Simitive Ltd

Activity Based Costing and Contribution Analysis (ABC-HE)

ABC-HE provides a platform for the transparent planning, modelling and ongoing management and reporting of activity-based costing and contribution analysis.

Features

• Transparent cost routes
• Cost and contribution by course, module and student funding type
• Data tagging for data analytics
• Rules based approach to overhead consumption
• Integration with key university systems
• Creation of TRAC and TRAC(T) returns
• Detailed validation at every stage
• Modelling functionality
• Control reports to identify issues or unexpected results
• Ability to create multiple period versions (years) that are separate

Benefits

• More accurate costing of module delivery
• Reduction in time and errors in producing course costing
• A consistent approach to costing courses across the university
• Greater understanding of the cost drivers of overheads and estates
• Reduce time and errors in producing TRAC and TRAC(T) returns
• Financial appraisal of new and existing courses informs curriculum planning
• Permission based roles ensure data confidence
• Contribution based on income, expenditure and MSI being correctly attributed
• Highly configurable by the university staff
• Detailed validation avoids errors in data and resulting outputs

£15,000 a licence a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at devinder.whelan@simitive.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

479748461744076

Contact

Devinder Whelan
0117 9117950
devinder.whelan@simitive.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: The Simitive suite includes workload allocation management system (WAMS). Workload data is a key input into Activity Based Costing, Teaching Allocation Management (TAMS)
• Cloud deployment model: Private cloud
• Service constraints: Simitive systems are ‘locked’ during defined maintenance windows. There are no requirements for other downtime as the system is architected to provide 24 x 7 availability.
• System requirements:
  • Vendor supported Web browser
  • Internet access

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support calls are handled in line with the below standard SLAs. ; ; Severity 1: Critical system problem or issue. 15 minutes from receipt of notifcation.; ; Severity 2: Time critical problem or issue. 60 minutes from receipt of notification.; ; Severity 3 & 4: Non critical system problem or issue. Acknowledgement within 24 business hours from receipt of notification. A process will be agreed with the customer.; ; The above are for standard UK business hours (Monday to Friday 0900 to 1700 excluding bank and public holidays). Additional support hours including weekend support is available on request.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Standard support is available Monday to Friday (0900 to 1700) excluding Bank and Public Holidays. Support calls are handled in line with standard SLA.; ; Standard support is provided as part of the annual license fee, and no additional costs are payable by client. ; ; Extended support service, up to and including 24x7 support and managed services are available on request. Costs for extended services are based on the number of client licenses and the scope of the service.; ; Simitive have a Support manager who is responsible for ensuring SLA are met and to conduct regular service reviews.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: All projects follow Prince2 methodology, which defines the scope of the project and the required work-streams are established, for example SSO, data imports.; ; During the initiation and configuration requirements gathering, Simitive project managers work closely with the client.; ; Simitive provide the following types of training:; On-site training for system administrators; Remote training for system administrators
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats:
  • Word
  • Excel
• End-of-contract data extraction: Users can extract their data at any time via the application. In addition at the end of the contract client data is returned to the client in a format agreed with the client and deleted from Simitive systems. Any systems used in the provision of the services are cleansed to industry best practice standards.
• End-of-contract process: At the end of the contract client data is returned to the client in a format agreed with the client and deleted from Simitive systems.; ; Any systems used in the provision of the services are cleansed to industry best practice standards.; ; There are no additional costs at the end of the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: By necessity the responsive design of the system alters the look of screens to facilitate clarity on smaller devices.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: The system is capable of integrating with any system via its APIs. ; ; Simitive runs version 1.0 live REST API web service; secured with HTTPS and oAuth using a JSON format (other formats can be supported). This API allows a client to programmatically create/read/update user records and associated information.; ; Commonly connected systems are HR, Student Records, Timetabling, Research, Finance.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The system can be customised to allow individual organisation branding, terminology and import of any data.; ; Individual displays can be customised to different types of users and roles to ensure the content is relevant and engaging for all staff types. Within the system, there is customisation the client can configure.; ; Most Simitive Products allow extensive configuration by the client without recourse to Simitive

Scaling

• Independence of resources: Simitive systems are delivered via a massively scale-able architecture based on Amazon EC2. Each client's instance is isolated from all others to ensure that there can be no effects across clients.

Analytics

• Service usage metrics: Yes
• Metrics types: Service metrics are provided both within the system, through standard reports and through the use of google analytics.; ; In addition, Simitive Account Managers carry out service reviews with Clients on a regular basis.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: The system has a standard export function that allows users with appropriate permissions to export all data from the system.; ; The data held within the system can also be exported to a data warehouse.; ; The API is a bi-directional and will allow data to be written back to key systems as required.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Simitive systems are guaranteed to deliver 99.5% availability with service credits should this level not be achieved. ; ; Over the last 4 years Simitive has delivered 100% availability.
• Approach to resilience: Available on request.
• Outage reporting: Simitive monitors all systems continuously for any potential outages.; ; The systems architecture automatically replaces failing items before an actual outage occurs.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Users do not have access to management interfaces.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 03/12/2023
• What the ISO/IEC 27001 doesn’t cover: All areas of Simitive business and operations are covered
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: AWS FTR Certification

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Simitive have formal information security policies which are owned by the Managing Director and form an integral part of the company's standard operations. The policies and processes cover internal as well as service delivery security.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All changes to the Simitive cloud require approval by a Director and Head of Technical Services. Any changes are subject to impact assessment prior to any action.; ; As a user of Amazon EC2 Simitive are subject to and controlled by the certified standards and regulations that form part of Amazon service.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Simitive carry out continuous threat analysis and all patches are applied inline with industry best practice and providers recommendations.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Simitive systems are monitored constantly for any potential compromises through a suite of monitoring tools. As soon as a potential compromise is identified the instance or instances potentially affected are locked whilst detailed examination is carried out. Depending on the outcome of the investigation remedial actions are carried out and any changes made before the instance is reactivated. All actual or suspected incidents are managed and recorded in conformance with Simitive ISO27001 policies and standards
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Simitive have standard tested processes for incident management.; ; In the unlikely event that an end user is aware of an incident before Simitive it can be reported by email, phone or client portal 24x7. ; ; For any incident a report is produced following appropriate investigation and resolution which will be shared with any affected clients.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Simitive are a Certified B Corporation and it actions and commitments are publicly available via B-Corp; Simitive is registered in NetPositive and its commitments and actions are available via NetPositive

  Tackling economic inequality

  Simitive are a Certified B Corporation and it actions and commitments are publicly available via B-Corp; Simitive is registered in NetPositive and its commitments and actions are available via NetPositive

  Equal opportunity

  Simitive are a Certified B Corporation and it actions and commitments are publicly available via B-Corp; Simitive is registered in NetPositive and its commitments and actions are available via NetPositive

  Wellbeing

  Simitive are a Certified B Corporation and it actions and commitments are publicly available via B-Corp; Simitive is registered in NetPositive and its commitments and actions are available via NetPositive

Pricing

• Price: £15,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at devinder.whelan@simitive.com. Tell them what format you need. It will help if you say what assistive technology you use.