ABCSys

Service scope

Software add-on or extension: No
Cloud deployment model: Public cloud

Private cloud

Community cloud

Hybrid cloud
Service constraints: N/A
System requirements: Capacity depends on the size of the company

Maintenance Plan requires access to Hardware for On-Site Installations

User support

Email or online ticketing support: Email or online ticketing
Support response times: Level 1 support operates 9-5 Monday through to Friday excluding national holidays, response SLA of 1 hour. Level 2 support operates 24x7, response SLA of 1 hour.
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: WCAG 2.1 A
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: Web chat
Web chat support availability: 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard: WCAG 2.1 A
Web chat accessibility testing: We are using the tools from third party vendors that guarantee conformance to at least WCAG 2.1 A level
Onsite support: No
Support levels: Level 1: 9-5 Monday to Friday excluding holidays 2nd level technical support.

Level 2: 24x7 2nd level technical support.

Level 3: 9-5 Monday to Friday excluding holidays end-user technical support.

Level 4: 24x7 end-user technical support. Pricing depends on the number of seats purchased.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: • Kickoff. This step is represented by a series of meetings with the goal of identifying and detailing the customer’s pains to be solved by implementing our solution.
• Integration Points. In this step, we collect the following information: initial list of end users, databases to be integrated with, document storage locations to be integrated with, email system in place, messaging system in place, etc.
• Planning. Here, we meet with the customer to discuss their priorities, and to develop a joint implementation and rollout schedule.
• Initial Download. In this step, we configure access to the customer’s data sources and start the process of fine-tuning of the deployment.
• Training. We provide training to the users, in one or several sessions. Separate training programs are available for the end users and for the customer’s IT department. Full documentation and training videos are provided as well.
• Soft Launch. We launch our solution to a limited number of select users and verify that the system works to their satisfaction. This step includes us making any necessary fine-tuning of the system.
• Full Launch. We make our solution available to the user base. Our tech support is available to answer questions.
Service documentation: Yes
Documentation formats: HTML

PDF

Other
Other documentation formats: Video
End-of-contract data extraction: Individual users have an option of (a) downloading or (b) erasing their data. The organization may control if such options are offered and to whom, vs reassigning the data the the user's immediate manager. At the end of the entire contract, the organization has an option of downloading the data, or having it erased.
End-of-contract process: There are no hidden/additional costs upon expiration of the contract, unless there is a custom contractual agreement states otherwise, or unless the there are past due payments. The cost of exporting the data with subsequent deletion of the data, if requested by the customer, is included into the price.

Using the service

Web browser interface: Yes
Supported browsers: Internet Explorer 11

Microsoft Edge

Firefox

Chrome

Safari
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: Mobile version uses a different user interface, optimized specifically for mobile screen sizes and for a potentially lower transmission bandwidth
Service interface: Yes
User support accessibility: WCAG 2.1 A
Description of service interface: The user interface for the service is used in two ways: for fine-tuning configuration of the service, and for displaying alerts and dashboards. Configuration interface is web-based and is optimized for desktop. Alerts and dashboards are available web-based on both desktop and mobile, and also in a form of optional applications for iOS and Android, plus supports notifications via text and email.
Accessibility standards: WCAG 2.1 A
Accessibility testing: We are using the tools from third party vendors that guarantee conformance to at least WCAG 2.1 A level
API: Yes
What users can and can't do using the API: All functionality of the application that is available via the user interface, and all data feeds, are available in the form of an RESTful API. The main purpose of the API is to allow system integrators to build custom solutions around our platform. Mainstream installations do nor require any API access
API documentation: Yes
API documentation formats: Open API (also known as Swagger)

PDF

Other
API sandbox or test environment: Yes
Customisation available: Yes
Description of customisation: Customization is available to the users with special admin privileges. Customization includes integrations with the document and communication systems in place, branding of the UI, security setup including users and roles, and custom dashboards.

Scaling

Independence of resources: On-premise installations are physically segregated; installations to the customer's cloud account are segregated by the respective cloud provider; cloud SaaS installations are segregated logically (different databases, different computational nodes).

Analytics

Service usage metrics: Yes
Metrics types: Activity across all data sources, monitoring track-able activities, alerts and their history and frequency, capacity utilization, system health status
Reporting types: API access

Real-time dashboards

Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: No
Datacentre security standards: Managed by a third party
Penetration testing frequency: At least every 6 months
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402

Encryption of all physical media
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation
Equipment disposal approach: A third-party destruction service

Data importing and exporting

Data export approach: The exportable data is divided into two categories: the user-supplied data (user profiles, configuration, etc) and the automatically learned data by our AI. The user-supplied data is exportable in CSV format. The combination of user-supplied data and AI data is exportable in a proprietary format for backup purposes.
Data export formats: CSV

Other
Other data export formats: Proprietary format intended for backup/restore purposes only
Data import formats: CSV

Other
Other data import formats: Proprietary format intended for backup/restore purposes only

XML

JSON

Data-in-transit protection

Data protection between buyer and supplier networks: Private network or public sector network

TLS (version 1.2 or above)

IPsec or TLS VPN gateway
Data protection within supplier network: TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability: Our SLA guarantees 99.8% uptime on monthly basis. The buyer is refunded with credits towards future usage. There are three kinds of credits: (1) for failures in range 99.5%-99.8% the credit per each incident received is equivalent of 1 day of operations, (2) for failures in range 99.0%-99.5% the credit received per each incident is equivalent to 3 days of operations, (3) for more serious failures the credit received per each incident is equivalent to 5 days of operations.
Approach to resilience: For on-premise installations, we rely on server redundancy and data replication, plus an off-site backup performed by the customer. For cloud-based installations and SaaS, we rely on high availability server-less computing in AWS cloud, on highly scalable and highly available cloud databases (AWS DynamoDB), and on replication across data centers (regions) for ultimate resiliency; continuous backup to AWS S3 for worst case disaster recovery.
Outage reporting: Customers are provided with a real time health monitoring dashboard, reflecting the status of their services (health and capacity utilization). Automatic alarms are set for all the critical KPIs. Some of the alarms are consumed internally, but any alarm that has a potential of affecting the end users is escalated via email, text and push notifications to the apps, and is reflected on the dashboards.

