Alemba Service Manager

ITSM tool Alemba Service Manager is an advanced platform that supports incident, problem, change, request, knowledge, asset, configuration, release, availability, capacity, event and project management. The powerful service catalogue and workflow engine provide the leading zero code process and application development platform available.


  • Workflow engine no code business process engine
  • Screen designer no code form rule and field builder
  • Rest API powerful self describing API and webhook integration
  • Self service Portal Advanced licence-free customer focused support portal
  • Skills based routing calls auto allocation based on agent skillsets
  • Built-in management of call and request time & expenditure
  • Dashboards Powerful real time dashboards
  • ESM data separation supporting HR, Facilities, Procurement and other functions
  • Full Project Portfolio Management including MS Project integration
  • PinkVERIFIED Certification for ITIL v3 & v4


  • Highly functional out of the box ITSM solution
  • Visual user interface for all configuration (no code)
  • Licence-free self-service interface branded to you requirements
  • Single tenancies for highly secure data management
  • Deeply integrated with Microsoft Azure platform
  • PinkVERIFY certification for ITIL v3 and 4 processes
  • Powerful graphical workflow for automation
  • Real time dashboards and reporting
  • Out of the box integration to other industry standard tools
  • Sophisticated service level management including OLAs and UCs


£37.50 a user a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

2 5 6 1 1 3 1 3 6 7 7 8 8 3 7


ALEMBA LIMITED Laurence Scott-Mackay
Telephone: (0)203 479 7900

Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
System requirements
  • Web Browser, Google Chrome, Safari or Microsoft Edge
  • SAML 2.0 integration (optional) for auto user provisioning and SSO
  • A mail server supporting EWS,SMTP, POP3, or IMAP4
  • Active Directory, Microsoft SCCM and SCOM connectors no additional costs

User support

Email or online ticketing support
Email or online ticketing
Support response times
P1 - 20 minute (24/7/365); P2 - 1 hour (business hours); P3 - 1 hour (business hours); P4 - 1 hour (business hours)
User can manage status and priority of support tickets
Online ticketing support accessibility
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
Web chat accessibility testing
Onsite support
Yes, at extra cost
Support levels
Alemba does not provide different support levels. All customers get 24/7/365 P1 support and a dedicated account manager.
Support available to third parties

Onboarding and offboarding

Getting started
Alemba provides a dedicated deployment programme, consisting of training and workshops, backed up by online video training. Alemba provides each customer with free design and discovery services for the purpose of agreeing a scope of works, which will define the project success criteria. Alemb's Rapid Start database is a pre-configured, best practice ITSM system that gives customers a jump start in ASM deployment.
Service documentation
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
MS word
End-of-contract data extraction
Alemba provides a database back up and a 5 user non-production system that will allow customers to extract data at their convenience
End-of-contract process
Alemba provides a database back up and a 5 user non-production system that will allow customers to extract data at their convenience at no charge

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Alemba provides a responsive design and there are no functional differences between mobile and desktop.
Service interface
User support accessibility
Description of service interface
The Alemba self-service portal allows customers to log, update and track calls and requests, access the service catalogue, review their assigned equipment and complete workflow approvals. Users can see real-time dashboards. The portal is 100% licence-free and can be branded to your unique requirements.
Accessibility standards
Accessibility testing
The Alemba test process includes accessibility testing of the customer portal
What users can and can't do using the API
The Alemba API is comprehensive and allows access to all data entities, including user permissions and system configuration. There are no known limits.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
Customers can customise the service by using Azure logic apps, which allow customers to build additional functionality


Independence of resources
Alemba uses a cloud model where each customer has a separate Azure tenancy and is not in contention with other customers for resources


Service usage metrics
Metrics types
Alemba records the amount of time each agent uses the system
Reporting types
Regular reports


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data is extracted using the built-in search screens which produce CSV files or the other reporting engine
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
99.95% availability. Service credits by agreement
Approach to resilience
Alemba provides all services on the Microsoft Azure Cloud which is inherently resilient. Further details available on request
Outage reporting
Email, dashboard and account management team will inform users

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Alemba Service Manager includes role-based access control (RBAC) that controls access to features, functions and data in accordance with compliance guidelines.

Roles are defined in the Alemba Service Manager administration application and can be defined at a high-level function access privilege e.g. Incident Management, Problem Management access etc. down to a granular-level field level security detail (Read/Write/Edit/Delete). Roles and users can be associated with workflows that they are allowed to access.

