IBISWorld

IBISWorld Ltd

IBISWorld is a leading online industry information provider of objective insight into how categories have performed in the past and their likelihood to perform in the future. Our products are written at an unparalleled degree of detail. They are updated frequently, giving you the confidence to make accurate business decisions.

Features

• Remote online access via username and password authentication
• Reports, tables and graphs are downloadable via Excel and PDF
• A Client Relationship Manager will manage your daily needs
• Training sessions can be conducted in house or via webinar
• IBISWorld's Support Centre is available for product queries
• We provide web Alerts for report updates
• You will receive API access with your Enterprise Membership
• The Reports will be updated 1-2 times per annum
• IBISWorld use a multi-variant regression method for forecasting.
• COVID-19 documentation are included within each Industry report

Benefits

• Detailed industry content for enhanced stakeholder briefs
• Strengthening negotiation on existing/new contracts
• Supporting analysis for detailed category plans
• A category risk early warning/red flag system
• Un-biased third-party resource validating purchasing decisions
• Instant access to new and/or unfamiliar categories
• Save time in desktop research to time consuming data
• To evaluate and benchmark major operators within the industry
• Develop procurement strategy through industry benchmarks
• Mitigate risk from your supply chain

£17,500 to £250,000 a licence a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sam.sharma@ibisworld.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

458011117231639

Contact

Sam Sharma
02076546809
sam.sharma@ibisworld.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements:
  • Supported browers
  • SAML 2.0 (for Federated SSO)
  • Email and URL whitelisting

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: A dedicated Client Relationship Manager is appointed to answer any questions on a day-to-day basis. The Support Centre is also available during normal business hours for general reports, product queries and new user registrations. Both telephone and email support are provided for all clients and their staff.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: We provide three levels of support at IBISWorld. Level one is critical, level two is some form of impact and level three is low impact for the business. ; ; We have a standard SLA agreement covering all three levels in detail. ; ; There is no additional cost for additional support as this is part of the service we provide. ; ; You will be provided with a dedicated Client Relationship Manager for any technical issues or if you are in need of any further support required.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Client Relationship Managers will provide in-house training sessions or via telephone and/or webinar. You will have access to all the supportive material to aid and benefit you during your on-boarding. ; ; First Year:; ; Month 1: Client Relationship Manager Introduction, Users set up with usernames and passwords, individual/group training kick off sessions and Determine membership ROI goals. ; ; Month 2 -10: On-going training support and implementation, continued best practice sharing and Quarterly usage and ROI check Ins. ; ; Month 10-12: Continued support training, implementation , Ensure ROI expectations have been met and continue membership for along term relationship.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: At the end of the contract licence agreement all IBISWorld information has to be destroyed. IBISWorld is GDPR compliant - Users will not be contacted once the contract has ended. ; ; IBISWorld can delete all user information on request from the client once the contract has ceased.
• End-of-contract process: Once the contract has ended all access from the users will stop and IBISWorld information will no longer be available and expected to be destroyed. ; ; There is no additional cost at the end of the contract. User information can be destroyed on request of the client.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The MyIBISWorld application has primarily been built to cater for desktop users. There is no difference in the type of functionality or services provided by the application when viewing the application in a browser on a mobile or desktop device. However, the application does not fully cater for responsive design on mobile devices.
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: Authentication to our APIs is detailed here https://developer.ibisworld.com/Developer/authentication; ; IBISWorld's APIs are designed for customer to pull data from our reports and use this data in their own systems. Customers must authenticate and call IBISWorld APIs in accordance with the documentation here https://developer.ibisworld.com/Developer/help/document/v2/; ; Customers cannot interact with or make changes to the my.ibisworld.com application via our APIs.
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: With the IBISWorld Enterprise Membership all users will have customization functionality. This includes "Bookmarks" allowing an user to select individual reports relevant to their roles/categories providing quick links to the reports, updates and relevant content providing an all round tailored experience. ; ; The "Industry Wizard Tool" will allow users to create a list of reports/categories depending on their specific requirements. E.g. supply chain risk via tier one and tier two suppliers and buyers.

Scaling

• Independence of resources: IBISWorld ensures that the infrastructure supporting the MyIBISWorld application has sufficient resources and redundancy to maintain site uptime, even during periods of peak client demand. IBISWorld IT staff regularly monitor infrastructure resource use and application uptime via several different monitoring tools (e.g. Monitis, Stackify Retrace) and respond to capacity issues if they arise (e.g. re-mediating processes require significant system resources, adding additional system resources as needed). IBISWorld also ensures throttling controls can be enabled during peak demand periods, if required. IBISWorld IT staff schedule running maintenance or system update processes during periods of low client demand.

