SoftwareONE

Flexera Software Platform - IT Asset & Software Asset Management

Flexera Software provides a platform that will deliver Software Compliance, IT Asset Management, Hardware Asset Management and Reporting. Analytics, Cloud Management, Vendor Certified product and application management are components of this service. Flexera's solutions (FlexnetManager/Cloudscape/DataPlatform/Optima/PolicyManager/SaasManager/etc) are often a Gartner / Forrester leader in ITAM/SAM and related Services.

Features

• Software License Compliance calculations and Reporting / Dashboards.
• Vendor Certifications / verification's - Oracle, SAP, ServiceNow, Microsoft, others
• Hardware Asset Management and Reconciliation (purchased to discovery)
• Discovery and Inventory of hardware software with Inventory system integrations
• Advanced License metric calculations and optimization of IT CLIENT Assets
• Simulation capability of virtual environments for License optimization
• Reporting of SaaS, Cloud and Internal (private) IT Asset usage
• Compliance calculation Engines reporting on changes in Licensing estate
• Agents (Services) to track application usage in environment.
• Automated Purchase Order processing via direct integrations

Benefits

• Avoidance of software compliance risks associated with Audits.
• Standard certified integrations for rapid deployment and results.
• Tracking of hardware assets in the estate, against purchases.
• Ongoing discovery / reporting of new and existing IT Assets.
• Automate desktop and Client software Licensing and reduce resource needs
• Test and verify License optimization changes, before implementing.
• Manage IT Assets in private, public hybrid Cloud and SaaS.
• Maintain continuous software license compliance to minimize audit risk
• Tracking application usage to reclaim licenses, reduce denials of service
• Current purchases are automatically factored into compliance positions.

£1.00 to £200.00 a device a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at technology-products.uk@softwareone.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

607840706440546

Contact

Tom Hook
+44 203 005 0238
technology-products.uk@softwareone.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: - Planned Maintenance is performed on a regular basis, more details and historical performance can be found on the Flexera website.; - Data Model changes/extensions are not permitted (or necessary).
• System requirements:
  • Agents OS: Windows, various Linux, Mac and Unix are supported.
  • Agent HW: 1-core, 2GB RAM, 125MB HDD
  • Beacon: Windows server and desktop OS are supported.
  • Beacon HW: 2-core, 4GB RAM, 1GB/10,000 devices
  • IPv4/6 supported, HTTP(S), TLS1.1/1.2
  • DNS Hostnames - www.flexnetmanager.eu

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: This would depend upon Severity and negotiated Support contract. Typically for Gold Support, responses are elicited within 30 minutes for Sev1, or up to 8 business hours for Sev4.; More information on Support Levels (Gold / Silver) can be found by contacting Flexera.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Flexera offer two levels of support for FlexNet Manager Cloud - these are 'Gold' and 'Silver'. More details can be found on the Flexera website - https://community.flexera.com/t5/Flexera-Community/ct-p/Flexera_Community.; ; A 'Customer Success Manager' is provided for customers to drive success at each account. The CSM is typically not charged for.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Flexera offer both onsite and web-based training for customer, with most web-based training videos being free for customers.; Extensive documentation for FlexNet Manager exists, both in PDF format or in-context HTML for accessing when using the Web UI.; Onboarding Services are also offered and can be defined in accordance with requirements, as customers see fit. These services can be delivered via Flexera Professional Services, or via 3rd party.; Flexera also offer "Practice Guides" that allow customers insights into Flexera best practice onboarding activities and process. These guides contain sample project definitions too.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Should the users wish to extract data, this can be accomplished via the web-UI and reporting. These interfaces allows users to extract data seen in views and/or reports in PDF, XLSX, CSV and in some case RTF files. ; The UI supports a 'grid' or spreadsheet type format, where users can add columns and filter/sort prior to extract. Most objects in FlexNet Manager off this functionality. The FlexNet reporting/analytics function provides the data model for more granular data extraction, should this be necessary.
• End-of-contract process: Exit support to be mutually agreed