Typically, Alemba Service Manager credentials will be synchronized with existing identity management systems, e.g. Active Directory, allowing single sign on
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Less than 1 month

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
BSI Group
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Alemba Service Manager is supported by Azure, and thus protected by Azure compliance certificates. The Azure ISO/IEC 27001 certificate covers Azure, Dynamics 365, select Microsoft 365, and Power Platform online services. Alemba's general non-customer operations are not covered.
ISO 28000:2007 certification
CSA STAR certification
CSA STAR accreditation date
CSA STAR certification level
Level 2: CSA STAR Attestation
What the CSA STAR doesn’t cover
Alemba Service Manager is supported by Azure, and thus protected by Azure compliance certificates. Alemba's general non-customer operations are not covered.
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications
Any other security certifications
  • SC-900

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Alemba publishes a comprehensive set of security policies and procedures. These form part of all staff induction and refresher courses are conducted on an annual basis

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Alemba records all configuration changes in its master CMDB, which records the configuration of each customer. Each change process includes a test phase where all configuration changes are trialed before production implementations. All changes will be subject to a CAB approval which will determine if there is a security implication and that further security testing such as pen tests will be required
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Vulnerability Scanning and Penetration Testing of the Cloud Service Platform will be performed against exposed endpoints. This covers six phases of security testing covering:

Vulnerability analysis of the internet-facing applications, where all areas detailed in the OWASP Top 10 (Injection, Broken Authentication, Sensitive Data Exposure, Broken Access Control, Security Misconfiguration and more) are covered.

Vulnerability analysis of the supporting infrastructure, where analysis of the server build, network filtering policy and general setup took place.

Manual testing of common security configurations.

Assessment of logical errors that impact security.

Vulnerability scanning is conducted at least annually for each customer
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
The logging and monitoring procedure regulates interactions and relationships with the following subjects:

• Azure Platform and Office 365

• Customer Environments on Azure, AWS

Event logging: records information about access and actions of users, errors, events.

The logs reside outside of the instance and are protected from malicious manipulation or deletion.

Privileges of administrators and operators of systems are different from the normal user privileges and are recorded accordingly.

All logs are stored independently of the target system.

Logs are retained for a minimum of 7 days.

Monitoring alerts are configured in AWS CloudWatch and Azure Monitoring.
Incident management type
Supplier-defined controls
Incident management approach
When an incident affects a computer system, a computer security incident response team (CSIRT) is activated to handle the threat. Examples of computer security incidents include attacks such as denial of service attacks and malicious code, which includes worms and viruses. Additionally, an incident can result in the misuse of confidential information on a computer system. This could include information such as Social Security numbers, health records, or anything that could include sensitive, personally identifiable information.

Alemba has detailed security procedures to deal with such events including using our own software to record specially categorised incidents.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks

Social Value

Equal opportunity

Equal opportunity

Alemba is committed to a policy of equal opportunity and diversity in employment and recognises that this is essential to the success and growth of the organisation.
To this end, Alemba makes every effort to select, recruit, train and promote the best candidates based on suitability for the job; to treat all employees and applicants fairly, regardless of race, sex, marital status, age, nationality, ethnic origin, religious belief, sexual orientation, or disability; and to ensure that no employee suffers harassment or intimidation.
Managers are trained in interview skills and the importance of adhering to our Equal Opportunities Policies during the hiring process. All potential candidates are made aware of Alemba’s Equal Opportunities Policy and asked to confirm that they will comply with this if hired.
Alemba as a global company operates a Global Responsibility program that ensures no supplier is used that has not committed to the enforcement of anti-modern slavery measures. All members of staff across all regions of employment are always paid more than the UK living wage irrespective of their country of employment.


Supporting the physical and mental health and wellbeing of our employees is of paramount importance to Alemba.
Physical Wellbeing and Health and Safety:
•It is the policy of Alemba to create and improve standards of Health and Safety, leading to the avoidance and reduction of risks and ensuring that the company complies with all Health and Safety legislation.
•Risk Assessments are carried out for pregnant employees throughout their pregnancy ensuring we maintain a healthy environment for the mother and unborn child.
•Homeworkers must complete a Risk Assessment before Alemba agrees to them working at home, ensuring that their homeworking environment is a safe place to work.
•Health & Safety and Fire officers actively implement Alemba’s policies, standards, and procedures. The policy standards and procedures are communicated to employees through contracts of employment, staff handbooks, operating manuals, bulletins and notice boards and staff training
A Commitment to Mental Health:
•Managers are trained to handle discussions with employees experiencing mental health issues, depression, or stress.
•Alemba offers a flexible working environment, allowing employees to work from the comfort of their own homes and maintain a healthy work-life balance.
•An internal forum has been launched to offer a social outlet for staff members working from home, where team members can engage in an informal setting discussing topics ranging from hobbies and interests to managing physical and mental health. This initiative is aimed at mitigating a sense of isolation that could result from home working and offering team members a platform for forming connections outside of everyday work discussions.


£37.50 a user a month
Discount for educational organisations
Free trial available
Description of free trial
Users are provided with a demo environment for a time period of 3 weeks.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.