Splash Business Intelligence

SplashBI - Business Intelligence, Reporting & Analytics Platform & Solutions

Business Intelligence, Reporting & Analytics Platform, with pre-built solutions including data pipes and content for Oracle Reporting, People Analytics, CRM Analytics, Financial Reporting and Analytics and Legacy Data Reporting. The SplashBI platform gives users access to create, modify, and run dashboards and reports from any data source.

Features

• Ad Hoc Reporting and Dashboard
• Multiple Output Formats, including PDF, HTML, Excel
• Combine Data from Different Sources (Data Mashup)
• In Memory Analytics
• Active Directory Support
• Microsoft Excel, HTML and Device Front Ends
• Scheduling and Distribution
• Connectors for any data source
• Real Time Reporting
• Pre-Built Oracle EBS Reports and Dashboards

Benefits

• Real Time Reporting
• Data Modelling from Disparate sources.
• Improve operational efficiencies
• Mobile accessibility & Excel Front End .
• Intuitive Drag & Drop User Experience
• Easy Monitoring and Administration
• 100's of Dashboard Visualisations
• User Subscription Based Licensing
• Oracle EBS Ready to Go Reporting Modules
• Easy to use and learn, self-service

£150 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at graham.spicer@splashbi.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

465170840175201

Contact

Graham Spicer
07775653956
graham.spicer@splashbi.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: No Constraints
• System requirements:
  • An operating system -Linux, Sun Solaris,HP-UX or IBM AIX
  • Microsoft Office for SplashBI excel plugin to work
  • Java 1.7 & above
  • Mysql 5.6 or Oracle 11g for Metadata repository

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support for Priority-1 emergency issues is provided 24x7x365 while other issues are supported 24x5 excluding public holidays.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support for Priority-1 emergency issues is provided 24x7x365 while other issues are supported 24x5 excluding public holidays.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: A dedicated on-boarding project manager will be deployed to help walk through the process. Typical on-boarding process includes scope definition, provisioning and training. We can provide a more specific on-boarding plan soon after we learn about your goals.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Online Help manual, accessed from within the Product upon login.
• End-of-contract data extraction: Data is not stored in SplashBI therefore off-boarding is not required. The data remains in the original data sources.
• End-of-contract process: Terms and conditions of the subscription contract will apply.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
  • Other
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There are no differences between our mobile, Excel or HTML services. We don't offer a desktop service.
• Service interface: No
• User support accessibility: WCAG 2.1 AAA
• API: Yes
• What users can and can't do using the API: SplashBI comes with its complete documentation that allows the user to understand how the API can be configures and furthermore what services can be used and how. APIs are available only for the Dash-boarding section of the product. Users will be able to submit the data and obtain a corresponding visualisation.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Various customisations can be made such as local language etc.

Scaling

• Independence of resources: Customer environments are logically segregated to prevent users and customers from accessing resources not assigned to them.; ; Services which provide virtualisation operational environments to customers (i.e. EC2) ensure that customers are segregated via security management processes/controls at the network and hypervisor level.; ; AWS continuously monitors service usage to project infrastructure needs to support availability commitments/requirements. AWS maintains a capacity planning model to assess infrastructure usage and demands at least monthly, and usually more frequently. In addition, the AWS capacity planning model supports the planning of future demands to acquire and implement additional resources based upon current resources and forecasted requirements.

Analytics

• Service usage metrics: Yes
• Metrics types: SplashBI Dashboards contain more than 100 different types of visualisations and charts to allow users to customise their dashboards to best reflect the trends, outliers, and metrics that are important to their organisation.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: OCI adheres to independently validated privacy, data protection, security protections and control processes. (Listed under “certifications”).; ; OCI is responsible for the security of the cloud; customers are responsible for security in the cloud. OCI enables customers to control their content (where it will be stored, how it will be secured in transit or at rest, how access to their OCI environment will be managed).; ; Wherever appropriate, OCI offers customers options to add additional security layers to data at rest, via scalable and efficient encryption features. OCI offers flexible key management options and dedicated hardware-based cryptographic key storage.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data is not stored in SplashBI therefore exporting is not required. The data remains in the original data sources, however reports can be exported.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • PDF format output for the reports
  • XML format for the reports
  • Excel workbook for the reports
• Data import formats: Other
• Other data import formats: SplashBI can connect to any data source

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Security is also taken care and modified if required depending on the Configuration as per the Client/deployment site.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Data Is protected using our own layer of Domain and source level security.

