Sysdoc Ltd

Serendata Change Management Enablement Software

Serendata brings Change data to life with powerful analytics and real-time reporting. The insights it generates mitigate the risks associated with Change Management initiatives, such as Change overload and conflicting business priorities. Moreover, it allows decisions to be made at pace based on a single trusted source of truth.

Features

• Our process mapping provides a foundation to guide Change Management.
• Serendata Insight keeps data at your fingertips, accelerating Change journeys.
• Quickly identify areas of concern via evidence based insights.
• Automate manual and laborious tasks, freeing up Change Managers' time.
• Centralise all projects, providing a coordinated single source of truth.
• Course correction tools allow for proactive issue prevention.
• Role to position mapping identifies impacts individuals.
• Serendata Pulse tracks business readiness throughout the entire project lifecycle.
• Change impact heat mapping to better understand stakeholder capacity levels.
• Built-in S/4HANA processes upon which to base Change Management journey.

Benefits

• By anticipating obstacles and delays, Serendata reduces programme abandonment.
• Increases efficiency of Change team, saving time and money.
• Insight dashboard allows for effective Change planning and communication.
• By involving staff at all levels, Serendata ensures accountability.
• Provides a clear picture of load on impacted stakeholder group.
• Reduce costs by meeting milestones and delivering projects on time.
• Better understanding of resourcing needs of Change Management team.
• Multiple reference cases demonstrate efficacy on global ERP Change programmes.
• S/4HANA integration allows for accelerated and comprehensive Change Management process.
• Assured by three decades of Sysdoc's Change Management successes.

£150 a user a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at business.development@sysdoc.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

490355754429306

Contact

Paul Greenwood
+44 203 002 4825
business.development@sysdoc.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: There are no major service constraints that buyers should be aware of. As stated, our service is adaptable, and can be deployed either through the Azure Cloud, or though alternative means according to the customer's need.
• System requirements: Browser based

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We will aim to respond to questions within four hours during our business hours, which are Monday - Friday, 9am - 5pm, excluding UK public holidays.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AAA
• Web chat accessibility testing: .
• Onsite support: Onsite support
• Support levels: Our support levels are flexible and can be adjusted in accordance with customer requirements. In addition, we ensure that all our clients have access to both a technical account manager and cloud support engineer.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We hold a discovery session with the client in which we identify data migration needs, user training needs, and any other relevant technical aspects of the service. The deployment is then run by a Customer Success Manager, who works typically remotely. Alongside the instructor training and onboarding sessions we provide, we also grant users access to our online knowledge portal, which hosts an ever-growing library of quick-start video tutorials pertaining to all of the key problems customers may encounter, as well as the tips and tricks to help them solve those problems. Our knowledge portal, a single source of truth, is designed for intuitive, easy use, and provides organisations with an out-of-the-box solution to help drive both efficiency and collaboration. Moreover, it allows user employees to self-serve, helping them to access any relevant topic or solution as quickly and easily as possible.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: The product has in-built functionality to allow all data to be easily exported to a CSV format when the contract ends. Data deletion can be agreed at the time of the customer's choosing or 6 months following the end of the contract term.
• End-of-contract process: The product contains an easy-to-use data offboarding functionality that we are happy to provide to the customer at an additional cost. The data deletion will occur at the time of the customer's choosing or 6 months following the end of the contract term.

Using the service

• Web browser interface: Yes
• Supported browsers: Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: While the mobile service is perfectly functional and responsive on mobile, the interface provided is the standard desktop view rather than a bespoke mobile version.
• Service interface: No
• User support accessibility: WCAG 2.1 AAA
• API: No
• Customisation available: Yes
• Description of customisation: We can customise users' core data, including locations, different roles, business areas, impact types, methodology and approach, change impact assessments, and readiness tracking, to reflect the circumstances of each of our business users. Each programme that an individual business then runs within the service will account for and marry up with the set of their customised core data.