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Public key authentication (including by TLS client certificate)

Identity federation with existing provider (for example Google Apps)

Username or password
Access restrictions in management interfaces and support channels: Our application supports role-based security. Every user is assigned a combination of roles, which control access to various parts of software. Access rights are checked in the user interface (usually by hiding the unavailable features), on the API level for internal and external clients to prevent access to undesirable server functions, and at the critical execution points within the software. Our security logic is rigorously tested to ensure it has no holes, including penetration testing by independent third party hacking experts.
Access restriction testing frequency: At least every 6 months
Management access authentication: 2-factor authentication

Public key authentication (including by TLS client certificate)

Identity federation with existing provider (for example Google Apps)

Username or password

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: No
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: No
Cyber essentials plus: No
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: No
Security governance approach: The CEO of the company is responsible for the security of cloud and SaaS installations. There is a set of policies in place which govern all security aspects of the service. Security risks ae re-assessed no less than every 6 months, and any new discoveries are brought to the board's attention, as well as any security-related risks discovered outside of the recurring assessments. Our software and IT infrastructure are built in full compliance with CSA CM 3.0 and ISO 27001.
Information security policies and processes: Security policies are built into the product architecture and into the IT infrastructure, and are audited by an external independent entity every 6 months for compliance. The nominated board representative responsible for security of cloud services is the CEO of the company. For security governance, we follow ISO/IEC 27001 standard. Security and information security are part of our financial and operational risk reporting mechanisms; our board is always kept informed of security and information risk. We employ processes which identify and ensure compliance with applicable legal and regulatory requirements.

Operational security

Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach: All changes of the source code go through a security code review, independently from engineering quality code review, for the purpose of assessing the security impact. All historical versions of the software's source code are preserved in the version control system, every software deployment is audited by automatic tools on continuous bases. All security fixes to the operating system, third party software libraries, web servers, virtual machines, compilers and run-times are installed within 10 business days from the date the patch is officially released, and deployed within 30 days.
Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach: We are currently relying on AWS Web Application Firewall service for detection and mitigation of common attack patterns, such as top 10 OWASP security risks, SQL injection, cross-site scripting, DDOS, etc. Threats detected by the Firewall are monitored by our engineers and by AWS personnel, and are stopped before they reach the software. Separately, the software is tested against all known threats as a part of the standard release cycle, or in case of newly discovered vulnerabilities or attack methods.
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: We monitor several sources, such as firewall reports, incident reports from our services, and currently published information on the known exploits. This information is then used as specification requirements to software testing and quality control. The compromises that were automatically prevented are passed to our engineering team. The compromises that affect the stability of the service or the security of the data are passed immediately to the engineering team with the highest priority, and the nature and state of such issues are immediately communicated to the internal responsible parties and customers; continuous updates are delivered as the repairs make progress.
Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach: Every incident ticket is classified as a specific type, which determins the internal workflow within the company. The three most frequently used workflows are (a) user requires assistance or needs training, (b) service outage, and (c) software malfunction (a "bug"). User-selected priority of the ticket control our internal escalation timelines. End users can report incidents directly from the application's user interface, via email, via chat, or via a phone call. Incidents open by our personnel are shared with the customer in the spirit of full transparency.

Secure development

Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks: No

Covid-19 recovery: Covid-19 recovery

Braintree have taken a proactive approach in managing the impact of COVID-19 on our employees, their families and within our local community.
To provide additional support, we distributed covid lateral flow tests to our employees and their families and ensured all employees were able to work in a secure environment within our office in addition to promoting working from home for those employees unsure about coming back to the office.
Due to the pandemic, we escalated plans to deliver training for employees and customers online, therefore preventing the need of in person interaction, as our software is browser based, it doesnt require onsite visits to install minimising our effect on the environment.
Our service assists organizations of all sizes predict business, financial, ecological, and other outcomes in a rapidly changing environment. This helps to plot an appropriate response to disruptions in the workforce, supply chain, and customer base caused by Covid-19.
As a B2B service, and as such, we do not directly interact with individual consumers or consumer communities. Our job is to enable businesses and government organizations to provide such support through our software through our primary aim to improve wellbeing and life for users.
Braintree ensured that employees were provided with all the tools (office accessories/ working from home essentials) to make their "home office" environment as comfortable as possible. In addition, Braintree consulted its employees regularly - providing them with up-to-date information of relevant new guidelines throughout the pandemic lockdown, this helped reassured employees of the situation. And, above all, Braintree ensured each staff were fully paid and none were furloughed.

Pricing

Price: £400,000.00 to £3,000,000.00 a licence a year
Discount for educational organisations: No
Free trial available: No

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

ABCSys

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents