BUSINESS MODELLING ASSOCIATES UK LIMITED

Decisio™ Cloud for Energy Transition and Net Zero

Decisio™ Cloud for Energy Transition (C4ET) is an AI-assisted planning solution designed to help address the challenges facing the UK to transform energy infrastructure planning and delivery, at pace, to meet Net Zero targets. The solution adopts a whole-systems approach, adaptive pathway planning and multi-stakeholder collaborative planning.

Features

• Whole-Systems Modelling and Planning
• Digital Adaptive Pathway Planning
• Asset Investment Optimisation
• Multi Energy Vector Transition
• Strategic Spatial Planning
• AI-assisted Infrastructure Planning and Delivery
• Net Zero Pathway Planning
• Local Area Energy Planning
• Digital Business Twin
• Increasing Collaboration

Benefits

• Capital Investment Optimisation
• Evidence-based Multi-stakeholder Collaborative Planning
• Operating Cost Optimisation
• Connected and Transparent Decision-Making
• Data Driven Planning
• Auto-Generation of Options
• Mass Scenario Analysis capabilities
• Understanding across strategic, tactical and operational planning horizons
• Assesses all options across your end-to-end, multi-energy vector value chain
• Configurable dependant on each unique business

£10,000 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at opportunities@businessmodelling.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

351988453750585

Contact

Alexia Galatis
+44 7909 628557
opportunities@businessmodelling.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: None
• System requirements:
  • None if SaaS model adopted
  • If private cloud adopted, Microsoft Licenses required

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Critical Defect: 2 hours (during business hours)
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: The support levels for Decisio™ are commensurate with non-business-critical applications. Typical support offered by BMA is during normal working hours (09:00 to 17:00) Monday to Friday weekly and excludes UK bank holidays, however enhanced levels of support are also provided for more business-critical applications and are tailored to meet the customer requirements.; Support is created through the use of an email triggered work ticketing system with guaranteed resolution times which are dependent on the criticality of the system to the customer and the nature of the reported issue, bug or feature request.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Onsite training, online training, or user documentation.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: On termination of a contract, ALL customer data (databases as well as backups) will be returned to the customer and any customer users will be removed from the system, within the agreed period.
• End-of-contract process: On termination of a contract, ALL customer data (databases as well as backups) will be returned to the customer and any customer users will be removed from the system, within the agreed period.; ; Applications and instances, used by the customer will be removed and BMA will seek assurance from the hosting provider (MS Azure) that all data has been removed from their systems.; ; Ownership of the application, excluding any customer data, will remain the ownership of the provider / supplier.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: The Decisio™ system is, by design, a decision support system and requires configuration in order for it to be used as intended for a particular use case. APIs can be used to call for particular services such as:; ; 1) Calling on a Pipeline service; a. A pipeline service may be used to carry out a number of internal Decisio™ functions, such as performing a specific analytics requirements, such as optimisation, time series analysis, simulation etc. ; b. The analytics process may be a readily available analytics process or a bespoke customer created analytics process.; c. The Pipeline may also be used to prepare data pre and post the analytics process and also import from and export data to the customer data repository. ; ; 2) Creating a scenario; a. The API may also be used to create multiple scenarios and then call on the pipeline process described above.; ; 3) Importing data; a. Importing data from an external source.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: With the use of the configuration settings, users can customise many different aspects of the software such as real-time dashboards and regular reports etc.

Scaling

• Independence of resources: MS Azure provides scalability by allowing for various consumed resources to be scaled up or down depending on demand and load. Decisio™ has the capability to make use of this “elastic” capability to assign load to resources that are capable of performing the requisite load as and when required.