Scaling

• Independence of resources: Our service runs on the Azure Cloud, with Kubernetes architecture, and, as such, scales to the number of users making use of it at any given time. Kubernetes streamlines container management, optimises resource utilisation, and enhances DevOps efficiency, thereby ensuring resource independence in microservices architecture. As a result of such architecture, our service is not affected by sudden upsurges in the number of users, guaranteeing users independence of resources.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide service usage metrics through user data reports that we can generate for our clients upon request. These reports cover key user impacts such as number of user log-ins as well as user time spent on the platform. These reports are exported in Excel format, and include illustrative graphs to help clients to visualise and understand the metrics at hand.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export their data via a CSV file.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network: Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Serendata is hosted on Microsoft Azure, and therefore the availability we guarantee reflects Microsoft Azure's availability SLAs as follows: ; ; Virtual Machines (VMs): Azure guarantees at least 99.9% availability for VMs running in a single availability zone. For VMs deployed in multiple availability zones, the guarantee increases to 99.99%.; ; Azure App Service: The SLA for Azure App Service is 99.95%.; ; Azure SQL Database: The SLA for Azure SQL Database varies based on the service tier. For example:; ; Basic and Standard tiers: 99.99% availability.; Premium and Business Critical tiers: 99.995% availability.; ; Azure Storage: The SLA for Azure Storage depends on the storage redundancy option:; ; Locally redundant storage (LRS): 99.9% availability.; Geo-redundant storage (GRS): 99.99% availability.; ; Azure Cosmos DB: The SLA for Azure Cosmos DB is 99.99% for both read and write operations.; ; Azure Functions: The SLA for Azure Functions is 99.95%.; ; These SLAs represent the minimum guaranteed availability. In practice, Azure services often achieve higher availability.
• Approach to resilience: In our commitment to maintain robust security practices, we align our approach to resilience with the ISO 27001 standards. ; ; Here’s how we ensure our systems and processes meet these requirements:; ; 1. Risk Assessment and Management: We conduct regular risk assessments to identify potential threats and vulnerabilities. Our risk management framework includes risk identification, analysis, evaluation, and treatment. We prioritise risks based on their impact and likelihood, ensuring effective mitigation strategies.; ; 2. Business Continuity Planning: We develop comprehensive business continuity plans (BCPs) to minimise disruptions during incidents. Our BCPs cover scenarios such as cyberattacks, natural disasters, and infrastructure failures. Regular testing and updating of BCPs ensure their effectiveness.; ; 3. Incident Response and Recovery: Our incident response team follows predefined procedures to handle security incidents. We maintain incident response playbooks, detailing steps for containment, eradication, and recovery. Post-incident reviews help us learn and improve our response capabilities.; ; 4. Access Control and Authentication: We enforce strict access controls to limit system access to authorised personnel. Multi-factor authentication (MFA) is mandatory for critical systems. Regular access reviews ensure permissions remain aligned with roles.
• Outage reporting: We use a outage robot that will automatically notify us of any system outages as soon as they occur. We will then pass that information on to our clients through a public service data page that we host on our website. We use this page both to report on the most up-to-date service data as well as any planned outages.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Other
• Other user authentication: Authentication of our users is managed by a trusted third party service, Okta, who provide cloud-based identity and access management for applications, devices, and users. The level of authentication they provide, including the option of 2-factor authentication, is customised according to the wishes of each of our clients.
• Access restrictions in management interfaces and support channels: We restrict access in management interfaces and support channels using role-based access control (RBAC):; ; 1. Management Interfaces: Our management interfaces (such as admin dashboards and APIs) are accessible only to authorised personnel. RBAC defines roles (e.g., admin, manager, operator) and assigns permissions based on job responsibilities. Administrators have elevated privileges, while other roles have limited access.; ; 2. Support Channels: Support channels (like customer service portals) follow similar RBAC principles. Support agents have role-specific access:; Tier 1 support agents have basic access to handle common issues. Tier 2 support agents have additional access for more complex cases.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: SGS
• ISO/IEC 27001 accreditation date: 30/08/2022
• What the ISO/IEC 27001 doesn’t cover: .
