Information Services Group (Europe) Ltd.

ISG GovernX®

ISG GovernX® is a digital supplier and contract management platform. It automates the entire end-to-end contract lifecycle enabling strategic third-party supplier relationships by providing a complete, customised view of users’ contract and supplier ecosystem.
ISG GovernX® improves supplier performance and collaboration, decreases spend, ensures regulatory compliance and mitigates third-party risk

Features

• GovernX® is a platform to manage third-party service providers
• Track deliverables and obligations on both sides (Client and Provider)
• Monitor spend, verify invoice accuracy, and automatically calculate service credits
• Administer contract change and maintain document and clause library
• Assess/address service performance via workflows and tactical automation
• Operate governance meetings and keep minutes, actions and artefacts centrally
• Dashboards deliver all relevant information in one accessible place
• Perform analysis on real-time governance data through interactive dashboards
• Interactive dashboards drill directly down into transactional data
• Monitor financial viability, delivery capability, regulatory compliance, partner ecosystem changes

Benefits

• Embedded workflows ensure compliance with supplier management best practices
• Maintain value from relationships through contract compliance and financial controls
• Automation, artificial intelligence and workflow reduce workload for team
• Cognitive extract of meta-data from contracts is quick and simple
• Administer contract build, change, renewal, termination workflows to enforce standards
• A rapid way to implement a third-party risk management framework
• Easy access via web-based interface for alerts, workflows, intelligent dashboards
• Identify and manage risks from selection to exit, reducing risk
• Track deliverables and obligations on both sides, ensuring contract compliance
• A central tool eliminates need for spreadsheets, trackers and email

£200 to £52,000 a licence a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at anthony.drake@isg-one.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

192230610690391

Contact

Ant Drake
07827950275
anthony.drake@isg-one.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Licence pool assigned should have named users for access i.e. same licenses cannot be multiple individuals at the same time; ; Maximum storage on the dedicated instance is 4 TB for the base price and any incremental storage is available on request (quote to be shared basis the requirement); ; The technology pool hours assigned as a part of base subscription needs to be consumed within the month and no roll over is applicable; ; Helpdesk is virtual and email only
• System requirements:
  • No specific anti virus or software licenses are recommended
  • Browser-based access - most common browsers can be used

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times are 60 minutes and Resolution time is 16 hours (business hours)
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: 24x5 helpdesk support (email support) is available as a part of base subscription.; ; Common support for the base subscription.; ; Account Manager is assigned for escalations , while requests & tickets are managed via helpdesk.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: User documentation and onsite training is provided for the different user groups, This is recorded for future training / audit needs.; We can create a bespoke training schedule to suit client needs.
• Service documentation: No
• End-of-contract data extraction: System data can be provided as a flat file if required.; Following the end of the contract, all relevant data will be deleted in accordance with contractual client terms (GDPR)
• End-of-contract process: The client instance is decommissioned, and data is returned in machine readable formats (.xls) along with copies of documents and all data purged

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: ISG GovernX® platform is built on Service Now Run time platform and leverages Service Now API Bus for integrations. Users can set up services via API through a request to helpdesk for configuration and appropriate services will be enabled. APIs can be leveraged to ingest data from source , push data to target systems, implement workflows as a part of client ecosystem. Any new APIs that require to be developed & is not available as a part of Service Now API bus will be a dedicated build and needs to go through design workshops
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: ISG GovernX® is built on ISG best practice from sourcing deals that are in excess of $450 bn and 30 years of on ground Practitioner experience. ISG GovernX® is recommended to be used with configuration changes like changes to dashboards, picklists, field labels, etc. for continuous upgrades. Customisation like new report/ dashboard design, changes to workflows, business rules (automation), etc. can be made via helpdesk. Any customisation that can be accommodated within the support hours will be deployed free of cost and any major enhancements will be reviewed and jointly agreed for deployment at a cost.

Scaling

• Independence of resources: Every client gets a dedicated instance with 24x5 Helpdesk support (email) and dedicated support hours as a part of subscription that is for their consumption. Any customisation / configuration changes within the same is dedicated to the client and not subject external demands. Account Manager is assigned for escalation and relationship management. He/ she will co-ordinate with the client and ensure continued services and improvements

Analytics

• Service usage metrics: Yes
• Metrics types: Helpdesk will provide metrics on; • Usage of licenses; • User login report; • Helpdesk SLA
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Export to csv, xls and pdf is available as a part of the platform and users have access for download basis access control profiles
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XLS
  • PDF
• Data import formats:
  • CSV
  • Other

