WHITESPACE GLOBAL LIMITED

Decision Intelligence

AI-based decision support tool using echnology. Sitting atop the clients data sources, eamli ingests appropriate datasets for the challenges posed and generates millions of 'what if' scenarios in a secure sandbox environment. Cloud agnostic, it can be run on public/private cloud as well as in air-gapped environments.

Features

• Real-time AI-powered insights and simulation modelling
• Analyses historical/external factors, models the future, provides data-backed insights
• Addresses Excel challenge negating complex spreadsheets
• Tailored to your individual business, with your desired outcomes/objectives
• Supports collaborative data-driven decision making
• Reduce staff cognitive overload and stress, automating the analyst
• View data holistically, providing validated and readily explainable recommendations

Benefits

• Allows decisions to be made with confidence
• Align teams & decisions to your big-picture objectives
• Increases efficiency/VFM, reduces errors, time lost, and decision fatigue
• Provide multiple optimised potential courses of action to choose from
• Discover and share processes that work, saving time and money
• Enabling logical, quicker, better informed and auditable decisions
• Learn & grow from every decision

£199.99 to £500,000.00 a unit

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at frameworks@white.space. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

321349477990626

Contact

Elizma Knowles
02890994405
frameworks@white.space

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: None
• System requirements: Web Browser and internet connection

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: SLA specific to client requirements
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Internal UX and design team reviews as well as external software provider process
• Onsite support: Yes, at extra cost
• Support levels: Standard support is included in our software licence. Support hours are Monday-Friday, 0800-1800 daily.; Bespoke SLA available at extra cost.; Technical account manager and cloud support engineer available at extra cost
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Upon purchase we will schedule an appointment for teleconferencing with first-time users. Through this we can follow our plan for on-boarding and walk you through the eamli platform. By offering this guidance to all first-time users we can ensure that you understand eamli, its decision-making tools, the way they can benefit your team, and have a chance to explore the key features in your own time with one of our professionals to oversee your first interaction with the platform. They will work with you through this initial call to help you understand eamli and deliver extensive product knowledge to guide you in how to best utilise our tools to provide informed decisions backed by data, which will help you grow your business.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: If required, clients can request that their data is exported. This may induce extra costs.
• End-of-contract process: Once the contract ends, access to the system is terminated and all client data is removed.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Browser based GUI
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Has been tested with Jaws, Windows Narrator, and Chrome's Chromevox Classic.
• API: Yes
• What users can and can't do using the API: All functionality available via the graphical user interface, is available via a set of APIs.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: All data, models, cards, and dashboards are user defined.

Scaling

• Independence of resources: The infrastructure supporting the product is sized for current and projected load, ensuring that user demand does not affect others. Additionally, the service is continually monitored so that when actual load increases, extra resources will be added to the platform

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export their data either:; - Via the download function within dashboards; - Via the API; - Via a support request
• Data export formats:
  • CSV
  • Other
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Specific SLAs are agreed per project and documented in the contract
• Approach to resilience: We use a redundant and fault tolerant architecture that has no single point of failure and is distributed across multiple public cloud regions. Further information is available on request.
• Outage reporting: Dashboard and e-mail alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
• Access restrictions in management interfaces and support channels: User credentials are used to secure management interfaces and support channels and provide strong authentication. All communications make use of session level encryption to protect confidentiality and integrity.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: SGS
• ISO/IEC 27001 accreditation date: 19/08/2022
• What the ISO/IEC 27001 doesn’t cover: This certification covers all aspects of the service
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Information security policies and procedures conform to ISO27001:2013 - currently pending external certification audit.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Conforms to ISO 27001:2013 standards. All development activities, including change management are tracked and audited through industry leading applications and platforms, including Confluence, Jira and GitLab. Change requests are tracked through internal tickets, merge requests reviewed (static analysis and manual review processes) and deployed through development, staging and production environments. At each step, manual and automated third party static code analysis is performed.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We use a combination of the below methods, and any issue detected will automatically trigger a task for it to be resolved:; Manual & automatic code review ; Package management (Automated scanning for known issues & upgrade paths); Container scanning; Daily dynamic code analysis & penetration testing; Static code analysis
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Compromises are identified through several means: (a) User reports; (b) Results of automated scans, including vulnerability and penetration testing services; (c) Internal Q&A testing. Incident management policies conform to ISO 27001:2013 standards.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incidents are reported by email. Tickets are raised on the back of the email and we will follow the same approach as detailed for change management, whereby incidents are reviewed both automatically and manually. Code is then tested and reviewed again.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Other
• Other public sector networks:
  • MODNet
  • MODCloud

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We have sought to maximise the use of technology to both minimise unnecessary travel and encourage sustainable solutions. At the same time through working with clients we are looking at how we can develop specific applications to support better sustainable decision making, and optimising the use of sustainable fuels.

  Covid-19 recovery

  In the wake of COVID-19 we have permanently moved to a remote working environment to ensure we can support all of our staff appropriately, bringing teams together as and when required both for business benefit and personal well-being.

  Tackling economic inequality

  As an SME based within Northern Ireland we have worked hard to generate and support a wider innovation and technology SME eco-system that can support each other and return economic benefit to the communities where we are located.

  Equal opportunity

  Fully transparent recruitment and promotion processes are supported by flexible and remote working arrangements to accommodate our team’s and individual needs. An equal opportunity employer we make reasonable adjustments as required to ensure we can recruit and retain our staff and in addition adhere to the Armed Forces Covenant.

  Wellbeing

  Championing health and wellbeing across the business, we strive to support our team’s mental and physical health. Provision of flexible work hours and the 4-day working week during July, August and December, as well as the last Friday in every month off helps to reduce peak pressures. In addition regular monthly team breakfasts, book club and welfare fund allow teams to share issues and problems in addition to bidding for more practical support.

Pricing

• Price: £199.99 to £500,000.00 a unit
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at frameworks@white.space. Tell them what format you need. It will help if you say what assistive technology you use.