Skip to main content

Help us improve the Digital Marketplace - send your feedback

SAP UK Ltd

SAP LeanIX Application Portfolio Management

SAP LeanIX Application Portfolio Management is a SaaS app simplifying enterprise architecture management. It provides a 360° overview of all applications, business capabilities, and IT components, helping you identify dependencies, compatibility issues, and potential candidates for modernization. With LeanIX, you can create roadmaps for transformation initiatives and make better decisions.

Features

  • Data-rich architecture inventory based on fully configurable, customisable meta model
  • AI powered insights and architecture recommendations
  • Collaboration centric with unlimited users, surveys and To-Dos
  • Roadmap and scenario planning to project future states
  • Data quality emphasis with quality seals, automations, notifications and surveys
  • Out-of-the-box reporting, diagramming and dashboard capabilities
  • Automatic data enrichment via reference catalog (SaaS, lifecycles, TBM)
  • Seamless integration to enterprise ecosystem (Collibra, ServiceNow, Jira, SAP Signavio)
  • Integration API, REST API, GraphQL and Webhooks for seamless connection
  • Price: 100 applications per unit, tiered discount pricing, unlimited users

Benefits

  • Understand your IT landscape to transform your technology effectively
  • Streamline prioritization by connecting Enterprise Architecture initiatives to business capabilities
  • Alignment through a comprehensive overview of progress on transformation initiatives
  • Assess IT investment by connecting technology spending to business impact
  • Uncover and address redundancies to improve budget for strategic investment
  • Streamline budget forecasting with insight into dependencies and project complexity
  • Capture your IT landscape complexity with our intuitive Meta Model
  • Map apps to business capabilities for better planning
  • Provide universal access to EA data to increase data quality
  • Connect with your ecosystem to ensure data consistency

Pricing

£42,720.00 a unit a year

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at UKPublicSector@sap.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

3 7 9 9 6 2 4 1 4 8 1 7 6 8 0

Contact

SAP UK Ltd David Dinsdale
Telephone: +44 870 608 4000
Email: UKPublicSector@sap.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
There are no constraints using the service.
System requirements
  • Web Browser
  • Internet access

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our response time will be within 12, 24, or 48 hours depending on the package you select.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Level 1: LeanIX support reports a Fault cannot be
rectified within the Time to Restore.
Level 2: an additional 12 Business Hours pass
without rectification.
Level 3: an additional 24 Business Hours pass
without rectification.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
SAP LeanIX's comprehensive suite of onboarding services includes training and enablement, knowledge transfer, implementation and deployment, pre-built assets and model libraries, online learning, webinars, help guides, and community pages. With SAP LeanIX, you'll have all the tools and resources you need to make a seamless transition and get up to speed quickly.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
In the Export section of the administration area, you can export your workspace data to an XLSX file and view the export history. Each customer account is assigned a Customer Success Manager (CSM) or a Customer Success Onboarding Manager (CSOM) who is responsible for deleting their data when necessary. Upon the termination of a customer's contract, the assigned CSM receives a checklist on the following day to complete the request.
End-of-contract process
Every customer account has a dedicated CSM responsible for deleting their data. Onboarding customers have a CSOM assigned to them for the same purpose. Once a customer's contract ends, and the client has requested termination in writing, the CSM, in accordance with the client, completes a checklist after one day. The CSM completes the tasks, which include deleting any workspaces created for the customer. If the workspaces remain undeleted, an Escalation Call-to-Action is assigned to the responsible CSM Team Lead. To confirm workspace deletion, the CSM fills out a form and sends it to the customer. There is no additional cost involved in this process.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
None
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
SAP LeanIX is a user-friendly, web-based platform for managing IT infrastructure and systems, planning and designing IT architecture, and overseeing implementation. It provides a simplified, 360-degree overview of applications, business capabilities, and IT components to gain control of your IT landscape and create roadmaps for transformation initiatives. LeanIX empowers better and faster decisions through collaborative data collection, out-of-the-box integrations, and fast insights.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
We ensure that our platform's main features comply with WCAG 2.1 AA to make it accessible to a wide range of users. We're working to make all aspects of SAP LeanIX solutions WCAG 2.1 AA compliant without compromising critical functionalities. We value user feedback to help us improve our platform's accessibility.
API
Yes
What users can and can't do using the API
LeanIX provides multiple APIs which allow you to read and manipulate data. This guide provides an overview of the APIs and their key use cases, including REST APIs, GraphQL API, Integration API, and webhooks. The LeanIX REST APIs provide access to a range of resources such as the Meta Model, Workspace settings, Users, Metrics, Surveys, and more. You can use these APIs to integrate with systems that support RESTful interactions. GraphQL is a query language for APIs that enables clients to request specific data, developed by Facebook as a more efficient and flexible alternative to traditional REST APIs. The Integration API features the ability to import and export data using a generic LeanIX Data Interchange Format (LDIF). Webhooks allow you to receive updates about events in near real-time in LeanIX. With webhooks, you can create event-driven triggers that initiate automated actions and automate workflows for your organization, eliminating manual processes.
API documentation
Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
SAP LeanIX is a highly customizable tool that can be configured to meet individual requirements, saving both time and money. It comes with commonly used functions and configurations pre-built, making it easy to set up "out-of-the-box". The tool provides extensive guides on how to configure it, enabling users to modify reports, add business capability maps, and lifecycle categories without requiring additional support. If further customization is needed, our professional services team is available to help you create a tailored setup for optimal use and outcome creation.

