage and familiarisation of software and hardware asset management toolset, standard report generation, advice and guidance
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We provide user documentation and include online user training session as standard. We also offer, as part of the onboarding process, a customised set of hardware and software asset reports for each customer.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: This is not normally a requirement. the license and entitlement information can be extracted as a report or in data format (e.g. .csv), but the asset and inventory information is collected from the customer domain services and assets, then consolidated and reported through our service portal. All the information is provided in real-time, extracting this information would serve no purpose as it will become out of date, with the real time information still residing in the customer estate.
• End-of-contract process: Any non-standard reports or data extraction would be at additional cost. At contract end the customer access to the portal will be revoked and the customer data held within the service will be deleted. The customer will be responsible for uninstalling the software agent (if deployed) from all devices.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Web portal
• Accessibility standards: None or don’t know
• Description of accessibility: The service interface is offered via web browser, users can benefit from all the accessibility features provided by the device OS and browser of choice.
• Accessibility testing: The requirement has not arisen, the portal is used by a small number of people who require access to hardware and software asset detail, as opposed to something all users can access.
• API: Yes
• What users can and can't do using the API: API standards are documented and can be implemented with support from this service
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Our service collects 1,000s of pieces of inventory data from every device and user within the environment. The users of the service will generally be IT professionals in the support, asset and licence management teams. These users can customise the portal views to show and highlight the data which is most important to them individually. They can customise reports, categorise software vendors and titles, group devices and users, import license entitlement and set licence costs for optimisation reporting.

Scaling

• Independence of resources: Solution is fully flexible, built on Azure Cloud with performance monitoring

Analytics

• Service usage metrics: Yes
• Metrics types: All data within the portal view can be provided including usage of the portal as well as the device physical details, last logon, users of the device, installed software, last used, time application in focus, license usage , license position (over/under subscribed) etc.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Sam360

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users do not generally export their data. The service provides for customised reporting which would be available to the teams using the service as a part of their role in device, user, software of license management.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats: PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats: API

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Service Availability 99.9%; Penalties will be defined and agreed during contract negotiations
• Approach to resilience: Service is built in Microsoft Azure with Azure Backup and Disaster Recovery, Azure Auto Scaling and Azure Application Insights.
• Outage reporting: Service outage will be available via API and email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: The level of access for each user of the system is controlled centrally, only validated users can access the service portal. Each authorised user of the system can only access parts of the portal they have been granted permission to see.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We have a number of in-house policies specific to out business to ensure security governance covering Cyber and Information Security, Recruitment and Vetting, Data Protection.
• Information security policies and processes: APaaS has adopted an Information Security Policy that complies with stringent legal requirements and provides the necessary assurance that data held and processed by the APaaS is treated with the highest appropriate standards to keep it safe. ; Ultimate responsibility for information security rests with the Directors of APaaS. They shall be responsible for managing and implementing the policy and related procedures.; Team leaders are responsible for ensuring that their permanent and temporary team members and contractors are aware of:; The information security policies applicable in their work areas; Their individual responsibilities for information security ; How to access advice on information security matters