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: FlexNet Manager provides a web-based browser interface to the service, using standard browser controls and access to obtain the information in FlexNet. FlexNet Manager provides an intuitive user experience, allowing users to drag-n-drop data fields and definitions, sort and filter in the views and export data in certain view types. Configuration of the system can be performed in this interface too.
• Accessibility standards: None or don’t know
• Description of accessibility: Users primary involvement in FlexNet Manager is to view IT Asset and Software Compliance data and reporting. FlexNet Manager provides a web-based browser to this end, using standard browser controls and access to obtain the information in the Data Platform. Accessibility of data for users is within the capability delivered via the browser.
• Accessibility testing: No specific testing on assistive technology.
• API: Yes
• What users can and can't do using the API: A limited compliance API exists to query positions in FlexNet Manager. The following are some of the Operations that are supported:; • AllocateLicense ; • CreateAsset ; • CreateAssetList ; • CreateContract ; • CreateContractList ; • CreateLicense ; • CreateLicenseAllocation ; • CreateLicenseList ; • CreateUser ; • CreateUserList ; • CreateVendor ; • CreateVendorList ; • DeallocateLicense ; • DeleteAsset ; • DeleteAssetList ; • DeleteContract ; • GetLicenseByID ; • GetLicenseForCreate ; • GetLicenseListByContractID ; • GetLicenseListByIDs ; • GetLicenseListByPurchaseOrderDetailID ; • GetVendorForCreate ; • GetVendorListByIDs ; • GetVersion ; • IsSupportedVersion ; • LinkAssetListToContract ; • LinkAssetListToPOLine ; • LinkContractListToAsset ; • LinkContractListToLicense ; • LinkLicenseListToContract ; • LinkLicenseListToPOLine ; • LinkPOLineListToAsset ; • LinkPOLineListToLicense ; • LinkPOListToContract ; • UnlinkLicenseListFromContract ; • UnlinkLicenseListFromPOLine ; • UnlinkPOLineListFromAsset ; • UnlinkPOLineListFromLicense ; • UnlinkPOListFromContract ; • UpdateAsset ; • UpdateAssetList ; • UpdateContract ; • UpdateContractList ; • UpdateLicense ; Users can access the API to perform some Operations via typical API methods - CURL, PowerShell, etc. There is an option to test the API Operation within the browser.; Not all operations are available, as the Compliance API is designed for Compliance actions only.
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Typically Reporting and Dashboards are customised in the service, according to Role/Requirement. Views can also be modified and set to Global or User-specific.; Users customize via the web-browser using the FlexNet interface and save the report/dashboard/view.; Control in FlexNet is granular and customisable, and is role-based, allowing only specific users to create, modify, delete reports/dashboards/view, if this is necessary.

Scaling

• Independence of resources: Flexera operate on non-public infrastructure with Flexera Cloud Operations team monitoring User response times and user experience. The Cloud Ops team will monitor Cloud service levels through a number of key metrics, including latency, queuing, and availability. Events that affect production service availability of Cloud applications are identified, investigated, resolved and documented according to procedure by the Site Reliability Engineering department.; FlexNet Manager operations status information is made available at the following website: https://status.flexera.com/#month

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Flexera

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Most data is presented via the administrative Web-UI, and can then be exported using built-in functions to extract to csv, xlsx, pdf, rtf formats.; For more detailed reporting and analytics, using a similar web-based approach is used, where a user can drag-n-drop data in the reporting module, to export very specific data.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • RTF
  • XLSX
• Data import formats:
  • CSV
  • Other
• Other data import formats: XLSX

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Flexera will maintain systems/controls designed to maximize Monthly Up-time, minimize outages, and enable notification in event of any unscheduled outage. Flexera will credit Licensee the percentage specified of the total Monthly Fee paid, for any calendar month in which Monthly Up-time falls within the range specified. In order to receive a credit, Licensee must request this in writing within thirty (30) days of the end of the month for which it seeks a credit. ; Monthly Uptime % % Monthly Fee Credited; 99.50% - 100% 0%; 97.5% - 99.49% 5%; 95% -97.49% 10%; Less than 95% 15%; If Monthly Up-time falls below 99.5% for any 3 consecutive months, or falls below 95% in any single month, Licensee may, within 30 days of the end of the month giving rise to this termination right, terminate the subscription related to failed Monthly Up-time commitment upon written notice. ; Excused Outages. Licensee may experience outages in the Cloud Site due to Scheduled Maintenance and/or Emergency Maintenance, as defined in the contract.
• Approach to resilience: This topic is defined in the Flexera document "Flexera Cloud Security.pdf" and supplied upon request.
• Outage reporting: A public dashboard - https://status.flexera.com/#month and Email Alerts, for subscribed customers.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Via User and Group / Role definitions. FlexNet Manager Cloud operates with Roles defined according to customers access requirements. Roles are defined across logical objects with more detailed levels of access to the different functions in each object type. E.g. An administrator Role has all object / all-level access, where a Contract Manager may only be able to access the Contract object and may not be able to delete existing contracts. This definition is based upon the functional requirements as defined during the build/design phase.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: EY CertifyPoint
• ISO/IEC 27001 accreditation date: 05 November 2019
• What the ISO/IEC 27001 doesn’t cover: Flexera's application is not covered but AWS ISO certification covers the underlying PaaS and IaaS resource Flexera uses.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 01/01/2019
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: On-Prem components.
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: SOC2 Type 2 Report

