HCL Technologies UK LImited

BigFix Patch, Lifecycle, Compliance, Inventory, Mobile

IT Asset Discovery and Reporting
Patch Management and Remediation
Software Distribution
Self-Service Catalogue
Remote Control
Operating system (OS) Deployment and Image Management
License Usage/Contract Management
Win10/Win11 + MacOS Enrolment and Policy Management
Advanced Reporting + 3rd Party Vulnerability Tool Integration
ServiceNow Bi-directional Integration
iOS, iPadOS, Android Enrollment and Policy Mgmt

Features

• Asset discovery and reporting
• Patch management and remediation
• Software distribution and self-service catalogue
• Remote control
• OS deployment and image management
• Compliance/ vulnerability management
• License usage/ contract management
• Win10/ Win11 + MacOS enrollment and policy management
• 3rd party tool integration for vulnerability scanners and service desks
• iOS, iPadOS, Android enrollment and policy management

Benefits

• Provides cost savings
• Reduces complexity through tool consolidation
• Minimises malware and ransomware attacks
• Multi-platform support across Windows, Unix, Linux, MacOS, iOS, Android
• Unified solution leveraging a single agent
• Provides continuous compliance
• Highly scalable (300,000 devices per BigFix Server)
• Pre-tested BigFix content for patching
• Manages endpoints on corporate VPN and that are Internet connected
• Not reliant upon WMI, Active Directory or WSUS

£40 to £150 a unit

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at CCSFrameworks@hcl.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

497131202756937

Contact

Paul Montgomery
+44 (0) 20 7105 8600
CCSFrameworks@hcl.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Private cloud
  • Hybrid cloud
• Service constraints: None
• System requirements:
  • Windows Server + MS*SQL
  • RHEL Server + DB2
  • CPUs, memory and storage varies depending on total endpoints managed

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: "During business hours:; Severity 1 = 1 hour; Severity 2 = 2 hours; Severity 3 = 1 working day ; Severity 4 = 2 working days"
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Level 3 - Software Support
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Super User training sessions
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: The database is moved to the client's network and complete access to data is provided with a service interface.
• End-of-contract process: The service is switched off completely, so as to avoid any misuse. Also the customer is provided with access to all the customer data.

Using the service

• Web browser interface: Yes
• Supported browsers: Internet Explorer 11
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: This service is designed to work on the Mobile phone. There are certain features which are available on the desktop, e.g. search, view, print, create photo album, etc. and that is applicable for certain business processes/ functions. Also Dashboard reporting is available on the Desktops.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Only enrolled users can access the service from the mobile application. The web service is accessible only from a mobile interface. The exposed service is accessible via proxy.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Customers can pick and choose the functions they want. Also the business logic within those functions is fully customisable.

Scaling

• Independence of resources: The scaling of the hosted service is performed based on the total number of users and peak time concurrency level. Each hosted virtual machine is configured to handle 350 concurrent user requests.

Analytics

• Service usage metrics: Yes
• Metrics types: Transaction history report, performance report, exception report, login logout report, offline report, geo fencing report.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: The user can export data by selecting the export function on the dashboard reports of the Admin application.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats: XLS and XLSX

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: Other
• Other protection within supplier network: Data within the network travels in binary format. Each request or response data is associated with a security token.

Availability and resilience

• Guaranteed availability: 99.90%
• Approach to resilience: The hosting area is physically divided into two sites. Each physical site contains an exact replica of servers and acts as failover of the other site. Data synchronisation happens via the "Always On" feature of the MS SQL Server.
• Outage reporting: Monitoring tools (Microsoft SCOM) are configured to monitor hosted services and virtual machines. Disk coverage and capacity related configurations are performed to raise the alarm to mitigate any failure. An email is sent by the monitoring tool to all stakeholders before any failure happens. Transaction logs are maintained to generate a report on defined intervals.

Identity and authentication

• User authentication needed: Yes
• User authentication: Public key authentication (including by TLS client certificate)
• Access restrictions in management interfaces and support channels: 1. Each user is provided with an access role. The access to the system functionalities are directly linked with the access role permissions.; 2. When the user logs into the application, only allowed functionalities are visible to the user.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Username or password
  • Other
• Description of management access authentication: Users that are provided with Admin access are also authenticated against the database. On successful login the security token is generated and maintained through out the session. The database maintains the authentication related entities.