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our configuration and change management process involves thorough documentation of system configurations and controlled procedures for implementing changes. It includes:; ; Baseline Configuration: Establishing a known and stable configuration state.; Change Control Board (CCB): Reviewing and approving proposed changes.; Version Control: Managing changes with clear versioning and tracking.; Testing and Validation: Verifying changes in a controlled environment.; Documentation: Maintaining detailed records of configurations and changes.; Continuous Improvement: Iteratively refining processes based on feedback and outcomes.; This approach ensures system integrity, minimizes risks, and supports efficient troubleshooting and maintenance.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our vulnerability management process involves systematic identification, assessment, prioritization, mitigation, and monitoring of security vulnerabilities in IT systems.; ; Discovery: Using scanning tools to identify vulnerabilities.; Assessment: Analyzing and prioritizing vulnerabilities based on severity and impact.; Remediation: Implementing patches, updates, or configurations to mitigate vulnerabilities.; Verification: Validating that vulnerabilities have been effectively addressed.; Ongoing Monitoring: Continuously scanning and assessing for new vulnerabilities.; Reporting and Communication: Providing clear reports and updates to stakeholders.; This proactive approach helps protect against potential threats and ensures the security and resilience.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our protective monitoring process involves continuous monitoring of systems and networks to detect and respond to security threats in real-time.; ; Event Collection: Gathering logs and data from systems and devices.; Detection: Analyzing events for signs of unauthorized activity or anomalies.; Alerting: Notifying security teams of potential incidents for immediate investigation.; Incident Response: Rapidly responding to and containing security breaches.; Forensic Analysis: Conducting detailed investigations to understand the scope and impact of incidents.; Continuous Improvement: Iteratively refining monitoring rules and response procedures based on findings.; This proactive approach enhances threat detection and minimizes the impact of security incidents.
• Incident management type: Supplier-defined controls
• Incident management approach: Our incident management process involves a structured approach to quickly identify, respond to, and resolve IT incidents to minimize business impact.; ; Incident Identification: Prompt detection and logging of incidents.; Incident Categorization: Classifying incidents based on impact and urgency.; Initial Response: Immediate triage and assignment to appropriate support teams.; Investigation and Diagnosis: Thorough analysis to determine root cause.; Resolution: Implementing corrective actions to restore normal service.; Closure and Documentation: Formal closure of incidents with detailed records for analysis.; Continuous Improvement: Learning from incidents to enhance preventive measures and response procedures.; This systematic approach ensures efficient incident resolution and continuous service improvement.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality

  Fighting climate change

  By providing Cloud-based IT services we can play a significant role in combating climate change by enabling organizations to adopt more sustainable and environmentally friendly practices:; ; Energy Efficiency: Cloud providers invest heavily in data center efficiency. By consolidating computing resources and optimizing server utilization, cloud services can achieve higher energy efficiency compared to traditional on-premises data centers. This reduces overall energy consumption and carbon emissions associated with IT operations.; Server Virtualization: Cloud platforms utilize server virtualization, allowing multiple virtual machines to run on a single physical server. This consolidation minimizes the number of physical servers needed, reducing hardware requirements and associated energy use.; Dynamic Scaling: Cloud services offer elastic scaling, allowing organizations to dynamically adjust computing resources based on demand. This capability enables efficient resource utilization, avoiding over-provisioning of servers that would otherwise remain idle and consume unnecessary energy.; Remote Work and Collaboration: Cloud-based tools facilitate remote work and collaboration, reducing the need for commuting and business travel. This leads to decreased greenhouse gas emissions from transportation and supports a shift towards sustainable work practices.; Renewable Energy Adoption: Cloud providers commit to using renewable energy to power data centers. They invest in large-scale renewable energy projects such as solar and wind farms to offset their energy consumption. By leveraging cloud services, organizations indirectly contribute to increasing demand for renewable energy sources.; Optimized Resource Utilization: Cloud services enable efficient use of computing resources through automated load balancing, which minimizes idle capacity and energy waste.; In summary, our cloud-based service offers a pathway towards greener and more sustainable practices by optimizing energy efficiency, promoting remote work, supporting renewable energy adoption, and enabling resource-efficient operations.

  Tackling economic inequality

  By providing Cloud-based IT services we can contribute to tackling economic inequality by providing access to scalable and affordable technology solutions, leveling the playing field for individuals across different economic strata:; Remote Work Opportunities: Cloud technologies facilitate remote work and telecommuting, breaking geographical barriers and expanding job opportunities beyond traditional urban centers. This flexibility can benefit individuals in rural or economically disadvantaged areas by providing access to employment opportunities and reducing the necessity for costly commuting.

Pricing

• Price: £1.00 to £2.00 a licence a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We provide a free Proof of Concept enabling an organisation to enrol up to 20 devices for 30 days. We provide remote technical account management support to ensure the customer gets maximum understanding and benefit from the POC

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at admin@apaas.org. Tell them what format you need. It will help if you say what assistive technology you use.