ALVAO s.r.o.

ALVAO Asset Management

ITIL certified IT Asset Management software. An overall picture of every device throughout its lifecycle. Know what assets you have, who owns them, and where each item is.

Handover protocols facilitate starters and leavers process. Full overview over hardware, software and other assets. Software asset management. Regular inventory audits.

Features

• Asset Management
• Service Asset & Configuration Management
• Software License Management
• Software and Hardware Discovery
• Electronic Handover Forms
• Self-service inventory audit
• MS SCCM Connector
• REST API interface

Benefits

• Designed for Microsoft 365
• Great onboarding, technical support, customer engagement
• Conformance with international ITIL service delivery standards
• Quick and easy set up of asset records
• A clear tree structure for easy sorting
• Have complete HW/SW info for high quality user support
• Full audit trail of each asset
• Know where every asset is and who owns it
• Plan IT budget proactively based on warranty expiration
• Recognize patterns and improve end user support

£2 to £3.50 a device a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jan.skrabanek@alvao.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

192766036866468

Contact

Jan Skrabanek
+44 2035 142 185
jan.skrabanek@alvao.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Azure Active Directory is necessary for using this service.
• System requirements:
  • All users need to be registered in Azure Active Directory.
  • Users accessing reporting need a Power BI Pro license.
  • Windows OS for Asset Management desktop client.
  • A supported browser is necessary for using our service.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Users are eligible to submit ticket 24x7x365 via supplier's web portal or via email.; ; Standard support operating hours are 9 to 5 (UK time), Monday to Friday.; ; Guaranteed response times vary depending on service contract and the specifics of the case.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: ALVAO provides support plans listed below:; Support Basic, Support Basic+, Support Standard, Support Standard+, Support Enterprise.; ; The details can be accessed in the Pricing document.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Customers can receive a demo environment. Online documentation can be accessed at https://doc.alvao.com/.; Our onboarding team is ready to provide basic online training.; ; The onboarding process, led by one of our seasoned consultants, is specifically focused on quickly getting you up and running on the core capabilities of your ALVAO Asset Management.; ; Technical layer ; • Connection to customer AAD tenant (Single Sign-On) ; • WebApp configuration (HTTPS) ; • Mailbox connection ; • Pilot HW/SW scan (using Alvao agents or connection to SCCM); ; Data layer ; • Data quality and input strategy ; • Importing users ; • Configuring the default service catalog and CMDB ; • Overseeing data input by the customer; ; Training layer ; • Administrator training - configuration capabilities ; • Asset lifecycle walk-through (ITAM) ; • Publishing standard report to customer’s Power BI tenant
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: After the termination of the obligations under the Contract, a backup of the Content shall be available to the Customer upon request for another thirty (30) days. At the end of this period, all Content shall be irretrievably removed, unless otherwise provided by binding law.
• End-of-contract process: In the event of withdrawal from the Contract, the Contracting Parties shall make settlement as follows: ; ; in the event of withdrawal from the contract by the Customer, the Customer has the right to a refund of the proportional part of the prepaid price of the Services corresponding to the price of the Services for the period from the effective date of withdrawal from this Contract until the end of the Subscription period for which the price of the Services was paid in advance; If the Contract was entered into on the basis of a Reseller Business Proposal, the Customer shall raise this claim with the Reseller; ; ; in the event of withdrawal from the contract by the Provider, the Customer does not have the right to be refunded any part of the prepaid price of the Services, even if the termination of the Contract occurred during a prepaid Monthly Period or Monthly Periods.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems: Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: A part of the Asset Management functionalities is available in the desktop client only, e.g. Software Asset Management.; ; On mobile devices, users can view an asset and update its attributes.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: ALVAO Asset Management can be accessed via a desktop client or any supported browser.
• Accessibility standards: None or don’t know
• Description of accessibility: The service is managed via a desktop client, but agents can perform the most frequent scenarios also via web browser.; Most aspects of the service experience can be customised.
• Accessibility testing: ALVAO has not tested the application with specific assistive technologies. However, our development team is strongly driven by the customer voice.
• API: Yes
• What users can and can't do using the API: Create, read, update, and delete (CRUD) operations for tickets, ticket relationships, assets (configuration items) and configuration items relationships.; ; REST API follows configured application permissions. ; ; Docs:; https://app.swaggerhub.com/apis/A3555/ALVAO_REST_API/v1.0; https://doc.alvao.com/en/11.0/modules/alvao-am-enterprise-api; https://doc.alvao.com/en/11.0/modules/alvao-sd-enterprise-api
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Available configuration and customization options are subject to administrator training during implementation - changing logo, icons, colors, asset types, attributes, etc.

Scaling

• Independence of resources: The service is multi-tenanted and designed to scale vertically. Microsoft Azure Services are used as IaaS and PaaS layers, so additional computing power could be easily added.

Analytics

• Service usage metrics: Yes
• Metrics types: Customers can view the metrics below in their environment or at the supplier’s service desk:; ; 1) Licence usage; 2) Allocated/Free space in data storage; 3) Service Availability
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users are able to easily export data in the application. This feature is restricted according to role and permissions in the application.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XLSX
  • JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XML
  • JSON

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The Production environment shall be available 99.9% of the time in the Monthly Period - Guaranteed Service Level. ; ; The Test environment is provided without guaranteed availability.
• Approach to resilience: The data is stored in a Microsoft Azure data center in the United Kingdom and the selected storage follows Microsoft rules for Azure SQL Database.
• Outage reporting: Users can access the availability page at the supplier's service desk. Major incidents are reported via email.; ; Customers are notified via email about maintenance windows.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: A valid Azure Active Directory Account is used to authenticate access to management interfaces.; In case of contacting support via phone is used Named Support Contact policy.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: TDS Cert, Brno, Czech Republic
• ISO/IEC 27001 accreditation date: 27.11.2020
• What the ISO/IEC 27001 doesn’t cover: No standard controls are excluded from ALVAO's ISO/IEC 27001 certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO 27017
  • ISO 27018

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We follow today's best practices and ISO/IEC 27001 standards.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Configuration changes in the service components are tracked in the supplier's internal asset management and service desk system. All changes are assessed.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We use Microsoft Defender for cloud for vulnerability assessments of the service components. All patches and updates all deployed as soon as possible following threat priority.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Microsoft Defender for Cloud is used to protect our cloud services.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents can be raised by customers on ALVAO's Service Desk. Incidents can be also raised by the supplier. Both types of incidents are accessible via a web interface. Customers can check the incident status and also incident reports.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Wellbeing:

  Wellbeing

  Our company is committed to supporting the health and wellbeing of our employees, including physical and mental health.

Pricing

• Price: £2 to £3.50 a device a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: The free trial version is available for 30 days period.; For more information see the Terms and conditions document.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jan.skrabanek@alvao.com. Tell them what format you need. It will help if you say what assistive technology you use.