BearingPoint Ltd

Infonova Digital Business Platform

Cloud-Native Infonova Digital Business Platform (DBP) hosted on AWS and utilizing AWS (serverless) technologies. Infonova DBP enables customers for an ecosystem play; allows to experiment, innovate & test with quick turnaround cycles; brings a marketplace new digital services; is build and provides new technologies and new and innovate business models

Features

• Create & Sell: Product and Service Catalogue
• Order & Fulfill: Order Management; Fulfillment & Orchestration
• Rating/Charging; Invoicing/Collection; Customer Management; Product/Service Inventory
• Grow Revenue: Partner Catalogue; Partner Management & Orchestration; Settlement
• Product Catalogue driven ordering
• Convergent Rating & Charging
• Open APIs enable interoperability and extensibility of the platform
• Cloud-native architecture: Container-based deployment; Cloud-managed data stores
• Simplified operational management (container deployment, backup/restore, security)
• SaaS Delivery, Open APIs, Serverless Integration Technology

Benefits

• Platform for digital offerings experiment, launch and monetize new offerings
• Reinvent new business models using ecosystems management and multi tenancy
• Business orchestration and monetization capabilities
• Launching product & bundles any pricing model in days
• Business efficiency by sweating existing assets and removing internal silos
• Collaborate, co-create, sell new solutions with new technologies/partners
• Enable advanced billing, flexible catalogue and comprehensive order and fulfillment
• Building an ecosystem of partners

£1,100 a licence a month

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at UKPublicSectorBD@bearingpoint.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

651981426024919

Contact

Gill Walker
07976 812978
UKPublicSectorBD@bearingpoint.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: N/a
• System requirements: SaaS accessed via Web (IE11, Chrome70, Firefox64, Safari12)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: SaaS service is 24x7
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: N/a
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Sandbox access, Training (online and on-site), documentation, community portal
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Word
  • Powerpoint
• End-of-contract data extraction: Through API
• End-of-contract process: Data can be purged

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Web interface to manage products, orders, customers, billing and partners
• Accessibility standards: None or don’t know
• Description of accessibility: Via authenticated users/operators which have different authorisations
• Accessibility testing: N/a
• API: Yes
• What users can and can't do using the API: All Infonova functionality is exposed via APIs
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: Application scaling is managed in multiple different layers: application load balancing layer, K8s worker nodes / K8s deployments (apps) layer, persistence infrastructure layer. In some of the layers scaling can be automated, i.e., autoscaling can be used. Autoscaling helps to dynamically scale capacity up or down according to predefined rules.

Analytics

• Service usage metrics: Yes
• Metrics types: Customers, Orders, Billing, Service Inventory
• Reporting types: API access

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Through API
• Data export formats: Other
• Other data export formats:
  • JSON
  • XML
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • JSON
  • XML

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection between networks: Instances do not have public IP addresses and are thus separated from the public internet. Additionally, a so-called "Access" subnet is provisioned which is a "public" subnet, i.e. its EC2 bastion server is visible via a public IP-address. A NAT gateway in the public subnet enables private EC2 instances and K8s pods to communicate with public internet.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection within supplier network: The ALB is the single access point for all "customer-related" traffic via HTTPS, i.e., UI (frontend) requests or API (REST) calls. Depending on the use-case, the attached security group can be configured to be completely open or restricted to specific user groups.

Availability and resilience

• Guaranteed availability: 99.5%
• Approach to resilience: Infonova DBP is deployed across multiple availablity zones within the AWS cloud
• Outage reporting: Infonova DBP is constantly monitored using cloud monitoring systems which rais alerts to the Infonova DBP 24x7 team

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: Infonova UI access can only be established through authenticated and authorized users. Infonova API access require OAuth2 access
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: DMSZ GmbH Deutsche Managementsystem Zertifizierungsgesellschaft mbH, Griesheim, Germany
• ISO/IEC 27001 accreditation date: 1/11/2021
• What the ISO/IEC 27001 doesn’t cover: N/a
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO 27005
  • ISO 27002
  • Cyber Essentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISO 27002; ISO 27005; Cyber Essentials
• Information security policies and processes: BearingPoint is ISO 27001 & ISO 27002 certified. Our risk assessment methodology follows the methodology promoted by ISO 27005. In terms of policies, we have documented, we review and update the policies below that cover the following (these policies can be available on demand): Antivirus Policy, External Accounts Policy, Firewall Policy, Information Technology Use Policy and Guidelines, Mobile Device Management Policy, Network Policy, Password Policy, Remote Access Policy, Web Filtering Policy, Wireless Networking Policy, Removable media & backup Policy, Cryptography Policy ,Downtime Policy, Use of external services Policy, Email & instant messaging Policy, IT standards Policy, IT Purchasing Policy, IT support Policy, User account management Policy, Patch Policy, IT Cloud & server Policy, Telephony acceptable use Policy, Data classification & handling Policy, Clean desk & digital media disposal policy.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We are doing everything in DevOps. All DevOps code is commited in Git. All code is reviewed by 2 other people.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Infonova DBP is constantly monitored using cloud monitoring systems which rais alerts to the Infonova DBP 24x7 team
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Infonova DBP is constantly monitored using cloud monitoring systems which raise alerts to the Infonova DBP 24x7 team
• Incident management type: Supplier-defined controls
• Incident management approach: Customers get access to the Infonova DBP Portal and can log/manage incidents

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  BearingPoint is passionately committed to stewardship of the environment and has several internal initiatives in place which deliver against this policy outcome in our business-as-usual activity. BearingPoint has established an international working group to manage carbon emissions. We are a signatory to the UN Global Compact and working toward B Corp Certification. Our “Sustainable By Design” Leadership Committee established a firmwide emissions goal of 50% reduction in emissions by 2025. We established a network of Sustainability Agents who are responsible for generating/implementing new carbon reduction ideas in their countries and we will work with them to ensure adoption of additional measures under G CLoud 14 contracts. We adopt a data-driven approach to monitoring and improving carbon emissions, based on our 'Emissions Calculator' tool, and any new work undertaken under these contracts will be added into this model. In the UK, we have published a Carbon Reduction Plan which clearly sets out our roadmap to achieving our targets in Scope 1-3 emissions; any work undertaken under these contracts will be monitored under those business-as-usual arrangements. For example, we will; • minimise CO2 emissions by minimising business travel, working remotely wherever possible.; • where travel is necessary, use the most sustainable method, logging our journeys in Emissions Calculator.; • ensure any new IT required for the contract is sourced responsibly and sustainably.; • ensure any IT being disposed of is disposed of responsibly and sustainably.; • identify local charities that might benefit from used IT and phones and donate to them securely.; • encourage our contract workforce to avoid commuting wherever possible.; • ensure they have appropriate equipment to facilitate work from home.; • where commuting is necessary, ensure it happens in the most sustainable way, logging journeys in Emissions Calculator.

  Tackling economic inequality

  BearingPoint is passionately committed to tackling economic inequality and has several longstanding initiatives in place which deliver against this policy outcome in our business-as-usual activity. In addition to our many routine Corporate Social Responsibility activities, engagement teams work hard to ensure that the communities in which clients live and work are supported in tackling economic inequality through, for example, offering paid internships, access to training, ensuring diversity and collaboration in our supply chain (for a particular contract or more generally), and through advice and provision of pro-bono consulting support on issues relating to modernising delivery of public services and increasing value for money without negatively affecting front-line local services. ; BearingPoint also has well established procedures for working in true partnership with and maintaining/improving diversity in our supply chain and takes pride in having a fair and responsible approach to working with local partners in delivery of contracts. We use local associates or companies wherever possible, to help keep the benefit of the client's consulting spend in their local area. We maintain a Supply Chain Code of Conduct that mirrors our own internal Standards of Business Ethics, and which we require all our supply chain to sign up to and apply. As part of this contract, while we do not anticipate using a significant supply chain, we undertake to apply these fair and responsible processes to any subcontractors who are involved and to ensure that the principles in the Supply Chain Code of Conduct are upheld.

  Equal opportunity

  BearingPoint is passionately committed to equal opportunities in our contract workforce and has several internal initiatives in place which deliver against this policy outcome in our business as usual activity. We will use G Cloud 14 contracts to deliver ADDITIONAL initiatives and/or ENHANCE our existing initiatives in this area. For example, by:; • provision of training, coaching, and mentoring to members of the contract workforce who are from disadvantaged backgrounds or who have protected characteristics, or otherwise face barriers to employment or progression; • use of paid internships for people from disadvantaged backgrounds or who have protected characteristics, or otherwise face barriers to employment or progression; • subject to the length of the contract, use of apprenticeships to deliver training and qualifications to those facing barriers to employment or progression; • opportunities for the contract workforce to engage with and influence the work of our existing Diversity and Inclusion team; • opportunities to attend lunch and learn sessions relevant to the contract or the skills it requires from its team; • partnering or collaborating opportunities for small companies, and fair and ethical treatment of those in our supply chain; • fundraising or pro-bono work for charities or not-for-profit organisations working in this field; We require all subcontractors to adopt our Supplier Code of Conduct, which includes measures to ensure equality and diversity in the contract workforce. ; We build delivery of Social Value into the routine cadence of our Engagement Management process, ensuring regular communication and transparency of progress.

  Wellbeing

  The wellbeing of our workforce features heavily in our Sustainability strategy. We engage regularly with our staff via People Surveys, in terms of perceived belonging, psychological safety, and levels of engagement. Our results indicate high and stable levels for all these indicators. Other measures implemented include remote social sessions, resilience training, and a monthly Wellbeing newsletter. We continue to offer a wellbeing programme around stress management, nutrition, and ergonomics. We have also implemented a health-oriented leadership training manual to embed physical and mental health in our work and to empower our people to act with care. This includes advice on identifying when people's health might be posing a challenge and how to design a work environment that is not damaging wellbeing. ; As part of our engagements, we identify practical, measurable ways in which we can extend our own initiatives and offer support to help with improving wellbeing. For example:; • Designing ways of working which will minimise potential negative impacts on wellbeing, and which will enable the engagement team to identify and manage any potential health and wellbeing issues at an early stage, minimising risk of longer-term detrimental impacts to the workforce and to delivery of our service. We can make use of regular ‘pulse check’ surveys to facilitate anonymous monitoring of health and wellbeing issues in the team.; • Opportunities for the contract workforce to engage with and influence the work of our existing Diversity and Inclusion team (where our health and wellbeing initiatives are managed).; • Opportunities to be part of our internal initiatives promoting health and wellbeing issues. We encourage the contract workforce to jointly create their own fundraising and awareness-raising activities.

Pricing

• Price: £1,100 a licence a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Guided sandbox access with support to model and test use cases

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at UKPublicSectorBD@bearingpoint.com. Tell them what format you need. It will help if you say what assistive technology you use.