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • Other
• Other security governance standards: SOC2 Type2 report
• Information security policies and processes: Flexera's Security and Compliance Program is based on the ISO 27001 Information Security Management System (ISMS). We have defined policies that govern our security policies and processes and continually update our security program to be consistent with applicable legal, industry, and regulatory requirements for services that we provide to you under contractual agreement.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Cloud infrastructure and applications are managed within a change management methodology that includes processes for the request, review, approval, and verification of changes. Flexera has an established change management committee (CMC) with responsibility for the scheduling and administration of changes. Change requests are submitted in Flexera’s CMS, reviewed by committee, and approved by management during the weekly CMC meetings. For any scheduled high risk changes, test and back out plans will be discussed before the change approval. All changes are assessed by Flexera Cloud Operations security principals for security impact
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Flexera conducts a formal risk management program to continually identify, assess, mitigate, and monitor risks, and modifies its controls as a result of this process. A risk management assessment is completed on an annual basis at a minimum. Any changes required by the risk mitigation activity will be scheduled and approved in the weekly Change Management Committee (CMC) meetings.; A comprehensive patch management policy is in place for mission critical devices, and ensures that software, firmware and operating system patches are identified, tested and installed in a timely manner. ; Please see "Flexera Cloud Security.PDF" for more information.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Cloud applications/infrastructure is monitored using monitoring applications that provide notification of critical system/app events. Customer-facing websites are monitored using different services – one for immediate event notification and another for calculation of SLAs. ; Events that affect availability of Cloud applications are investigated, resolved and documented according to procedure by the Site Reliability Engineering department. This team is alerted to any suspicious activity with the alert method varying depending on the severity. It can range from an immediate phone call to the on-call personnel for critical alerts or immediate automated page for high alerts to a daily or weekly summary reports.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Predefined processes exist for Events. The first priority is for the Site Reliability Engineering team to investigate and resolve any issues affecting the availability, stability, performance, or security of the Cloud services. If there is no resolution within 15 minutes, an email will be sent to notify members of the SRE, Engineering, Client Success and Customer Support. If after hours, customer support will be notified.; Customers can subscribe to the Flexera external status page to view real time site status and receive proactive notifications about incidents. Customers will receive notification in an unscheduled outage lasting longer than 30 minutes.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  SoftwareONE work in environment-viable ways and always take initiatives to reduce our (already minimal) impact on environment; to support this, several guidelines have been introduced: ; • Our reports and processes are built along the requirements set in ISO and ITIL standards.; • A focus on air travel reduction through using teleconference and web-based conferencing.; • New buildings under lease are required to fulfil requirements to reduce emissions during heating and cooling times.; • Purchasing of computers must comply with environmental and energy savings standards.; • Employees are trained to follow our principles in sustaining the environment.; • SoftwareONE has recommended reduction of physical software distribution to software publishers; • As a solution provider, our environmental impact is limited to the following points: ; o Employees traveling to and from their workplace ; o Employees traveling to and from customers, partners or events; o Energy consumption in our offices; o Air business travel; o Paper consumption and waste.; SoftwareONE has taken the following steps to minimise these impacts: ; • All employees are advised to use public transport to come to work, traveling to customers, partners, or events; • A paperless office policy and actively participate in recycling programs; • Modern and optimised energy consumption office buildings allowing for nightly shutdown of computers and individual lighting in offices; • Reducing hardware and IT infrastructure through virtualisation / server consolidation practices; • Actively manage the disposal or recycling of IT related equipment (WEEE); • Emission critical car polices.; SoftwareONE’s largest region aims to become carbon neutral by the end of 2022. The team has taken steps towards this goal by using software from Planetly to track and reduce the CO2 footprint both at home and in the workplace.

Pricing

• Price: £1.00 to £200.00 a device a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: A trial version of the Flexera Software Platform can be requested during a PoC. This can be supplied with demonstration data. This version is limited to a short time frame for use (i.e. during the PoC) where specific use cases are performed, according to customer requirements.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at technology-products.uk@softwareone.com. Tell them what format you need. It will help if you say what assistive technology you use.