Ledidi AS

Ledidi Core

Ledidi Core is an end-to-end SaaS solution that supports research study design, data capture, statistical analysis, graphical presentation in a simple, intuitive user interface, that is secure and made for collaboration.

Features

• Advanced do-it-yourself study design features
• Data capture from surveys, forms, file import and API
• Real-time descriptive and comparative statistical analysis
• Real-time graphical presentation of results
• Optimized for multi-center studies
• Control the privileges and access rights of project collaborators
• Easy-to-use web interface
• Security and privacy by design and default
• Confidental computing
• Enterprise self-service user management

Benefits

• Collaborate throughout the entire research project lifecycle
• Real-time collaboration across institutional and national borders
• Get insights from data faster
• Ability to perform analysis without exposing underlying raw data
• Do everything yourself (start a project in hours, not months)
• Work and collaborate on unlimited projects with no additional costs
• Keep data safe and structured
• Compliance with GDPR and other privacy legislation
• Effortlessly manage your collaborators' privileges
• All-in-one solution; no more switching between many softwares

£30 to £60 a user a month

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andreas.landsverk@ledidi.no. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

600824572892304

Contact

Andreas Dierkes Landsverk
+4542678809
andreas.landsverk@ledidi.no

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: There are no constraints. Ledidi Core requires only an updated browser and an authenticator app to set up an account.
• System requirements:
  • Any updated browser
  • Two-factor authentication app

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Ledidi's target response is within 1 hour between 9-16 CET on business days. Our current average time to first response is about 30 minutes.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Users can communicate directly with a Support Agent from a web chat that is accessible when users click the "?" icon in the upper-right corner of Ledidi Core. ; ; Ledidi Core leverages Freshdesk, which complies with WCAG 2.0 AA as of August 2021.
• Web chat accessibility testing: No specific tests have been performed with assistive technology users in the web chat.
• Onsite support: Yes, at extra cost
• Support levels: Ledidi offers several forms of support to all our customers and users. Our primary support channel is email (support@ledidi.no). Support inquiries are handled through the Helpdesk. Inquiries are assigned to a Support Agent, who is responsible for handling the case throughout the support process. Bugs and incidents will be assigned Ledidi's technical team, and user inquiries will generally be assigned Ledidi's Science team. ; ; Ledidi provides technical account managers or cloud support engineers for institutional accounts, but not for single user or team accounts. ; ; Advanced scientific support for study design and methodology is available upon request and generally at extra cost.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Ledidi's user-friendly and intuitive interface allows users to use Ledidi Core immediately. Ledidi do, however, have a self-service onboarding program with how-to-guides, videos and webinars that can be accessed free of charge for all users. ; ; Ledidi may also provide on-demand 1:1 sessions with our experts, generally at extra cost.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: There are export options in Ledidi Core that will allow users to export their content in user-friendly formats like CSV and SVG at any time, including when the contract ends.
• End-of-contract process: You can terminate the agreement for any reason by providing us notice, by failing to renew your subscription, or by deleting your account. ; ; You can delete your account from your user account settings. Your account is set inaccessible at the time you delete it, but any remaining data that you have not deleted is kept so that it can be restored for 90 days after you deleted your account. This is a security measure in case unintended actions led to the deletion. After 90 days, all data is deleted including backups. Any subscriptions connected to your account will run until the end of term, independently of the deletion. ; ; It is possible to make arrangements for other end-of-contract procedures upon request to Ledidi Support prior to ending the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Ledidi Core is accessed from the browser on any device with no limits to the functionality. Ledidi Core works on mobile and tablet, but it is recommended to use Ledidi Core on a desktop or tablet for the best overall user experience.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Ledidi Core’s user interface is accessed through any updated browser.
• Accessibility standards: None or don’t know
• Description of accessibility: N/A
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: A customer can get the API through the subscription management page, and Ledidi can either provide a system integration user or federated authentication.; All functionality in the app is supported as APIs.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: The customers can easily configure their projects' study designs, invite and manage collaborators, manage user privileges, and more in Ledidi Core.; Ledidi Core has APIs at all levels of the architecture. This allows support for most integration scenarios. ; Ledidi Core cannot be customized at the application level.

Scaling

• Independence of resources: Ledidi uses projections, volume testing and tracking of actual numbers to monitor scale-up-needs for its applications - across all customers. Ledidi is using a strict template for this and configurable volume test scripts, combined with AWS Cloudwatch.; In the customer-closed-VPC-scenario Ledidi ensures scale-ups using the same framework, and in addition based on agreements with the customer.; Ledidi monitors the performance of its systems using AWS Cloudwatch, and tunes the components using e.g. API throttling, preprovisioned AWS Lambda instances, AWS RDS cluster node configurations and additions, AWS Opensearch cluster node configuration and additions.