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Bureau Veritas
• ISO/IEC 27001 accreditation date: 16/10/2020
• What the ISO/IEC 27001 doesn’t cover: Not Applicable
• ISO 28000:2007 certification: Yes
• Who accredited the ISO 28000:2007: Not Applicable
• ISO 28000:2007 accreditation date: Not Applicable
• What the ISO 28000:2007 doesn’t cover: Not Applicable
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Not Known
• PCI DSS accreditation date: Not Known
• What the PCI DSS doesn’t cover: Not Known
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: CISSP / CISM / CCSK (Various Employees)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: "ISO 9001:2008 - Quality Management; ; ISO/IEC 20000-1:2011 - Service Management; ; ISO 14001 - Environmental Management; ; ISO 27001 - Security Management; ; Cyber Essentials; ; Cyber Essentials Plus
• Information security policies and processes: HCL has adopted ISO/ IEC 27001: 2013 standard for ensuring protection from a variety of threats and minimising the business damage in its endeavour to provide Mobile Application implementation and support services. HCL is also Cyber Essentials and Cyber Essentials Plus certified.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: "Configuration Management tracks the IT environment.; ; A repository maintains all versions of individual work products to help/ permit developers to revert to previous versions during testing and debugging.; ; Dependency tracking and change management covers relationships between enterprise entities and processes, parts of an application design, design components and the enterprise information architecture, design elements and other work products.; ; HCL tracks all the requirements, design and construction components and deliverables that result from a requirements specification.; ; An audit trail is maintained about when, why and by whom changes are made, with source information of changes as specific objects in the repository.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: "Vulnerability management focusses on finding weakness that can be exploited. HCL performs quarterly and/or annual vulnerability scans to get a snapshot at that point in time. Regular scanning ensures new vulnerabilities are detected in a timely manner and are fixed before they occur. The HCL vulnerability management process consists of the following phases:; 1. Preparation; 2. Vulnerability scan; 3. Define remediating actions; 4. Implement remediating actions; 5. Rescan.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Not Applicable
• Incident management type: Supplier-defined controls
• Incident management approach: Incident management is designed with a goal to restore normal service operation as quickly as possible and to minimise the impact on business operations. The incident management process follows these steps:; ; 1. Incident identification and logging by the customer; 2. Incident categorisation and prioritisation by the customer; 3. HCL works on the incident response performing diagnosis and investigation followed by resolution and bringing the incident to closure; 4. Corrective and preventive action are taken to avoid repeat or similar incident in future.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  At HCL Technologies, we believe that we have got accountability to the future, as well as an imperative role to play in addressing global challenges, such as climate change and environmental sustainability. ; HCL commits itself to confronting these challenges by assuming a leadership role in fostering a sustainable environment and responding appropriately to the risk posed by environmental degradation. ; HCL will strive to achieve excellence in environmental management by:; • Integrating environmental considerations into our all areas of operations, considering our environmental risks, responsibilities and organisational capability; • Meeting all environmental compliance obligations applicable to the organisation; • Reducing our ecological footprint through optimised utilisation of natural resources, including land, water and by ensuring the responsible use of energy throughout our operations, including conserving energy, improving energy efficiency and giving preference to renewable over non-renewable energy wherever feasible; • Introducing more sustainable and green procurement approaches; • Preventing pollution and minimising all types of waste, including e-Waste by adopting a Reduce-Reuse-Recycle-Recovery philosophy; • Being an environmentally responsible neighbour in the community where we operate, and correct incidents or conditions that endanger the environment; • By committing ourselves to open and constructive engagement with communities surrounding our operations on environmental matters; • Providing a framework for setting and reviewing environmental objectives and targets; • Continually improving and learning from our efforts in working towards environmental sustainability; • Monitoring and reporting our environmental performance to key stakeholders; • Ensuring that environmental policy is communicated to all the concerned persons working for or on behalf of the organisation, to make them aware of their environmental responsibilities ; • By making our environmental policy available to all stakeholders, including public on demand; • Maintaining appropriate controls, including periodic review of environmental policy, to ensure its applicability and relevance to the changing scenarios and stakeholder’s expectations.
• Covid-19 recovery:

  Covid-19 recovery

  The outbreak of the COVID-19 pandemic and its ruinous effect on lives and livelihoods has been unprecedented in modern times. HCL has used its position as a global IT company to mitigate the effects where possible, supporting our clients to continue operating in these difficult times and providing help to those affected. We have developed rapid solutions to support our customers in returning to work during the pandemic with examples ranging for PPE stock management, workforce social-distancing solutions and the deployment of remote working technology. ; Our HCL Foundation is a focal point for global programmes and has coordinated our support for COVID-19 affected communities. ; As a result of the pandemic there have been many industries that have been heavily impacted economically and many job losses have been caused as government support is reduced, companies going into administration and many freelance/self-employed prospects have simply disappeared.; Some of the people displaced by the pandemic will have transferable skills and just need limited support in cross-training. ; We offer a number of opportunities to help semi-skilled staff enter the IT services world. Schemes such as our ‘Consultant in Training’ programme where staff are taken on and have a mix of formal training and on the job mentoring to give them the skills to continue on this path. The formal training can result in recognised qualifications such as technology or project management certifications. Many alumni of this programme are taken on by HCL as the first rung on their new career ladder.; With regard to the less skilled people left stranded by the Coronavirus outbreak we provide targeted help in a similar way to how we support disadvantaged individuals.; We will work with our customers to understand the impact of COVID-19 and develop CSR plans to support these at a local level.
• Tackling economic inequality:

