Elsevier

Interfolio Faculty Information System

Interfolio builds faculty-oriented technology to increase collaboration and transparency around the academic decisions at the heart of the university mission. Our Faculty Information System (FIS) is the first-ever comprehensive platform to connect the work, decisions, and data of scholars to their institutions.

Features

• A centralized, trusted data source for faculty career milestones
• Provide visibility of faculty workforce: career growth, timelines, roster
• Integrate with other platforms within the academic data ecosystem
• Use technology to seamlessly scale institution-specific, customized workflows
• Create holistic vitas of faculty members' work and impact
• Enable consistent, fair, and transparent committee decisions
• Gather and validate data on faculty activities
• Support accreditation and compliance standards
• Analyze all data points within a single user interface
• Forecast future institutional and faculty needs

Benefits

• Faculty can use time more efficiently and advance their research
• Faculty meet their career milestones with one source of data
• Reduce administrative work
• Participate in shared governance decisions
• Create increased and efficient collaboration for searches and faculty actions

£2,000 to £1,000,000 an instance

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at v.mahi@elsevier.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

585850858708934

Contact

Vinod Mahi
+44 7881 002595
v.mahi@elsevier.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Interfolio requires an internet connected device capable of running a supported browser:; ; 1) Google Chrome (latest version); ; 2) Mozilla Firefox (latest version) ;; 3) Safari (latest version);; 4) Microsoft Edge
• System requirements:
  • Must have a compatible browser: Microsoft Edge, Firefox, Chrome, Safari
  • Must have an Internet connection

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support is provided during US business hours, 9:00am to 8:00pm Eastern Standard Time via phone, and 5:00am to 10:00pm Eastern Standard Time via email. There is no support during weekends and US holidays.; ; Customers receive an immediate, automated response to all email inquiries, and our targeted first response time is 24-48 hours. Depending on the issue, the actual resolution to your request can take longer. Our support team will keep you up to date on the status of your request.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: No testing has been performed by Interfolio
• Onsite support: Yes, at extra cost
• Support levels: We provide a single level of support to all clients, via email and phone support during designated hours, excluding holidays. ; ; Support is included in the annual licensing and advisory service fees. ; ; Clients, based on sized, may have a dedicated customer success manager to aid in their support.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Upon signature, an implementation resource is assigned to all clients. This resource guides the client team through implementation, specifically through our four-phased implementation methodology. Weekly meetings are offered during implementation. Interfolio utilizes a "train the trainer" model, whereby institutional administrators and users are trained to both manage/configure the modules post-implementation, and train additional users. Implementation also includes a limited number of end-user trainings. ; ; During and after implementation, users are given access to the Interfolio University, our training platform. The Interfolio University offers courses for different roles and actions within each module.; ; Post implementation, clients can access a range of support resources, including our product-help site, product support team, a webinar series, Interfolio University, and virtual trainings (depending on contract).; Web chat is available for our consumer-facing product Dossier, used to apply to searches and complete letters of recommendation.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Clients can request extracts of their data upon contract termination. Some data can be downloaded ad hoc via the modules.
• End-of-contract process: Should the client decide not to renew the annual contract, the agreement will terminate. This will be actioned by the client providing written confirmation of their desire to terminate the contract according to the notice provisions in their licence and services agreement with us. Data backups may be provided, and client data may be completely deleted upon request. ; ; All user accounts will be deactivated by the Interfolio team and access to the modules will be removed.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: All features are available on both the mobile and desktop offering.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Access to APIs is available to clients with no additional cost. Each module/component has its own set of API calls and supporting documentation. There are also platform-wide APIs.; ; Interfolio APIs require HMAC authentication. ; ; A majority of APIs are REST, but newer functionality is availability via GraphQL.; ; API documentation is provided upon request during the sales process.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Administrators and users with certain permissions in other roles can edit workflows, create forms, create new content sections, and create new fields. The FIS may be rebranded with the institution's logo and colours, and the names of the modules may be changed to reflect institutional nomenclature.

Scaling

• Independence of resources: We host Interfolio with Amazon Web Services and adopt the elastic cloud computing functionality which auto-scales CPU with demand. This means that as more and more people use the service, the platform will scale to meet the demand.

Analytics

• Service usage metrics: Yes
• Metrics types: Some usage statistics are available to administrators from within the Interfolio product, while other usage data is available from the Interfolio team upon request.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Each module has data that can be exported. Based on user role, raw data can be exported via CSV or Excel. Artifacts can be exported in either PDF (converted from original format) or in the original format; this is module-dependent.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Excel (XLSX)
  • Word (DOCX)
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Interfolio uses strong cryptography and encryption techniques (at least 128 bit) such as Secure Sockets Layer (SSL), Secure Shell (SSH) and Internet Protocol Security (IPSEC) to safeguard confidential data during transmission over public networks.; ; Interfolio implements encryption for data at rest to ensure that confidential data is unreadable anywhere it is stored, (including data on portable media, in logs, and data received from or stored by wireless networks).; ; All non-console administrative access will be encrypted using technologies such as SSH, VPN, or SSL/TLS for web-based management and other nonconsole administrative access.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Interfolio uses strong cryptography and encryption techniques (at least 128 bit) such as Secure Sockets Layer (SSL), Secure Shell (SSH) and Internet Protocol Security (IPSEC) to safeguard confidential data during transmission over public networks.; ; Interfolio implements encryption for data at rest to ensure that confidential data is unreadable anywhere it is stored, including data on portable media, in logs, and data received from or stored by wireless networks.; ; All non-console administrative access will be encrypted using technologies such as SSH, VPN, or SSL/TLS for web-based management and other non-console administrative access.

Availability and resilience

• Guaranteed availability: Interfolio has 99.9% system availability. In the event unscheduled downtime occurs, Interfolio will undertake commercially reasonable efforts to remedy within a commercially reasonable timeframe.
• Approach to resilience: In order to provide the promised availability, resilience measures are included in the design. To ensure resilience backup and data snapshot, plans are in place in alignment with Elsevier requirements.
• Outage reporting: In the event unscheduled downtime occurs, Interfolio will provide a report setting forth measurements of and a calculation of availability within a reasonable timeframe.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: Each user is provided access to Interfolio systems and data on a “business need-to- know” basis. Safeguards (such as role-based access control, context-based access control, mandatory access control or discretionary access control) will be used as appropriate to control access to sensitive information. Each user must request access from their supervisor. Access will be granted by the IT department to specific applications, menus, data, and services as approved by supervisor.
• Access restrictions in management interfaces and support channels: Institutions can configure Interfolio to authenticate users via Shibboleth, SAML, LDAP, and CAS authentication mechanisms. Users log into Interfolio by entering their credentials at Interfolio's login screen, which is then authenticated by the central authentication system.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
• Description of management access authentication: Interfolio supports a range of Single Sign-On options, including Shibboleth, SAML, LDAP, and CAS so that your existing identity provider can be used for authentication. Multi-factor authentication can be enforced by requiring this for any applications you have connected with Single Sign-On (e.g. Interfolio).; ; Interfolio suggests using SSO for the authentication of users. Alternatively, user accounts can be created in various ways, including manually through the user interface or programmatically via SFTP or API.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Interfolio FIS is currently being integrated into, and is following, Elsevier security processes. As part of ongoing integration, we plan for Interfolio FIS to be added to and covered by the Elsevier ISO 27001 certification in 2025.
• Information security policies and processes: Elsevier has implemented policies, standards, and guidelines aligned with ISO 27001 domains that govern data access, protection, transport, restriction, retention, deletion, and classification. Policies, standards, and guidelines are reviewed and updated regularly.; ; Elsevier maintains a dedicated Information Security and Data Protection (ISDP) organization, headed by our Chief Information Security Officer (CISO). Elsevier security staff members have multiple years of experience in the industry and possess industry best practice certifications such as the Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Privacy Professional (CIPP), Certified Ethical Hacker (CEH) and multiple Global Information Assurance Certifications.; ; Elsevier employees receive regular data privacy and security awareness training. We equip employees with the knowledge to understand, identify and mitigate security risks by providing role-based secure application development training, phishing simulation tests and privacy and security campaigns.; ; A robust and detailed audit program is in operation to review and test policies, standards, guidelines and controls to assess their effectiveness. This audit program is based on the SSAE 16 and includes in-house and third-party audits as well as independent assessments.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our change management process follows best industry practices.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Services, processes, and technology are implemented to execute internal and external vulnerability scans to identify new application and system vulnerabilities. Identified risks are assessed for their potential impact along with determining appropriate response and remediation actions. We use a combination of network security testing, application security testing, application code review, and penetration testing to assess our information security program, and enhance it appropriately.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Elsevier’s Information Security and Data Protection (ISDP) team continuously monitor and respond 24/7 to security events. The ISDP team will assess any identified risks for their potential impact and determine the appropriate response and remediation actions. To ensure monitoring is as thorough as possible, Elsevier uses a combination of automated and manual solutions to inspect applications and identify any vulnerabilities that require remediation.
• Incident management type: Undisclosed
• Incident management approach: Elsevier manages incidents using a well-established Security Incident Response process. This process covers all security incidents, including hacker, denial of service, lost asset and virus/worm incidents. When an incident occurs, it is promptly handled by our dedicated Information Security & Data Protection team. They will restore service as soon as possible, determine the cause of the incident, and take appropriate steps to prevent future incidents. Elsevier’s incident response and notification policy sets out how users are notified in the event of information being compromised. We conduct security incident disclosures in compliance with all appropriate regulatory policies and applicable statutory guidelines.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Implementation of Interfolio, as an AWS-hosted product, can influence environmental protection and improvement. We use Amazon Web Services (AWS) for web hosting. For details on their commitment to sustainability in the cloud, see https://sustainability.aboutamazon.com/environment/the-cloud?energyType=true.; With different initiatives – such as renewable energy projects, energy efficiency in scale, and water stewardship – AWS enables effective stewardship of the environment in a variety of ways. Using an AWS-hosted, cloud-based product can be an energy-efficient and more environmentally friendly choice than a standard self-hosted product.; We also are mindful of emissions during implementation from travel. When possible, we connect remotely rather than traveling to your location for meetings and training during implementation. In our own operations (including business travel), our emissions were net zero in 2021 through a combination of reduced emissions and the purchase of renewable energy and renewable energy certificates, with the balance offset through Verified Carbon Standard (VCS) credits in a REDD+ carbon sequestration project. Our parent company, RELX, supports global efforts to mitigate climate change through the rapid reduction of greenhouse gas emissions, aiming to achieve net zero emissions by 2040. Also see https://sdgresources.relx.com.

