SharpCloud OFFICIAL

Service scope

Software add-on or extension: No
Cloud deployment model: Private cloud
Service constraints: Only certain web browsers (specified below) are supported, and the service may not function with other browsers. Various optional applications are limited to use on Microsoft Windows devices only.
System requirements: Access to a suitable network connection.

A compatible web browser

User support

Email or online ticketing support: Email or online ticketing
Support response times: P1 incidents raised with SharpCloud support will receive a response within 2hrs during UK working hours 9am-5.30pm Monday-Friday.
Extended Support is available on request and will be priced specifically to meet customer needs including out of hours and weekend options
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: No
Onsite support: Yes, at extra cost
Support levels: SharpCloud Public Cloud Multi-tenant instance is available on Microsoft Azure offering 99.95% availability.
P1 incidents raised with SharpCloud support will receive a response within 2hrs during UK working hours 9am-5.30pm Monday-Friday.
Extended Support is available on request and will be priced specifically to meet customer needs
Support available to third parties: Yes

Onboarding and offboarding

Getting started: Users have access to a range of resources to help them become competent in using SharpCloud. The in-product Help story includes detailed information and downloadable guides covering all SharpCloud’s capabilities and links to a range of videos hosted on our SharpCloudTV YouTube channel.

Users have access to our online Learning Management System (LMS), allowing them to work through appropriate courses for their needs, building from beginner to expert status. Additionally users can attend free online webinars (hosted weekly) and we offer the option to purchase on-site training and custom courses.

SharpCloud includes a selection of free samples stories and public examples to inspire ideas and to help users develop great content.

We host regular ‘discovery-days’ and other events at which users share their stories and knowledge.
Service documentation: Yes
Documentation formats: HTML
End-of-contract data extraction: Data within the system can be copied to an excel file, or downloaded as a storyzip file. Data in storyzip files can be extracted into resource files and JSON objects.
End-of-contract process: At the end of contract the users and content can be removed from the system.

Should you require your data to be extracted at the point of exit a discontinuation fee will be applied, this is subject to the amount of data and security level of data held on the system.

Using the service

Web browser interface: Yes
Supported browsers: Internet Explorer 11
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: The mobile version is a fully functioning replica of the desktop site when in landscape mode and provides a reduced interface with less visual functionality when in portrait mode.
Service interface: No
User support accessibility: WCAG 2.1 AAA
API: Yes
What users can and can't do using the API: SharpCloud offer two API's.
ODATA REST API
.NET SDK

ODATA REST API (public web)
Provides access to story data via RESTFUL services using ODATA syntax for batch and filter operations.
Full documentation of the service can be found here: https://my.sharpcloud.com/swagger

Most objects can be created/updated via the API but the service is intended to simplify data access for web developers. As such, the API is not used by the application per se and does not enable all functionality.

.NET SDK (requires .NET 4.7)
Provides full object model access to the story (items, relationships attributes etc) and can be used to interrogate and create stories. It uses the same private endpoint as the web clients so is functionality rich and can do everything the web client can.

It requires some basic knowledge of SharpCloud story structure and a .Net environment making it less suitable for simple integration with other web systems.

It is ideal for complex batch operations or desktop tools, and is used in a number of free add-on tools (e.g. Query connect which connects on-premise databases to the cloud service).
API documentation: Yes
API documentation formats: PDF
API sandbox or test environment: Yes
Customisation available: Yes
Description of customisation: SharpCloud can be configured and customised to help accelerate adoption and exploitation via:
Configuration of attributes, tags and relationships (by the user)
Creation and application of bespoke SharpCloud story templates and widgets (provided through Consultancy Support)
Creation of visualisations based on a range of pre-built models (by the user)

Scaling

Independence of resources: The Public Cloud instance is a shared service. The API is throttled in order to limit the load that can be applied by anyone customer. Private Cloud deployments are also available on request to separate data and load for an additional fee.

Analytics

Service usage metrics: Yes
Metrics types: Usage metrics are available through the Administration Portal, usage of shared content is available through the interface to the content creator.
Reporting types: Real-time dashboards

Resellers

Supplier type: Reseller providing extra support
Organisation whose services are being resold: SharpCloud

Staff security

Staff security clearance: Conforms to BS7858:2019
Government security clearance: Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: No
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least once a year
Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest: Physical access control, complying with another standard
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation
Equipment disposal approach: A third-party destruction service

Data importing and exporting

Data export approach: Data within the system can be copied to an excel file, or downloaded as a storyzip file. Data in storyzip files can be extracted into resource files and JSON objects
Data export formats: CSV

Other
Other data export formats: JSON
Data import formats: CSV

Other
Other data import formats: JSON via the API

Data-in-transit protection

Data protection between buyer and supplier networks: Private network or public sector network

TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability: SharpCloud Public Cloud Multi-tenant instance is available on Microsoft Azure offering 99.95% availability.
P1 incidents raised with SharpCloud support will receive a response within 2hrs during UK working hours 9am-5.30pm Monday-Friday
Approach to resilience: Available on Request
Outage reporting: Email alerts/phone calls.