  Tackling economic inequality

  HCL is committed to Corporate and Social Responsibility (CSR) to help equality/diversity, the economy, health/wellbeing and local communities. For local economies/ communities, HCL creates and maintains positive industry partnerships, engaged employees (including a focus on staff behaviours) and a diverse workforce, working collaboratively to make work a great experience for all.; In the UK, HCL works in partnership with the Prince’s Trust to maximise our CSR activities relating to how technology can make a positive difference to the lives of people and organisations worldwide. We have developed an education programme called “Get Started with Technology” to upskill disadvantaged youth across the country.; In the UK, HCL runs a CIT (Consultant in Training) programme every year, whereby we hire fresh graduates with no prior corporate experience in the UK and train them on relevant technologies and then employ and groom them to be Consultants. This has been run in conjunction with Manchester Business School and we are looking to expand this programme to include the other Higher Education establishments.; We are mindful of our role to play in of supporting local businesses and generating additional economic development through our engagements. As such, we consider using local suppliers to meet requirements that we cannot fulfil ourselves. As an example, a significant proportion of the initial User Experience and Design work for new Manchester United app was undertaken by Manchester based Small/Medium sized Enterprises (SMEs). ; HCL runs innovation labs, collaborating through global Hackathons or developing patents for new and emerging technologies. We share this knowledge via events and Webinars, as well as providing access to thought leadership in the guise of our Chief Information Officer (CIO) Council. Recent events have covered such diverse topics as Blockchain, Robotic Process Automation (RPA), Cognitive Systems and Artificial Intelligence (AI) and Internet of Things (IoT).
• Equal opportunity:

  Equal opportunity

  HCL focusses on creating/sustaining a nurturing environment for all employees, irrespective of backgrounds, gender, nationality, culture, ethnicity, age or differing abilities of individuals. ; Gender parity and inclusion at all levels of the hierarchy is our top priority, with a special focus given to increasing the representation of women leaders at key leadership positions. The female employee ratio is a crucial metric that is reported and reviewed quarterly in the company board meetings. All our recruitment teams carry a target on gender hiring and all our job specifications have been reviewed to make them gender neutral. ; HCL is committed to Corporate and Social Responsibility (CSR) to help equality & diversity, the economy, health & wellbeing and local communities. We have initiatives running to support, nurture, develop and celebrate the successes of disadvantaged communities or individuals. We endeavour to make a positive impact in the lives of people within the communities we operate in. ; ; For local economies/communities, HCL creates and maintains positive industry partnerships, engaged employees (including a focus on staff behaviours) and a diverse workforce, working collaboratively to make work a great experience for all. ; ; The company implements and maintains a management system that sets targets to monitor and continually improve our social performance across the company. Also, we comply with all relevant legislative and regulatory requirements relating to be a responsible business, including but not limited to the Modern Slavery Act, the Equality Act, the Public Services Act and the Living Wage Act.; ; To propagate an inclusive culture at HCL, a virtual Inclusion Lab model has been designed in consultation with business and HR stakeholders. The objective was to design a systemic, top down approach where each leader was sensitised and given the necessary skillset, mindset and toolset to actively demonstrate and promote inclusive behaviours.
• Wellbeing:

  Wellbeing

  HCL is committed to employee overall wellbeing through. Physical/Occupational Ergonomics Training; Employees have access to e-Learning based ergonomics training. Chiropractor consultations; Organised at the workplace to advise employees on correct sitting posture. Virtual General Practitioner; This allows employees to seek an appointment and follow ups with a GP to discuss medical issues. Gym Flex/Cycle to Work; This benefit allows employees to seek attractive discounts on gym memberships and purchase a cycle. Health Check-ups; We organise for basic health check-ups, like Body Mass Index (BMI), Glucose and Cholesterol screening at the workplace for all our employees. Preventive Healthcare; Webinar on smoking cessation and good nutrition. Mental/Emotional Employee Assistance Programme; Free, confidential counselling services available for employees and their families in the local language on areas of emotional health, family issues, financial and legal guidance and other work and personal matters. Wellbeing Webinars; Monthly workshops facilitated by clinical psychologists around various topics to have a better understanding on mental health issues and practical tips on how to deal with them. Mental Health Awareness; Campaign to create awareness on mental health, breaking stereotypes and proactive ways for employees to become more self-aware, mentally resilient and emotionally secure. Mindfulness and Yoga Workshops; To help employees overcome stress, anxiety and increase resilience and emotional intelligence, while improving communication. Financial HCL Discount Scheme/Perks at Work; Employees and family access to avail attractive discount schemes on over 3,000 products Financial Wellbeing Workshop; To help employees understand the various financial instruments to enable them make the right decision on investments, pension decisions and future savings. Emotional/Psychological Chat sessions, culture and festive celebrations; This helps to bring various teams to interact and come together to create a livelier environment at the workplace. Part time and Flexi Working Policies to help people effectively manage their work life balance.

Pricing

• Price: £40 to £150 a unit
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: A free proof of concept license can be requested; Free demonstrations are also available
• Link to free trial: https://www.hcltechsw.com/bigfix

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at CCSFrameworks@hcl.com. Tell them what format you need. It will help if you say what assistive technology you use.