Scaling

Independence of resources
SAP LeanIX is a Software-as-a-Service (SaaS) solution that offers cloud-based services catering to the growing and scaling performance and storage demands of businesses.

Analytics

Service usage metrics
Yes
Metrics types
LeanIX has three default roles, viewer, member, and admin, to govern access to information. You can request custom settings for each role or add new roles. LeanIX supports SSO through SAML 2.0 protocol for centralized authentication allowing users to access multiple applications with a single login. SSO providers also provide insights into service usage metrics.
Reporting types
  • API access
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users can extract their data using the export feature option in SAP LeanIX. This option enables the user to export an XLSX file and view the export history.

Export options for the workspace:
1. Full Snapshot: Complete workspace data, including active fact sheets and related objects.
2. Changelog: Data-related changes to the workspace within a specified timeframe.
3. Archive: Full snapshot of archived workspace data, including all archived fact sheets and related objects.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • PNG
  • XLSX
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • Drawio
  • Lucidchart diagram files
  • .vsdx
  • PNG
  • SVG
  • JPEG
  • XLSX

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
Administrative access (e.g., via SSH) is secured by a VPN. Access to the VPN is secured by means of two factor authentication (password and certificate). The servers of the production system are used exclusively for running the product, and have no open external ports except for HTTP(S) (ports 80 and 443). Access via SSH is only possible from the VPN.

Availability and resilience

Guaranteed availability
The SLA is 99.7% up time, with planned outages at the weekend. SAP will provide to customers a monthly report describing the System Availability percentage for the applicable SAP Cloud Service either (i) by email following a customer’s request to its assigned SAP account manager, (ii) through the SAP Cloud Service or (iii) through an online portal made available to customers, if and when such online portal becomes available. Customer may claim a credit in the amount described in the table of Section 3.2 in the below document, in case of SAP’s failure to meet the System Availability SLA, which credit Customer may apply to a future invoice relating to the SAP Cloud Service that did not meet the System Availability SLA. Claims under this Service Level Agreement for SAP Cloud Services must be made in good faith and by submitting a support case within thirty (30) business days after the end of the relevant Month in which SAP did not meet the System Availability SLA. For more more information on this, please see this document: https://www.sap.com/uk/about/trust-center/agreements/cloud/cloud-services.html?search=Service+Level+Agreement&sort=latest_desc&tag=language:english&pdf-asset=c6188734-927d-0010-87a3-c30de2ffd8ff&page=1
Approach to resilience
Customer data, configurations and LeanIX application functions are backed up to the Read-Access Geo-redundant storage (RA-GRS). In case of a disaster, data from RA-GRS shall be restored to servers in primary regions. If the primary regions are not available, post seeking consent from its customers, LeanIX shall restore the data in the secondary region.
Outage reporting
Customers can subscribe to status.leanix.net and will automatically be informed via e-mail about incidents or can visit monitoring.leanix.net for more detailed statistics.