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 95%; Refunds will be determined on a case by case merit
• Approach to resilience: ServiceNow is a platform that ISG GovernX® is hosted on; ServiceNow is divided into two distinct environments for the purposes of business continuity (BC) and disaster recovery (DR). ServiceNow’s corporate IT environment and its cloud data centers are physically and logically isolated from each other. A disaster in ServiceNow’s corporate environment could occur with little or no impact on the ability for the data centers within the private cloud to continue to operate.; In both cases, the BC and the DR are supported by a series of tested processes, automations, and supporting documentation, allowing ServiceNow to quickly and effectively take action when availability of its cloud or critical supporting services are affected.; ServiceNow formally tests its recovery processes on an annual basis and can produce reports relating to this for client review. ServiceNow also uses the process of transferring instances for maintenance purposes on a daily basis. As a result, ServiceNow is very well practiced at the process of “failing over” or transferring client instances.
• Outage reporting: ServiceNow operate a public dashboard on service availability

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: System access to restricted by role based access (RBAC) and the users are authorised by client contact only. The Helpdesk would manage user access, deactivation and changes basis pre approved client requests and reports of same will be available
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI Assurance U.K. Limited
• ISO/IEC 27001 accreditation date: 23/10/2023
• What the ISO/IEC 27001 doesn’t cover: There are no exclusions from our statement of applicability
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ServiceNow are responsible for the core platform - they are ISO 27001 certified; ISG is responsible for the GovernX configuration and administration and support of the application- we operate an ISMS which conforms to ISO 27001 standards.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: As part of our ISMS we operate a secure development process ISGs development team and Project Managers ensure adequate security measures have been considered for all phases of the system life-cycle. All development follows best practice guidance following The Open Web Application Security Project (OWASP) standard
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: ISG contracts with a security provider to perform monthly vulnerability scanning to identify any potential threats. We deploy patches on a monthly basis (or sooner for critical patches) We do not solely rely on information about potential threats - we perform our vulnerability scanning which identifies any potential threats.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: ISG utilises an intrusion detection system to monitor the application in real time. Any events are investigated by a third party security operations centre who will respond and remediate as necessary, normally within 4-6 hours If there is an identified breach, the client is notified within 48 hours (maximum time)
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: As part of our ISMS we operate an incident management policy.; ; In the event of any potential breach of client data, ISG will notify the affected party/s will be notified (clients, partners, employees, vendors, other stakeholders) in 48 hours. Also, potential GDPR compromise should also be checked during the investigation.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Fighting climate change; ISG's sustainability pillars are reducing carbon emissions, pivoting to green energy and reducing waste. ISG is not a producer or manufacturer of material goods. Due to the nature of our advisory business, we do not operate according to official environment compliancy regulations or standards. Nonetheless, we are committed to playing an active part in protecting the environment by integrating sustainability into our core business functions. We acknowledge environmental management to be among our highest corporate priorities. As an imperative of sustainable business, we recognize the importance of establishing policies, programs and practices for conducting operations in an environmentally respectful manner. It is our policy to ensure our processes always meet environmental standards.; We will do this by following the principles of compliance, prevention and improvement.; • Compliance: We will adhere to all relevant laws and regulations and will proactively implement plans and procedures to ensure consistent compliance. Strict understanding and observance of our environmental initiatives will be ingrained in all ISG employees and contractors.; • Prevention: Our global priorities will be to minimise, as much as is practical, the amount of waste ISG generates, ensure responsible methods of disposal, and reduce our carbon effects on the environment. We will use systems and procedures designed to prevent or reduce activities or conditions that pose a threat to the environment. ISG will make every effort to seek environmentally friendly alternatives when making business decisions.; • Continuous Improvement: In an effort to encourage environmental stewardship, we will actively promote and communicate our commitments to all employees, contractors, vendors and clients. We recycle office waste, unused office equipment, we operate a cycle-to-work scheme and we also support local charities by donating unwanted personal items.

  Covid-19 recovery

  Covid-19 recovery; ; ISG conducted extensive research and produced findings and points of view into the ‘Future of Work’ following the Covid-19 Pandemic. ISG has offered extensive support to clients in this area of change and transition. We are also engaged with other governmental agencies (principally HMRC) around recovery and building back.; Our Research has provided extensive understanding of the key issues that remain or have been created from Covid-19, such as;; -How and the way we work - Many workforces remain working remotely.; -Security – Every home office now represents a corporate vulnerability.; -Employee Connectedness – the novelty of working from home has worn off as reality and issues become clear. New people issues have been created which need to be resolved.; -Customer consumption – customers are consuming services in new highly digital ways.; -Delivery and supply chain – pre pandemic business models and supply chains struggle to cope.; -Limited resources - revenues challenges remain along with cost pressures.; -Regulation and Constraints – Governments are dictating how the flow of people and business can happen. Organisations need to deliver in strict operating environments increasing costs.; ISG has identified the key things every organisation needs to do;; -Physical Workplace – provide safe and secure workplaces which are connected to remote employees. Create digital collaboration spaces for employee and customer to seamlessly connect.; -Digital Workplace – provide location agnostic technology, connected to all that need it and has automation embedded to remove waste and enhance the human workplace.; -Human Workplace – understand how employees want to work and undertake measures to boost productivity whilst removing new collaboration and connectedness issues.; Our research allows us to provide support to client organisations and businesses to manage and recover from the impacts of COVID-19, including where new ways of working are needed to deliver services.