Availability and resilience

• Guaranteed availability: OCI currently provides SLAs for several services. Due to the rapidly evolving nature of OCI’s product offerings, SLAs are best reviewed directly on our website via the links below:; ; • Amazon EC2 SLA: http://OCI.amazon.com/ec2-sla/ - ; • Amazon S3 SLA: http://OCI.amazon.com/s3-sla - ; • Amazon CloudFront SLA: http://OCI.amazon.com/cloudfront/sla/ - ; • Amazon Route 53 SLA: http://OCI.amazon.com/route53/sla/ - ; • Amazon RDS SLA: http://OCI.amazon.com/rds-sla/ - ; • OCI Shield Advanced SLA: https://OCI.amazon.com/shield/sla/ --; ; Well-architected solutions on OCI that leverage OCI Service SLA’s and unique OCI capabilities such as multiple Availability Zones, can ease the burden of achieving specific SLA requirements.
• Approach to resilience: The OCI Business Continuity plan details the process that OCI follows in the case of an outage, from detection to deactivation. OCI has developed a three-phased approach: Activation and Notification Phase, Recovery Phase, and Reconstitution Phase. This approach ensures that OCI performs system recovery and reconstitution efforts in a methodical sequence, maximising the effectiveness of the recovery and reconstitution efforts and minimising system outage time due to errors and omissions. ; ; OCI maintains a ubiquitous security control environment across all regions. Each data centre is built to physical, environmental, and security standards in an active-active configuration, employing an n+1 redundancy model, ensuring system availability in the event of component failure. Components (N) have at least one independent backup component. All data centres are online and serving traffic. In case of failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites. ; ; Customers are responsible for implementing contingency planning, training and testing for their systems hosted on OCI. OCI provides customers with the capability to implement a robust continuity plan, including the utilisation of frequent server instance back-ups, data redundancy replication, and the flexibility to place instances and store data within multiple geographic regions across multiple Availability Zones.
• Outage reporting: Public dashboard; personalised dashboard with API and events; configurable alerting (email / SMS / messaging)

Identity and authentication

• User authentication needed: Yes
• User authentication: Other
• Other user authentication: Security can be configured as per the client needs, it can be a native authentication method or enable single sign on further with any of the authentication services the client uses on premise.
• Access restrictions in management interfaces and support channels: User type, User ID and password.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: IMETA - BSI Accredited
• ISO/IEC 27001 accreditation date: 04/12/2023
• What the ISO/IEC 27001 doesn’t cover: N/a
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: SOC 2 Type II

