Risk Decisions

Predict! Enterprise Wide Risk Management

Predict! focuses on making it as simple as possible for everyone in your organisation to proactively manage risk. Enabling you to shape future success by taking forward-thinking, risk-based decisions.

Combining risk and action database with Monte-Carlo analysis, Predict! is the perfect tool to drive project and program success.

Features

• Capture and manage enterprise-wide risks in one system
• Intuitive interface and automatic alerts for fast user uptake
• Bulk upload risk and actions from Excel for fast onboarding
• Interactive bowtie for detailed identification and exploration of key risks
• Schedule and cost risk analysis, with advanced what-if capability
• Risk visualisation of linked risks for effective decision making
• Interactive dashboards drive understanding and facilitate discussion
• Visibility of the most significant risks across your organisation
• Custom reporting, across the business or at any drill-down level
• Compatible with ISO:31000, APM PRAM, PMI PMBoK, COSO, Orange MoR

Benefits

• Improved contingency management increases margin
• Visibility of risk exposure across projects, portfolios and business units
• Increased end-user and senior management engagement
• Consistent application of risk process, reporting and analysis
• Improved understanding of confidence in delivering to cost and time
• Low cost of ownership (minimal user and administrator training)
• Expert support at hand to support growing risk maturity
• Company-wide involvement supports fast risk-based decision-making
• Aggregated view of risk impact across business
• Automatic risk, action and control auditing improves governance

£375 a user a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tjay@lumivero.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

247203808281626

Contact

Trevor Jay
+44 (0) 7595 206805
tjay@lumivero.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Windows and other security updates will be automatically applied on a weekly basis during an out of hours timeslot agreed with the customer at the start of the contract.
• System requirements:
  • Clients must use a supported browser
  • Predict! Risk Analyser clients must meet the system requirements specification

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The following response time are during standard support hours of 8:00 to 17:30 Monday to Friday, excluding public holidays.; Urgent - 1 working hour; Serious - 4 working hours; Problem - 1 working day; Enhancement - 5 working days; ; Urgent and Serious issues must be reported by telephone in the first instance and their severity clearly stated.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: The standard software maintenance includes software fixes, updates and new versions.; The standard hosting maintenance includes Windows updates and security updates.; The standard software support includes 9 to 5 email and phone access for issue resolution and how to queries.; Extended hours support is available for additional cost.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Our rapid deployment services offering provides product orientation training for your administrators. We then help them determine the best configuration for you and configure it with you to ensure that you are able to maintain and enhance it. We also develop a customised end-user briefing for you.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Users can export risk and action information to MS Excel at any time.; A backup of your Predict! database can be provided at a cost, before permanent deletion of your data from the hosted service.
• End-of-contract process: When a customer leaves the service, the entire MS Azure subscription is cancelled and deleted, taking the virtual machine, any storage and backups along with it. MS Azure retains the data for a 90-day period in case it’s needed for recovery or has been deleted by mistake. After that 90 day period it’s permanently deleted by overwriting storage resources before reuse, and purging or destroying decommissioned hardware.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The Predict! Risk Controller web interface is fully responsive, so provides the same functionality across desktops/laptops, tablets and smartphones.; Predict! Risk Analyser only runs on Windows PCs.
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: Predict! Connect, our two-way REST API, is licenced free of charge with Predict! Risk Controller and enables you to:; • extract risk and action information from the Predict! database into Common Data Environments; • access Predict! data for use in reporting tools such as Microsoft Power BI; • view, create and update Predict! risk and action data through web pages or self-built applications ; • link Predict! to and from your favourite business applications (subject to appropriate connector availability).; Predict! Connect requires standard user login access and complies with the Predict! security model.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Predict! is extremely configurable by the customer and we will help you define your configuration requirements with you and show you how to configure, so that you can continue to enhance your configuration.; You have full control over the following:; Screen layouts; Access permissions; Folder visibility; Risk categories; Scoring grids and impact types; Custom fields - free text, numbers, dates, boolean, custom dropdown; Notifications; Predict! Risk Reporter allows you to create your own custom reports, or we can create them for you.

Scaling

• Independence of resources: All customers have their own totally independent virtual servers on the MS Azure infrastructure.

Analytics

• Service usage metrics: Yes
• Metrics types: Administrative users can view reports showing the number of users accessing the system over a given time period.; They can also see individual user statistics such as how many times and for how long they have been using the system over the past 30 days.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export risk, control and action data to MS Excel at the click of a button.; Reports can export data in MS Word, PowerPoint, Excel or PDF format.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • MS Word
  • MS PowerPoint
  • PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • MS Excel
  • User information can be uploaded from MS Active Directory