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: All our employees adhere to our internal information security policy and acceptable use policy. We are a GDPR compliant company, and, in addition, we follow the key information security policies and processes in accordance with ISO 27001, as follows: ; ; 1. Roles and Responsibilities: We clearly define the roles and responsibilities of our employees, ensuring that everyone understands their part in maintaining security.; 2. Risk Management: Our policy emphasises risk assessment and mitigation. We proactively identify vulnerabilities and take necessary measures to address them.; 3. Incident Response Procedures: We have well-defined procedures for handling security incidents promptly and effectively.; 4. Information Asset Protection: Our policy covers the protection of information assets, including intellectual property, customer data, and sensitive business information.; 5. Business Continuity: We prioritise business continuity planning, ensuring that our operations remain resilient even during disruptions.; ; By implementing ISO 27001 policies, we demonstrate our commitment to information security, legal compliance, and best practices. Achieving ISO 27001 certification independently validates our efforts and provides assurance to our stakeholders that we follow international standards in safeguarding data and maintaining confidentiality, integrity, and availability.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: At Sysdoc, our Configuration and Change Management approach aligns with ITIL standards. We meticulously evaluate, organise, approve, and execute changes within our IT landscape. By adhering to effective Change Management practices, we sidestep service interruptions, minimise risks, and maintain operational stability. Our systematic process ensures that changes are in line with organisational goals and IT service quality. Additionally, we employ a Change Enablement Practice to review and authorise any modifications to Configuration Items (CIs) throughout their lifecycle.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We assess potential threats to our services by assigning them a threat level priority. We then deploy patches to deal with these vulnerabilities in order of those in need of the most urgent attention according to our priority scale. These patches will follow the standard sprint cycle, which involves a test and release process, to ensure the vulnerability has been successfully managed.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We maintain the standard Microsoft Azure suite of application monitoring to detect any vulnerabilities within our service as quickly as possible. ; ; Here are the key components of its approach:; ; 1. Vulnerability Scanning: Regular vulnerability scans are performed on server operating systems, databases, and network devices. Independent assessors conduct penetration testing of the Azure boundary. Red-team exercises inform security improvements.; ; 2. Protective Monitoring: Azure defines requirements for active monitoring. Service teams configure active monitoring tools, including the Microsoft Monitoring Agent (MMA) and System Centre Operations Manager. These tools provide real-time alerts to Azure security personnel for immediate action.
• Incident management type: Supplier-defined controls
• Incident management approach: If a user wishes to report a vulnerability within our system, we provide them with the capability to do so through a trusted third-party service desk, Intercom, which then escalates issues back to our development team through a ticketing system. Intercom is a customer service platform that revolutionises communication between internet businesses and their customers. By combining automation and human support, Intercom provides a seamless customer experience.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We have a responsibility not only to Sysdoc, the company, but also to our clients, stakeholders, employees, and the wider community. The nature of our business means that we are constantly required to adapt to the needs and practices of our various clients.; ; This means that as a business we do not always have control over the environmental practices in our workplace; however, each Sysdoc representative should take responsibility to improve their working methods and encourage others within their work environment to do the same.; ; We aim to:; ; •Reduce our carbon emissions across all areas but especially those created through travel.; ; •Put in place formal and transferable processes for reducing waste and energy consumption both in our office and through our work in our client sites.; ; •Provide a forum in which staff can share ideas and enable better communications to facilitate more efficient and subsequently more environmentally sound working practices.; ; We have set ourselves the following targets:; ; •Encourage and promote lower carbon modes of transport, such as car sharing where possible, cycling to work, and public transport.; ; •Offset any unavoidable carbon emissions through reliable and pro-active methods.; ; •Conduct environmental assessments of our workplaces with the aim to best utilise recycling and energy saving options. We will educate Sysdoc staff in that environment on these best practice methods and where appropriate, share and champion initiatives with our clients.; ; •Provide staff with the tools to make informed decisions on work matters. We will communicate these methods to staff and use the Sysdoc Intranet to develop a central repository of information.

