SPHERE GLOBAL LIMITED

GovStudio Essentials

GovStudio-Essentials offers the product catalogue, a SaaS based service that empowers you to grow your product lines and store important product data for analysis. This product metadata provides another dimension to your product listings and enables you to identify new market segments and provide rich product information to your clients.

Features

• Product catalogue to store products in a standard structure
• Product metadata to enrich the products with additional data
• Product taxonomy to classify products
• Data securely backed up
• Standards based API
• Great SLAs for uptime

Benefits

• Have a single point of reference for your products&services
• Use product metadata to enrich product information=high-quality baseline
• Insightful analysis.
• Identify most commonly sold products, discover relationships between them

£9,500 to £23,000 an instance

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hello@sphereglobal.solutions. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

495755522835954

Contact

Harry Cheema
07912395415
hello@sphereglobal.solutions

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Customisation is possible to include additional Product Metadata however that is outside of the standard service and a scoping exercise is required to determine any additional costs needed for the customisations.
• System requirements:
  • Postman,Visual Studio, Insomnia, SoapUI,LoadView
  • Any application that can parse JSON data from a REST-API.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 12 hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: We can build one for any specific requirment
• Web chat accessibility testing: This wouldbe done if there is a requirment for the web chat funtionality
• Onsite support: Yes, at extra cost
• Support levels: Developer: This is the default option and is automatically added when one of the GovStudio-plans are purchased with no additional charge. There is no guaranteed response time with this plan and email support is only available.; ; Production: This is an optional support plan that supersedes the Developer plan when purchased. Depending on the priority level*(P1 - P3),guaranteed response times will be based on business hours where:; ; P1: Within 4 business hours; P2: Within 8 business hours; P3: Within 16 business hours; ; Email and phone support are available.; ; The charge for the Production plan is 4% of monthly spend( or £8000 per month minimum).; ; Personalised: This is an optional support plan that supersedes the Developer plan when purchased. Depending on the priority level* (P1 - P3), guaranteed response times will be based on business hours where:; ; P1: Within 1 hour (24/7); P2: Within 2 business hours; P3: Within 3 business hours; ; Email and phone support are available.; ; The charge for the Personal plan is 8% of monthly spend (or £15000 per month minimum).; ; A technical account manager is available as part of the Personal plan.; ; A cloud support engineer is available on a time and materials basis.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Online training and user documentation.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Extract via the API.
• End-of-contract process: At the end of the contract, all data and backups are erased with credentials invalidated. It is strongly advised that if there is no contract extension, then all the data is extracted before the last date of the contract as the erasure is irreversible. ; ; Assistance with data export and and transition arrangements are not included as part of the service. ; ; Any assistance required in at the end of the contract will need to be scoped to determine its feasibility and any associated costs.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: As this is an API based service, users can add, amend and delete products and their associated metadata.; ; Users will make REST calls with JSON data in the body to direct the API to take an action on the selected product(s). Users are given an API key for this function and it is important that this API key is stored securely and only used for any application integration.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users can request other additional product metadata to be added.; ; Customisation incurs additional charges.

Scaling

• Independence of resources: The solution is hosted within Amazon AWS cloud which has highly scalable infrastructure.; We constantly monitor system usage and at any time additional resources can be added to support user demand.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Through the API
• Data export formats: Other
• Other data export formats: Other such as JSON
• Data import formats: Other
• Other data import formats: Other such as JSON

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We guarantee 99% availability; ; We will maintain the availability of the Services with a monthly uptime percentage of at least 99%, not including scheduled maintenance.; ; In the event we fail to maintain this level of availability, the client will be given a Service Credit in the form of a discount off the monthly fee paid in respect of the service charge applicable for the product, and amounting to a percentage discount equal to the result of dividing the difference of the monthly permitted and excess unavailability time (in minutes) by the total monthly required uptime in minutes. All usage/consumption based charges are not included in the service credit calculation.
• Approach to resilience: The system is designed in a fully redundant manner. Each component has a backup instance.
• Outage reporting: Email alerts and an internal dashboard

Identity and authentication

• User authentication needed: Yes
• User authentication: Other
• Other user authentication: API Keys
• Access restrictions in management interfaces and support channels: The system implements RBAC
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Other
• Description of management access authentication: API key and public key authentication

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We follow an in house standard the keeps a strict log of access and limits access to pre-defined team mebers
• Information security policies and processes: All policies and processes required by ISO 270001 but we are currently undertaking the ISO 270001 assessment

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Change Management; When change occurs, the Change Managers considers the impact and consults those effected before making appropriate changes to the ISMS-docs. Any consequent changes to the ISMS are communicated to the concerned staff.; ; Strict change management is applied, including: ; - Identification and recording of significant changes ; - Planning&testing of changes ; - Assessment of potential impacts and risks, including security impacts ; - Undertaking a formal approval procedure for proposed changes ; - Communication of change details to all relevant persons, including training where required ; - Planning fallback procedures, including procedures&responsibilities for aborting and recovering from unsuccessful changes and unforeseen outcomes
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: - We have defined and established the roles and responsibilities associated with technical vulnerability management, including vulnerability risk assessment, patching, asset tracking, and any coordination responsibilities required. ; - Information resources that are to be used to identify relevant technical vulnerabilities and to maintain awareness about them have been identified based on the information asset inventory. ; - These information resources are regularly updated based on changes in the inventory, or when other new or useful resources are found. ; - We aim to react to notifications of potentially relevant technical vulnerabilities within 24 hours.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We implement appropriate physical, technical, administrative, and operational security controls to protect information, computing systems/devices, and electronic media from unauthorized access, theft, damage, or destruction.; ; Incident Response Management ; We have developed and implemented incident management responsibilities and procedures that provide timely and effective investigations and responses to information security incidents.; ; Detection and Identification of Security Incidents ; Security Incidents may be detected and identified in several ways, such as: ; - Users who notice irregularities or suspicious events in their technical or physical working environment. ; - Alerts generated by information systems such as system warnings or error messages.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: The following polices applies to all: ; • Network, compute and storage devices that attach to our networks or connect to our IT systems and applications, including those owned or operated by third-parties and contractors. ; • All login and logout by individuals to the Univonix, LTD network.; ; Sources of Security Event Logs include:; Systems created logs including Internet and intranet boundary devices such as routers, firewalls, IDS/IPS, Authentication Servers, Content filters and DNS upon detection of unwanted activity include such as, ; Successful, failed and released network connection attempts, for example from DHCP.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Tackling economic inequality:

  Tackling economic inequality

  We're an equal opportunity employer. We ensure that all our direct employees as well as partner organisations adhere to a strict policy to ensure employees are remunerated in line with their role and their work effort. Salary and position within the company does not take into consideration race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.
• Equal opportunity:

  Equal opportunity

  We're an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.

Pricing

• Price: £9,500 to £23,000 an instance
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We can discuss this on a per requirment basis

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hello@sphereglobal.solutions. Tell them what format you need. It will help if you say what assistive technology you use.