Analytics

• Service usage metrics: Yes
• Metrics types: The only relevant metric for Ledidi Core is the number of users and subscriptions on a subscription owner's account, as Ledidi Core has a fixed price per user per month.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users with user privileges enabled to allow export data on a given project can export data (CSV), statistics (CSV) and figures (SVG) from that project.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • SVG
  • CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats: Excel

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Ledidi guarantees 99 percent uptime, and can accept higher SLAs on a case-by-case basis.
• Approach to resilience: This information is available upon request.
• Outage reporting: Ledidi's business continuity plan include a communication plan with stakeholders (employees, customers, vendors, media and regulatory agencies) on different media based on the severity of the outages.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: All accesses in Ledidi Core are logged. ; Only specially trained and appointed back-end developers have access to customer content. Ledidi has processes to ensure that no unauthorized access to customer content is made. ; ; Project owners need to provide written consent for Ledidi's Support Agents to access customer's content. Support Agents only has access to subscription- and account information.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Ledidi has initiated the ISO-27001 certification process. ; Ledidi's Internal Control System that manages security governance, privacy governance, and health and environment governance. Ledidi's Core's technical architecture are specified and implemented according to requirements and templates from: ; - The Code of Conduct for information security and data protection in the healthcare and care services (Normen); - EU-GDPR; - US-HIPAA. ; Ledidi's governance system is implemented and operational to ensure compliance with legislation, regulations, and contracts, and to handle non-conformities.
• Information security policies and processes: Ledidi aims to be certified in ISO / IEC 27001: 2017 by 2022. ; ; Ledidi has implemented security policies that support the preservation of confidentiality, integrity, availability of information, and robustness to systems information is processed in by using a risk management process. Deviation management is included. Ledidi ensures that the policies are followed via employees' training, deviation management and regular review of the routines and security policies.; - Acceptable use policy; ⁃ Change CodeBuild policy; ⁃ Data retention and deletion procedure; ⁃ Personal data security procedure; ⁃ Internal Audit review to verify that policies and procedures are in accordance with current legislation regulations and statutory; ⁃ Non-conformity procedure; ⁃ Detection and handling of security incidents policy; ⁃ Security testing; ⁃ Security Awareness Training & Simulated Phishing to ensure policies and procedures are followed

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Ledidi has a thorough and security-oriented development process, during which each new version goes through code reviews, vulnerability checks, automated testing, architecture assessments, privacy assessments, risk assessments, impact analysis, integration testing, security testing and system testing. After each deployment, each component is monitored according to architectural and technical quality criteria, e.g. performance, scalability, vulnerability and potential and actual security issues.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Ledidi performs annual security audits and reviews, monthly risk assessments and release risk assessments. For each single change on any component, threats are assessed before development, automatic vulnerability checks are run, third-party libraries are checked and code reviews focus on all security issues. Ledidi also performs external and internal penetration testing. For any security issue found in production, Ledidi deploys a patch the same day as the root cause of the issue is found.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Ledidi has a core backend and infrastructure team that monitors all activity continuously in AWS Cloudwatch, and based on Cloudwatch and AWS Guardduty both known security incidents and all abnormal behaviour trigger alarms to the entire team. Ledidi has a detailed business continuity plan and incident response procedure for each incident, which involves assessment of cause and damage, immediate response and long-term response. The immediate response is the same day as cause is found, and if the security issue is above a certain level of severity, we close all potential access to the system until the root cause is found.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Ledidi has predefined procedures for incidents, and the employee who discovers the incident / issue, registers it as a task in Atlassian Jira, notifies the rest of the team, the team lead and the CDO and registers an incident report.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Equal opportunity:

  Equal opportunity

  Ledidi has an Equality, Diversity and Inclusion policy that is an integral part of Ledidi's Internal Control System.

Pricing

• Price: £30 to £60 a user a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Get started with Ledidi Free and see how Ledidi Core fits your needs. Collaborate on one project you are invited to, create two projects of your own (35 entries per project included). There is no time limit. ; ; Convert to a Ledidi Core subscription to work and collaborate without any limitations.
• Link to free trial: https://ledidi.com/pricing/ledidi-free

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andreas.landsverk@ledidi.no. Tell them what format you need. It will help if you say what assistive technology you use.