  Equal opportunity

  RELX is committed to providing an inclusive, fair and equitable workplace; where all employees are respected and valued, and have equal opportunities. ; ; Inclusion is important to our future. We need the contributions of people from a wide range of backgrounds, experiences and ideas to achieve real innovation for our customers. ; This means: ; • Creating a positive and supportive working environment for all employees ; • Recognising and valuing individual differences and supporting the participation of all team members ; • Promoting the diversity of our workforce ; • Responding to changing work patterns, by providing flexible working where appropriate ; ; We are an equal opportunity employer, committed to treating all employees and applicants for employment with respect and dignity, and we prohibit discrimination. We recruit, train, develop, promote, and provide conditions of employment without regard to race, colour, creed, religion, national origin, gender, gender identity or expression, sexual orientation, marital status, age, disability, or any other characteristic protected by law. We regularly review our policies and practices in the areas of recruitment, development, promotion and reward to ensure we provide fair and equitable opportunities. ; ; We will meet our inclusion goals through: ; • Selecting candidates for employment, promotion, training, or any other benefit based on ability ; • Monitoring inclusion and diversity data (including diversity and pay data) ; • Training (e.g. inclusive leadership development programme for managers; unconscious bias training) ; • Sponsorship and mentoring (e.g. Women in Tech mentoring programme) ; • Encouraging inclusion networks (e.g. Employee Resource Groups focused on gender, ethnicity, etc.) ; • Regularly reviewing our employment practices and procedures ; • Maintaining good governance for, and communication on, inclusion ; ; The inclusion and diversity practices of our suppliers are important to us. Our Supplier Code of Conduct includes a non-discrimination clause. Our Supplier Inclusion and Diversity Program is designed to encourage the development of Diverse Suppliers.

  Wellbeing

  Staff health and well-being is important to us. We offer opportunities for our employees to create an inclusive, engaged and agile global workforce focused on innovation. Together, we create possibilities.; Networking and engagement; Within Elsevier, we have a variety of groups and opportunities for employees to connect and form strong relationships.; • Employee resource groups: ERGs offer a platform for employees to share their experiences, connect with colleagues who share similar backgrounds or interests, strengthen allyship and provide opportunities for professional development and growth.; • Finding purposeful work: All Elsevier employees contribute to the fulfilling mission of helping researchers and healthcare professionals make breakthrough discoveries that change the world.; • Career growth: We encourage employees to choose their own path and shape their own unique career. We encourage a coaching environment and provide best in class training programs.; • Strong working relationships: Elsevier employees work in an inclusive hybrid environment, and we embrace diverse teams. With a mission of advancing science and improving lives, our employees are an integral part of something that truly matters.; Benefits; Elsevier offers flexible working conditions and compensation that reflect your excellence and our high standards. We value our employees’ time and encourage our colleagues to pursue a full and interesting life outside of work.

Pricing

• Price: £2,000 to £1,000,000 an instance
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at v.mahi@elsevier.com. Tell them what format you need. It will help if you say what assistive technology you use.