Analytics

• Service usage metrics: Yes
• Metrics types: Usage reports are accessed through real-time dashboards and reports, and provides information on:; 1) User value edits. A record is maintained of any editable value that can be edited by users. The details captured are the new and previous value of the edited value, the user that made the edit, the model and scenario.; 2) A record of which user activated which pipeline and the resources consumed during the pipeline execution process.; 3) User logins; 4) Analytics function queueing and process times to ensure efficiency is maintained on system processes and queues are not in excess of agreed times.
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: User can export their data in a number of ways:; 1) The user can export data that is visible to them, by virtue of their role and permissions, directly from the user interface to spreadsheet or csv format.; 2) Data may also be exported from the embedded Power BI report interfaces.; 3) Finally, MS Azure makes use of Data Factory to ensure that data is transferred to customer repositories in a secure and formalised manner.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Default composite availability, which is the weighted availability of the individual system components, is 99.0%; ; BMA uses Azure Infrastructure for the system Hosting.; The main system components with the Azure Availability Guarantees follow:; SQL Managed Instance: 99.99% ; Web Service: 99.95%; Virtual Machines x2: 99.99%; PowerBI Embedded: 99.9%; Azure B2C: 99.99%; Azure Entra ID: 99.99%; Storage Accounts: 99.9%
• Approach to resilience: BMA makes use of Microsoft as a hosting provider. A typical installation of BMA’s Decisio™ decision intelligence platform is not designated a business-critical system, with resulting service level measures that comply with a 99.0% composite availability and associated resilience.; ; As a default approach to resilience and in the event of a complete failure of services at the hosting centre, Decisio™ and associated applications can be re-initiated at an alternative hosting facility within a 24 hour period and will include all data to within 15 minutes of the last user edit or process update.; ; BMA personnel also practice remote working on a weekly basis, providing resilience in the event of any one of the two England based offices becoming unavailable.
• Outage reporting: The system makes use of two methods to alert of outages, these are email alerts and dashboards.; ; In the event that an outage is expected or being experienced, and email will be sent to the appropriate user groups that are or will be affected.; ; A system dashboard will also be made available on standard services availability KPIs and bespoke KPIs can also be added.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: Users are authenticated using Microsoft B2C. Roles and permissions are provided to the user in the Decisio™ platform. Roles and permissions are provided on the basis of System Admins (Global Admins), Organisational Admins, Eco-system Admins, Application Admins and finally end users.; ; Each role has a defined list of capability made visible. The system admin has visibility of all functions with e descending level of capability down to applications admins. The role of end users is defined by the managerial roles that have configured the system accordingly.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: IAS Accredited
• ISO/IEC 27001 accreditation date: 08/07/2015
• What the ISO/IEC 27001 doesn’t cover: N/a
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Business Modelling Associates UK Ltd is ISO 27001 certificated and has been since 2016, and we will be re-certifying in August 2024.; ; Business Modelling Associates UK Ltd has a documented Information Security policy and Business Continuity Plan which defines roles and procedures of employees and contractors in the handling of customer information and in the event the businesses information systems are rendered unusable.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Business Modelling Associates UK Ltd makes use of Azure DevOps for the backing up and management of all system components, such as the reports, analytics models, solution configurations, user views and the platform code itself. A complete version history is maintained.; ; DevOps is used as the source repository from which all deployments to Dev, UAT, Sandbox, Staging and Prod as each component is tested in each of the environments prior to being released into Prod.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Makes use of Microsoft Azure as a hosting provider.; ; To assess potential threats Business Modelling Associates UK Ltd uses an independent 3rd party to undertake penetration testing of the application and site. The 3rd party is responsible for identifying and reporting on vulnerabilities.; ; Similarly, a different independent 3rd party is responsible for identifying and reporting on vulnerabilities relating to infrastructure and networks.; ; By default there is a monthly deployment of updated platform and applications to role out new features and patches. However, if features and patches are considered high priority, they are deployed immediately after being tested through the process.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: An independent 3rd party organisation continuously monitors the Decisio™ network to detect and report on potential compromises.; ; If a compromise is detected the data security team, which comprises of Business Modelling Associates UK Ltd leadership, employees and 3rd party providers, will assess the severity and impact of the compromise as soon as it has been reported.; ; If it has been determined that the compromise has resulted in data breach the Information Commissioner, affected customers and suppliers will be contacted to assist in any recovery and follow-up operations.
• Incident management type: Supplier-defined controls
• Incident management approach: As a company that is ISO 27001 certificated, we have standard processes which are initiated in the event of incidents.; ; Users report incidents by making use of a standard email address which is monitored and actioned as soon as it is received.; ; Currently incident reports are available on request, however these will be available within the Decisio™ platform to view on demand, in due course.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Decisio™ assists in the profitable transition to a resilient, low-carbon business model with proven AI-assisted decision-making.

Pricing

• Price: £10,000 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at opportunities@businessmodelling.com. Tell them what format you need. It will help if you say what assistive technology you use.