Identity and authentication

User authentication needed
Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Access is granted based on job roles and the principle of least privilege. When a new employee joins, access requests are made through JIRA onboarding tickets. Depending on their role, the user will be granted access to pre-approved applications. If they require access to additional applications, approval must be sought from the respective Vice President or their designate. We use Okta Single Sign On with Multi-Factor Authentication for secure access to our systems and applications.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI Group
ISO/IEC 27001 accreditation date
16/09/19
What the ISO/IEC 27001 doesn’t cover
Whole company and all process are covered
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
  • SOC 2
  • TISAX

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
LeanIX is ISO 27001, SOC 2 Type 2, TISAX and Cyber Essentials Plus certified. Policies are aligned with the requirements of ISO 27001:2022 and SOC 2 standards.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
LeanIX utilizes the SCRUM methodology to develop its product, wherein each sprint cycle spans two weeks and entails one or more modifications. To mitigate associated risks, LeanIX conducts various meetings, such as planning and retrospectives, and incorporates automated testing. Any exceptions are approved by the Chief Technology Officer prior to deployment. All change requests are recorded in JIRA. LeanIX employs a fully automated Build-Test-Deploy toolchain that leverages a continuous integration server, ensuring that all application changes undergo both manual and automated testing in test and staging server environments before being migrated to production.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Our patch management process at LeanIX has four stages. Firstly, we monitor and classify identified vulnerabilities through monthly scan reports from Qualys or alerts from reliable forums. Secondly, the Engineering & Product department identifies vulnerabilities related to LeanIX application and its components using appropriate tools such as SCA and SAST. Adequate testing is carried out before deploying the patches to ensure their effectiveness. The patch timeline is categorized into four levels: Very High/Critical (30 days), High (30 days), Medium (90 days), and Low (120 days).
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
LeanIX uses Microsoft Azure's Advance Threat Protection (ATP) and Microsoft Defender for security. It has OSSEC HIDS on servers and Azure Log Analytics for log management with a Slack channel for incident monitoring. OSSEC HIDS logs are fed into Azure Log Analytics, triggering alerts per configured rules. The InfoSec and Shared Services teams monitor the logs and take appropriate actions based on the Information Security Incident Management Procedure.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
The Information Security team monitors potential channels for incidents, including reports from employees, Legal team, internal audits, SIRT, automated alerts, IT, external sources, and Clear Desk/Screen Audits. Containment time varies from 4 hours to 17 days based on severity. In case of a customer data breach, LeanIX will notify key personnel transparently within 72 hours.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

SAP is committed to a future sustainable world and acts as both an exemplar and enabler of sustainability. For the 16th consecutive year, SAP was named the Software Industry Leader in the Dow Jones Sustainability Index - https://www.sap.com/sustainability/our-approach.html. SAP is committed to fighting climate change by reducing carbon and other emissions. SAP became Carbon Neutral by 2023 and will be Net Zero by 2030.

On any G-Cloud Contract, SAP will create a Social Value Action plan in collaboration with the buyer. Progress will be reviewed, and the plan will be refreshed annually. For fighting climate change, we expect that this plan will include:

supporting your journey to Net Zero by ensuring renewable energy is used in the data centres providing the services and that all services will be 100% carbon neutral from the first day of service.

offer a workshop to the buyer’s team on the sustainability features of the product that has been purchased and / or the wider SAP suite of sustainability offerings such as the Sustainability Control Tower.

Work with the buyer’s team to promote the free, high-quality learning about sustainability that is available and free to any member of the public on the Open SAP learning portal at https://learning.sap.com.

Covid-19 recovery

On any G-Cloud Contract, SAP will create a Social Value Action plan in collaboration with the buyer. Progress will be reviewed, and the plan will be refreshed annually. To help local communities to manage and recover from the impact of COVID-19, SAP can support buyers in several areas. As part of the Social Value Action plan, SAP will:

To support re-training and other return to work opportunities for those left unemployed by COVID-19, particularly new opportunities in high growth sectors. SAP will offer a range of free on-demand and facilitated training to communities served by the buyer. This will be delivered free using the SAP learning portal at https://learning.sap.com. Currently available courses include topics like Circular Economies, Opportunities from a Digitally Transformed Economy and New Work and Purpose.