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: OCI implements formal, documented policies and procedures that provide guidance for operations and information security within the organisation. Policies address purpose, scope, roles, responsibilities and management commitment. ; ; Employees maintain policies in a centralised and accessible location. OCI Security Assurance is responsible for familiarizing employees with the OCI security policies. ; ; OCI has established information security functions that are aligned with defined structure, reporting lines, and responsibilities. Leadership involvement provides clear direction and visible support for security initiatives. ; ; The output of OCI Leadership reviews include any decisions or actions related to:; ; Improvement of the effectiveness of the ISMS. ; Update of the risk assessment and treatment plan.; Modification of procedures and controls that affect information security to respond to internal or external events that may impact the ISMS. ; Resource needs. ; Improvement in how the effectiveness of controls is measured. ; ; Policies are approved by OCI leadership at least annually or following a significant change to the OCI environment.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Changes to OCI services and features follow secure software development practices, including security risk reviews prior to launch. Developer access to production environments is via explicit access system requests, subject to owner review and authorisation. ; ; Teams set bespoke change management standards per service, underpinned by standard OCI guidelines.; ; All production environment changes are reviewed, tested and approved. Stages include design, documentation, implementation (including rollback procedures), testing (non-production environment), peer to peer review (business impact/technical rigour/code), final approval by authorised party.; ; Emergency changes follow OCI incident response procedures. Exceptions to change management processes are documented and escalated to OCI management.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: OCI Security performs vulnerability scans on the host operating system, web applications, and databases in the OCI environment. Approved 3rd party vendors conduct external assessments (minimum frequency: quarterly). Identified vulnerabilities are monitored and evaluated. Countermeasures are designed and implemented to neutralise known/newly identified vulnerabilities.; ; OCI Security monitors newsfeeds/vendor sites for patches and receives customer intelligence via http://OCI.amazon.com/security/vulnerability-reporting/.; ; OCI customers are responsible for all scanning, penetration testing, file integrity monitoring and intrusion detection for their Amazon EC2 and Amazon ECS instances/ applications. Scans should include customer IP addresses (not OCI endpoints). OCI endpoint testing is part of OCI compliance vulnerability scans.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: OCI deploys (pan-environmental) monitoring devices to collect information on unauthorised intrusion attempts, usage abuse, and network/application bandwidth usage. Devices monitor: Port scanning attacks, Usage (CPU, processes, disk utilisation, swap rates, software-error generated losses), Application metrics, Unauthorised connection attempts.; ; Near real-time alerts flag potential compromise incidents, based on OCI Service/Security Team- set thresholds.; ; Requests to OCI KMS are logged and visible via the account’s OCI CloudTrail Amazon S3 bucket. Logs provide request information, under which CMK, and identify the OCI resource protected through the CMK use. Log events are visible to the customer after turning on OCI CloudTrail in their account.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: OCI adopts a three-phased approach to manage incidents:; ; 1. Activation and Notification Phase;; 2. Recovery Phase;; 3. Reconstitution Phase. ; ; To ensure the effectiveness of the OCI Incident Management plan, OCI conducts incident response testing, providing excellent coverage for the discovery of defects and failure modes as well as testing the systems for potential customer impact.; ; The Incident Response Test Plan is executed annually, in conjunction with the Incident Response plan. It includes multiple scenarios, potential vectors of attack, the inclusion of the systems integrator in reporting and coordination and varying reporting/detection avenues.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity

  Tackling economic inequality

  Creating new jobs and skills and increasing our supply chain resilience and capacity. This will include but is not limited to: ; ● Engaging with SMEs, VCSEs and Mutuals to develop your supply chain.; ● Grow supplier diversity within your supply chain.; ● Implement the 5 foundational principles of the Good Work Plan.; ● Supporting your contract workforce with career development.; ● Supporting contract workforce to obtain relevant training specially to develop skills facing shortages.; ● Engage and collaborate with a diverse supply chain, e.g. SMEs, VCSEs and mutuals.; ● Having fair and responsible relationships with your supply chain; ● Measures to ensure the development of innovative technologies and methods to modernise delivery and increase productivity.; ● Approach to organisational learning and continuous improvement.; ● Managing cyber security risks throughout the supply chain, engaging with the supply chain to identify and build resilience against cyber security risks, raising cyber security awareness and committing to adopting the technical standards and best practice detailed by the NSCS, Cyber Essentials and the Technology Code of Practice.

  Equal opportunity

  We are an equal opportunity employer and look to reduce the disability employment gap and tackle workforce inequality wherever possible. This could include but is not limited to:; ● activities that demonstrate planned increases to representation of diabled people & measures to reduce barriers to disapled people securing jobs.; ● support disabled people in developing new skills.; ● measures to tackle inequality in employment skills (training, apprenticeships, etc.).; ● offering a range of progression opportunities.; ● supporting in-work progression, including inclusive and accessible development practices.; ● identifying and managing the risks of modern slavery.

Pricing

• Price: £150 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Sandbox instance with ready-to-use reports and dashboards on pre-designed data models.
• Link to free trial: https://splashbi.com/free-trial

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at graham.spicer@splashbi.com. Tell them what format you need. It will help if you say what assistive technology you use.