Analytics

• Service usage metrics: Yes
• Metrics types: IBISWorld can provide clients with weekly/monthly/quarterly usage reports on request. This can include the amount of reports that are downloaded per user/user group, page viewa per report and retail value.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Other
• Other data at rest protection approach: We encrypt passwords at rest and user profile information at rest using AES 256 key size encryption. Otherwise, we do not generally encrypt data at rest, as we do not store sensitive personal data. A description of the data we collect is detailed in our privacy policy https://www.ibisworld.com/about/privacy/.
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: The reports are all available via the online platform, or you can download a full report in PDF format or print individual chapters. You can also save charts and graphs and extract data straight into excel. Additional features also include downloading reports into a word format. Graphs and tables are also extractable via PNG format.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Excel
  • Word
  • PNG
  • PDF
• Data import formats: Other
• Other data import formats: N/A

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: All our sites are interconnected using IPSec VPN tunnels. Staff working from home connect to our internal systems via Cisco AnyConnect Secure Mobility Client. Cisco AnyConnect has multi-factor authentication enabled (using Cisco Duo).

Availability and resilience

• Guaranteed availability: Based On Problem Severity Level: (SLA's also in the contract); ; - Level One: A significant impact to internal processes. ; - Level Two: Some impact to internal processes. ; - Level Three: Low impact to internal processes. ; ; Definition Examples, Response Time Service Level & Resolution Time Service Level outlined in detail within SLA Document.
• Approach to resilience: IBISWorld’s web and database servers are hosted by Amazon Web Services (AWS) in two independent regions (US West -Oregon and Sydney, Australia). In the event of an outage or disruptive incident in either hosting region we will be alerted by our cloud based website uptime monitoring solution (Monitis) and by our network monitoring software (PRTG). Our Emergency IT team are alerted and, in turn, implement the Business Continuity Plan. This plan involves switching our websites from the affected region to run off the remaining region while the incident response team investigates and re-mediates the incident.
• Outage reporting: Planned service outages will be conveyed to clients via their client relationship manager. Unplanned service outages are mitigated by our business continuity plan; if an unplanned outages affects client access, the client's relationship manager will communicate this directly with the affected client.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: IBISWorld client users have two levels of access: standard user and adminsitrator. IBISWorld staff can set users to one of these two levels; client administrators can also change these permissions. IBISWorld staff access to internal systems is controlled via a role-based access control model following the principle of least privilege.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: Less than 1 month

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Security Metrics
• PCI DSS accreditation date: 16/06/2020
• What the PCI DSS doesn’t cover: N/A
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We do not have ISO 27001 certification. However, we have a comprehensive set of IT security and compliance policies to ensure our applications and systems are secure. We also use Amazon Web Services (AWS) for our IT infrastructure – AWS has Soc 2 Type 2 certification but IBISWorld cannot share the report as it is confidential between IBISWorld and AWS.
• Information security policies and processes: The IT Operations and Compliance Manager is responsible for updating and disseminating IT security policies. Compliance with policies and processes is enforced by IT Operations and Compliance Manager, Global Head of IT, Network and Systems Manager and the CIO. Enforcement occurs through regular testing (PCI and penetration tests), reviews during the design, development and testing phases of the SDLC.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: IBISWorld does not have a dedicated Change Control Board or Committee that oversees all projects. A senior internal stakeholder and the Global IT Manager are usually included in the project team for larger projects. These two individuals are primarily responsible for change control. Security impact of changes are assessed at the design, testing (by Solutions Architect or other senior developers) and post-deployment maintenance (via application penetration test) stages of the SDLC. Components are tracked during their lifetime via the SDLC and helpdesk.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: All technology platforms prone to viruses are monitored for potential malicious software activity using Cisco AMP anti-Virus\Malware security solution. Vulnerability scanning, configuration reviews, network filtering and penetration tests are some of the methods used for identifying vulnerabilities. Critical patches are deployed automatically (where this is enabled) or as soon as possible by network staff. Other patches are deployed in a timely manner (as agreed by the IBISWorld business) We obtain external threat intelligence from a number of organisations, for example: Cisco-TALOS, Microsoft, ASIO, and global sources from open-source threat intelligence.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Potential compromises are identified via monitoring tools (such as Cisco AMP), code reviews, and penetration tests. Incident response processes are defined in the Incident Response Policy. Incidents are responded to in accordance with our Incident Management Policy and IT Helpdesk Policy.
• Incident management type: Supplier-defined controls
• Incident management approach: We have a general incident management process (incident response lifecycle) and two specific scenarios - response to breach of personal information and response to phishing attacks. Incidents are primarily reported via helpdesk, but may also be reported via email, MS Teams or phone to an IT staff member. Reports or notifications on incidents will be provided to clients if required for legal purposes or if those clients are affected by an incident; otherwise notification will be provided at IBISWorld's discretion.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  IBISWorld reports contain ESG Scores across every UK industry. Through the utilisation of these insights, organisations can have a better understanding of the Environmental, Social and Governance impacts of their customers/suppliers. ; ; IBISWorld's ESG Talking points help influence organisations to explore environmental considerations such as Greenhouse Gas Emissions, Waste Management among other factors with their staff and customers and subsequently focus on areas of improvement.

Pricing

• Price: £17,500 to £250,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sam.sharma@ibisworld.com. Tell them what format you need. It will help if you say what assistive technology you use.