SAP offers buyers support in key areas for social value relating to COVID 19 Recovery – new ways of working to deliver services; support for the physical and mental health of people affected by COVID-19 and improved workplace conditions such as remote working and sustainable travel solutions. As part of the Social Value Action plan, we will offer a workshop to explain the support we can offer and add tasks to the plan where appropriate.

Tackling economic inequality

There are two themes outlined in the guidance relating to this area of social value - Create new businesses, new jobs and new skills; and increase supply chain resilience and capacity.

With respect to skills, as part of the annual Social Value Action plan:

SAP will offer a range of free on-demand and facilitated training to communities served by the buyer. This will be delivered free using the SAP Learning portal at https://learning.sap.com. Currently courses cover a range of in demand skills in the IT industry such as Artificial Intelligence, Analytics and Application Development. For these courses, where relevant, SAP will also provide access to technical platforms at no charge so that students may complete the practical learning components of each course.

With respect to increasing supply chain resilience and capacity, as part of the annual Social Value Action plan:

SAP will offer to brief the buyer’s procurement and finance teams on the opportunities relating to the SAP Ariba Procurement offering. This could include on-boarding the buyer’s suppliers to the SAP Business Network, a €3.2TN marketplace for suppliers where they can grow their businesses. SAP Ariba Procurement also offers capabilities around supplier risk management to ensure that the buyer’s supply chain achieves the desired level of resilience. The guided buying capabilities of SAP Ariba Procurement also allow the buyer to make it easy for staff to support and comply with organisational social objectives, for example spending with sustainable enterprises or local small businesses. SAP will also share our learnings from 5 by 5 in ’25, an initiative designed to encourage organizations across industries to direct more of their addressable spend toward certified social-enterprise and diverse-business suppliers. https://news.sap.com/2020/10/sap-launches-55by25-purposeful-procurement/

Equal opportunity

SAP is committed to being one of the most diverse and inclusive software companies in the world. We proactively promote diversity, inclusion, and social justice and work to ensure that our workforce reflects the gender parity and demographics of all the regions where we have employees. We make every effort to ensure that all stages of the employee lifecycle are inclusive to enable employee success. As part of the Social Value Action plan, SAP will propose a Social Innovation Workshop to explore areas of equal opportunity and look at how we approach diversity and inclusion to see how a shared approach with the buyer could help the buyer’s staff and communities that the buyer serves. For example, SAP supports the following organisations and initiatives:

Stemettes is an award-winning social enterprise working across the UK & Ireland and beyond to inspire and support young women and young non-binary people into Science, Technology, Engineering and Maths careers (known collectively as STEM).

Enactus UK – SAP is the Platinum technology partner for Enactus UK, giving access to one of the UK’s largest innovation and entrepreneur networks in the UK. Enactus allows teams of students all over the country to work together to find innovative solutions to social issues within their local and international communities;

Apps For Good believes that all young people should be empowered to take action on the things they care about most. They provide free tech innovation courses to schools, giving teachers ready-made education content, so young people from all backgrounds can develop computing and essential skills to create a brighter future through technology. Apps For Good partner with leading brands to keep their course content 100% free of charge to schools, as well as giving students the opportunity to directly benefit from their industry expertise.

Wellbeing

As part of the Social Innovation Workshop described in the Equal Opportunity section, SAP will include the theme of ‘Wellbeing’ to review optional initiatives that can be added to the Social Value Action plan. For example:

Innovation – SAP offers clients the ability to run innovation workshops on themes that are important to clients. This is often in collaboration with users and communities who can codesign and create a proof of concept of solutions that would address specific challenges and opportunities. We will also offer free training on innovation topics via our SAP Learning portal - https://learning.sap.com. Current courses include Intrapreneurship – Employee-driven Innovation.

Employee and community pulse – SAP is a leading provider of solutions relating to personal wellbeing. We offer to share our learnings of what works well for different challenges and situations that clients wish to explore. We can share examples of how organisations have supported the physical and mental health of their workforce. A current example would be around working practices and return to work in a post COVID pandemic world.

Self-service and a great user experience are key principles of SAP services. We will share insights learned from working with many public service organisations and the world’s most recognised brands on how digital services can bring people and communities together. These insights may then trigger actions that can be added to the Social Value Action plan.

Pricing

Price
£42,720.00 a unit a year
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at UKPublicSector@sap.com. Tell them what format you need. It will help if you say what assistive technology you use.