  Covid-19 recovery

  Whilst we do not have a specific Covid 19 recovery policy, Sysdoc is committed to encouraging equality and diversity among our workforce and eliminating unlawful discrimination. Our aim is to promote an inclusive culture where each employee feels respected and is able to give their best.; ; This commitment applies equally to all our employees.; ; We seek transferable skills in recruitment, and we have agile working and flexible working policies that enable and encourage groups such as parents returning to work.

  Tackling economic inequality

  Sysdoc will appoint, pay, train, develop, and promote on the basis of merit and ability. Anyone involved in the recruitment, selection, promotion, or training of employees has a special responsibility for the practical application of our equal opportunities policy.; ; We have agile working and flexible working policies that enable and encourage groups such as parents returning to work. We have opened up an office outside of London in Leeds and with a move to greater remote working we encourage people to join from across the country.; ; We have working policies that help to open up our roles. Since we are a small company and our supply chain is minimal, our wastage remains low. We deal with reputable firms who have good policies in place to ensure we comply with our own, such as our Modern Slavery, Anti-Bribery, and Ethical and Business in the Community policies. Wherever possible we use local suppliers, and we are committed to paying our suppliers properly and on time.

  Equal opportunity

  Sysdoc is committed to encouraging equality and diversity among our workforce and eliminating unlawful discrimination. Our aim is to promote an inclusive culture where each employee feels respected and is able to give their best.; ; This commitment applies equally to all our employees.; ; •There should be no discrimination on the basis of age, disability, race (including colour, nationality, ethnic or national origin), pregnancy and maternity, sex (gender), marriage and civil partnership, sexual orientation, gender re-assignment, religion (belief or non-belief).; ; •Managers should work within the spirit as well as the letter of the law, helping to create a working environment where everyone’s identity and culture is valued and respected.; ; •All staff have personal responsibility for the practical application of the company's equal opportunities policy.; ; •Sysdoc will appoint, pay, train, develop, and promote on the basis of merit and ability. Anyone involved in the recruitment, selection, promotion, or training of employees has a special responsibility for the practical application of our equal opportunities policy.; ; •People may have additional training needs for which provision should be made.; ; •Our grievance procedure is available to any employee who believes that they may have been discriminated against unfairly. Any employee who is found to have committed an act of unlawful discrimination may face disciplinary action. Harassment or bullying on the grounds of sex, sexual orientation, race, or religion or for any other discriminatory reason will be treated as gross misconduct. For this purpose, bullying and harassment is defined as any unwanted conduct which violates another's dignity or creates an intimidating, hostile, degrading, humiliating, or offensive environment for another person or is intended to have one of those effects.

  Wellbeing

  Sysdoc is fully committed to developing a working environment that promotes employee health and wellbeing. Together with our Health & Safety Policy, this policy covers Sysdoc’s commitment to employee mental health, including:; ; •The responsibilities of managers and others for maintaining psychological health.; ; •Communicating and training on health issues.; ; •The range of support available for the maintenance of mental health.; ; •Sysdoc’s organisational commitment to handling individual issues.; ; Mental wellbeing is relevant for all employees, which also means that every member of staff can play a part in improving wellbeing in the workplace. By addressing mental health issues, we can improve the general wellbeing of employees, reduce absenteeism and presenteeism, lower staff turnover, deliver increased productivity, and help promote the employment of those who have experienced mental health problems. Similarly, promoting physical activity and encouraging healthy eating can help employees manage stress, achieve/maintain a healthy weight, and improve concentration and alertness. Staff who exercise regularly and eat a balanced diet also report less illness and are more likely to recover more quickly from any illness they do get.; ; Promoting mental wellbeing by:; ; •Providing information and raising awareness of mental health issues.; ; •Promoting policies and actions that support mental wellbeing in the workplace.; ; •Equipping employees with the skills to support their own mental health.; ; Promoting physical health by:; ; •Promoting physical activity across the business.; ; •Supporting a healthy, balanced diet in the workplace.

Pricing

• Price: £150 a user a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at business.development@sysdoc.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.