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Risk Decisions guarantee that the Predict! service will have an availability of at least 99% (excluding prior-notified down-time, updates and upgrades), 24-hours a day and seven days a week, measured over a rolling contract period.
• Approach to resilience: All backups reside in a separate Geolocation, so you can be sure if disaster strikes we can restore your system to a backup in another Geolocation quickly, without any change to the way you access Predict!.
• Outage reporting: The Customer Liaison Person informs affected stakeholders (staff, key customer contacts etc) as soon as possible.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: The MS Azure support interface can only be accessed by authorised users from computers on the Risk Decisions network.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Description of management access authentication: Access is restricted to defined IP addresses.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 04/07/2022
• What the ISO/IEC 27001 doesn’t cover: Goods in/out loading bay ; Outsourced software development
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: All staff go through security and data protection training during their induction to the company, and receive refreshers and updates throughout the year. Adherence to security and data protection policy and processes are something that all staff sign up to in the Staff Handbook, and disciplinary action can be taken when there are breaches.; ; Risk Decisions Group security governance framework includes the following:; • Computer Security Incident Response Plan; • Cyber Security Policy; • Data Protection Policy; • Incident Response Procedure; • Information Security Management Policy; • Software Development Policy; ; These are audited as part of our ISO 27001 certification

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The general process is that changes to customer servers are made on UAT environments first and then tested by RDL staff, followed by the customer. Once approval has been received from the customer, changes are then scheduled for roll out to Production.; Installation and configuration reports are updated after changes are made.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: A penetration test is performed at least annually.; Windows and other security updates will be automatically applied on a weekly basis during an out of hours timeslot agreed with the customer at the start of the contract.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: MS Azure monitors the environment for attack.; The Web Application Firewall is configured using the OWASP core rules to protect against the top 10 priority threats. ; Windows Defender runs daily scans and Azure Antimalware runs weekly scans on the servers.; For severity 1 incidents, the Risk Decisions response team are alerted and response commenced immediately, regardless of time, day or time-zone.
• Incident management type: Supplier-defined controls
• Incident management approach: Our Incident Response procedure has been created with reference to ISO/IEC 27035:2016+, (Information security incident management) and the National Institute of Standard and Technology (NIST) guidance.; Step 1: Contain the incident; Step 2: Assess and agree response; Step 3: Respond; Step 4: Report and Learn

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Our risk management software supports customers to manage climate change risk.; ; Our Board’s commitment to reducing our climate impact has been communicated and demonstrated to staff via our regular Company Briefings, inviting contributions and suggestions for improvement. Our Carbon impact is offset by appropriate donations for tree planting and sustainability initiatives to the Woodland Trust.; ; Our head office is within managed offices that are currently working on plans to become a Net Zero business in the coming years.

  Covid-19 recovery

  Risk Decisions did not reduce its workforce during pandemic lockdowns in the UK, Canada or Australia, but implemented a “work from home” policy.; ; Although no one used our Oxford Office space during the lockdowns, Risk Decisions continued to pay its cleaner as though they were still attending.; ; As it was proven we could work remotely in a secure way, in 2021 employed a full time IT specialist who had previously been laid off to manage our IT infrastructure and security.

  Tackling economic inequality

  Salaries in the IT sector continue to rise above inflation and we cross-check salaries with industry and geographical norms. Non-IT salaries and rates for the contracted cleaner are well in excess of national minimum requirements.; ; Since 2021 we have continued to increase our headcount and are now in a position to add an opportunity to employ and support a junior developer.

  Equal opportunity

  Remuneration is based on competence and experience, markers that are applied irrespective of gender, race or ethnicity. The ease of access and facilities in our Office for people with special requirements/mobility issues means we can offer employment opportunities within the organization. Our hybrid form of working often suits people with particular requirements.; ; Regular performance reviews and training plans, using internal and external resources, mean we can offer our colleagues development opportunities.; ; Our UK staff demographics are:; British Nationals Passport Holders: 10%; British Citizens of Asian Origin: 22%; British Citizens of Swiss Origin: 5%; British Citizens: 63%; ; Technical Team: 58% male, 42% female (head of department female); Customer Delivery & support: 100% male (head of department male); Sales & Marketing: 50% male, 50% female (head of department female); Business Support: 50% male, 50% female (head of department female). ; ; Modern Anti-Slavery checks are done on appointment as well as across our supply chain.

  Wellbeing

  Not everyone prefers working from home and some employees do not feel their domestic environment is conducive to working remotely so in the interests of well-being and team development, we have combined the benefits of in-person office working with remote working by adopting a hybrid form.; ; In the UK teams have allocated office days: “spare” days are open to any employee preferring to use a dedicated office space.; ; Whilst we can ensure office space complies with Health & Safety Display Screen Equipment/Workstation environments we cannot inspect or interfere with domestic facilities: we do, however, ask employees to self-assess against Health & Safety Executive guide lines and offer to purchase equipment for employees to use at home to help them meet recommended standards.; ; We have an active policy to support volunteering with additional matched paid leave, a social fund to develop community within the company and support external good causes and flexible and remote working policies to support our colleagues with caring or international family commitments.

Pricing

• Price: £375 a user a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Limited time access to a full function evaluation server is available free of charge.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tjay@lumivero.com. Tell them what format you need. It will help if you say what assistive technology you use.