  Tackling economic inequality

  Tackling economic inequality; We always endeavour to operate our business in a responsible and ethical manner; recruit and retain superior talent; support diversity among and provide career opportunities to our people; strive to be excellent corporate citizens and contribute to the communities in which we do business; and do all we can to protect the environment, both directly in our own operations and by helping our clients and their suppliers become better environmental stewards.; In advising both buyers and sellers of IT and business process services, we consider the social and environmental impacts of those services on business operations and include those factors in our recommendations.; ISG is committed to improving the communities where we do business in a variety of ways. Underpinning our efforts are our cultural focus areas:; 1. Vision: We focus on our performance in innovative ways. Innovation and making progress on ESG issues for both public and private sector, working together towards common goals;; 2. Empathy: We seek to understand the needs of our stakeholders and find the right solutions for their particular circumstances. As a global organisation, we understand that our business can and should be engaged in activities that also promote positive outcomes locally.; 3. Sustainability: We seek to provide solutions that can pass the test of time. By embedding sustainability issues into our business activities whilst aiming to create long term value for stakeholders, we will be in a position to positively affect the lives of current and future generations; 4. Environmental Responsibility: ISG has served both local and international communities by conducting disparate programs, including environmental, human rights, labour, fair operating, diversity, inclusion, disaster recovery, volunteer, and other programs and policies. The outcomes have been profound, and we are redoubling our efforts to do more.

  Equal opportunity

  Equal opportunity; ISG maintains policies against discrimination and harassment. We have fully committed, in compliance with applicable federal, state and local laws and ISG policies, to providing equal opportunity without regard to race, colour, religion, gender, sexual orientation, marital status, age, national origin, disability, veteran status or any other status protected by applicable law, rule or regulation.; ISG expressly prohibits any form of unlawful discrimination in the terms and conditions of employment based on an individual’s protected status, including without limitation recruiting, hiring, training, promotion, transfer, compensation, discipline, termination, benefits, and other terms, conditions and privileges of employment. All employment-related decisions will be consistent with the principles of equal opportunity and valid job requirements.; It is also the policy and practice of ISG to maintain and foster a work environment in which all employees are treated with decency and respect. Accordingly, ISG has adopted a zero-tolerance policy toward discrimination and all forms of unlawful harassment, including but not limited to sexual harassment. This zero-tolerance policy means that no form of unlawful discriminatory or harassing conduct towards any employee, client, contractor, or other person in our workplace will be tolerated. ISG is committed to enforcing its policy at all levels within the company, and any individual who engages in prohibited discrimination or harassment will be subject to appropriate disciplinary action, which could include immediate termination of employment for a first offence.; Although the various countries in which ISG does business may have different legal provisions pertaining to discrimination and harassment in the workplace, ISG will not tolerate discrimination or harassment by any employee, wherever they work. ISG takes very seriously our responsibility to ensure that neither our operations nor our supply chain participate in any form of human exploitation anywhere in the world.

  Wellbeing

  Wellbeing; At ISG, we value the health and wellbeing of all our employees, they are our most important asset, and we have an employee wellbeing programme available to all, known as the Employee Assistance Programme (EAP).; Our EAP is provided by ‘WeCare’, an independent external organisation, who work to a robust professional code of strict confidentiality. EAP is intended to help our employees deal with personal problems that might adversely impact their work performance, health, and wellbeing. We also have several optional Health and well-being plans available to our employees.; ; We also encourage grass-roots community involvement from our employees through the ‘ISG Cares’ programme. Our employees are active in a wide range of charitable organisations in the 21 countries in which we do business, not only through their monetary donations, but in their direct commitment of time and energy to support fundraising and awareness activities.; We have found that employee volunteering and community involvement creates a feeling of satisfaction and pride that affects all ISG.; ISG leaders work directly with local charities and businesses to create key relationships between our employees and our local communities. This helps to ensure that we gain a better understanding of what specific areas need our support and what we can do to develop and improve community relations. To complement these relationships, ISG has encouraged employees to volunteer and offers paid monthly leave to allow staff to offer their services. ISG also created a calendar that tracks both ‘ISG Cares’ events and other charity and community events. This helps us to better connect with our communities. Our leadership team often matches the money raised to increase the monetary offer we provide to local charities; most recently we matched all employee donations to the Save the Children Emergency Fund and the Ukraine Crisis Relief Fund.

Pricing

• Price: £200 to £52,000 a licence a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at anthony.drake@isg-one.com. Tell them what format you need. It will help if you say what assistive technology you use.