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Identity federation with existing provider (for example Google Apps)

Username or password
Access restrictions in management interfaces and support channels: • Username or password
Identity Federation
2 Factor Authentication
Access restriction testing frequency: At least once a year
Management access authentication: 2-factor authentication

Identity federation with existing provider (for example Google Apps)

Username or password

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: A-Lign
ISO/IEC 27001 accreditation date: 12/12/2019
What the ISO/IEC 27001 doesn’t cover: The ISO27001 certification for SharpCloud covers all controls under Annex A except the following which are not currently applicable : 6.1.3 Contact with Authorities, 11.1.5 Working in secure areas, 11.1.6 Delivery and loading areas.
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: The Information Security Policy and Data Protection Policy are available on the internal SharpCloud SharePoint/Team site. Updates are communicated via email to all staff. They are both owned by the Chief Technology Officer.
All new staff receive induction that includes the Information Security Policy
The policies have been written based on ISO 27001 and ISO9001 standards.
There are no exceptions to the current security policies and procedures. Should an exception be raised it will be assessed and either accepted or rejected by the senior management team and the Policy updated accordingly.
SharpCloud maintains written roles and responsibilities for all IT personnel. These roles and responsibilities outline security access, reporting lines etc. for each role as documented in the Security Policy.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: The service utilises Azure DevOps for deployment which ensures that the build process, configuration and deployment is managed consistently via a change process.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: We follow best practice guidelines for software development using design patterns created or approved by MS. These include the multi-tier design pattern and application security layers (OWIN, MVC etc). We perform annual penetration tests using an external 3rd party. Any threat vulnerability we are made aware of will be treated appropriately via our incident management process.

Any changes are tracked using our release process.
The service is constantly being updated with new features and improvements which are released weekly. If a security issue is exposed, it would be patched within that timeframe. We conduct application penetration test at least annually.
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: The underlying Azure PaaS has built in protection for DOS attacks etc. We recommend that you implement SSO via AAD which gives you further protection for authentication (e.g. enforce multi-factor auth, password policies, prevent login from multiple locations etc). In addition, each story has an audit displaying who has accessed, and when, allowing full auditability to identify any suspicious activity.

The service is actively monitored by SharpCloud support staff for application level issues and Microsoft for underlying hosting (Network, storage and compute) issue.

The support team are constantly monitoring the system and performance and will react appropriately to any issues
Incident management type: Supplier-defined controls
Incident management approach: All incidents are currently reported to 'support@sharpcloud.com' and escalated accordingly.

Common issues like password resets, account unlocks will be handled by your internal IT if SSO is configured (if not this is easily done by users themselves automatically via email).

Security incidents will be reported in accordance with our incident management policy.

Secure development

Approach to secure software development best practice: Supplier-defined process

Public sector networks

Connection to public sector networks: No

Social Value

Fighting climate change

Babcock are committed to reducing our impact on the environment, embedding the company’s principle of ‘be kind’ to ensure the overall impacts of our operations are minimised. We take our responsibilities seriously and ensure we play a key part in the transition to a more sustainable future. Key to this is our Group wide carbon strategy plan ‘Zero 40 by 2040’, to drive extensive decarbonisation programmes across our estates, assets and operations. Babcock is delighted to have successfully achieved certification in July 2023 to the Carbon Trust Route to Net Zero Standard – Taking Action tier.
We have identified 15 sites across the organisation where our interaction and impact on local ecosystems has been considered ‘significant’ and are working to conduct biodiversity assessments across all these sites and are on track to complete this by 2024.
We continue to deliver improvements to our waste management practices through robust waste management plans. These plans identify opportunities to reduce our waste to landfill by 2025 and a roadmap of transition away from single-use plastics by 2027.
At the heart of our SaaS services is the provision of the Defence Nuclear Data Centre (DNDC). The DNDC is a state-of-the-art facility which is built and operated to the highest independently audited industry standards.
The DNDC is part of the Climate Neutral Data Centre Pact (CNDCP) which is working towards a carbon neutral target by 2030. This is being achieved through numerous initiatives including:
Leveraging 100% renewable energy (achieved for last 6 years)
Direct air evaporative cooling capability lowering energy consumption and cost
Water buffering for cooling equipment reducing peak water usage by 85%
Removal of diesel from standby systems and replaced with Hydrotreated Vegetable Oil (HVO). Reducing fossil emissions by 90%, our NOx emissions by >15% and our particulate emissions by >25%.
Rainwater harvesting

Pricing

Price: £200 to £6,000 a licence a year
Discount for educational organisations: No
Free trial available: No

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

SharpCloud OFFICIAL

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents