IBM United Kingdom Ltd

IBM Apptio Cloudability

IBM Apptio Cloudability is a cloud cost management and optimization solution. It allows FinOps practitioners to automate allocation, showback or chargeback of cloud costs to the business through business mappings, empowers delivery teams to take ownership of their spend and provides optimization recommendations.

Features

• Cloud cost management for major cloud providers
• Dashboards & Reporting: Cloud agnostic tagging, views and allocation
• Budgets & Forecasts: Plan future cloud spend and manage budget
• Anomaly Detection: Identify surprises in your spend
• Containers: Accurately identify and optimize container costs, allocate to teams
• Saving Plans & Reservations: Maximise commitments and save across providers
• Rightsizing: Match resources to workload needs
• Workload Placement: Find the optimal location for new workloads

Benefits

• Proven record of savings of 20-40% on cloud spend
• Automate invoicing, showback and chargeback
• Self-service reporting and friendly UI can save 25+hrs a month
• Cost performance analysis
• Increase committed coverage to 80%+ with RI/Saving Plan
• ML recommendations for AWS, Azure and GCP resource wastage
• Forecasting, budgeting, anomaly detection and alerting by team
• Automate commitments to increase savings & flexibility whilst reducingrisk
• Best practice cloud cost managment using FinOps
• Migration recommendations (rehost , Azure HB, DB Freedom)

£21,000.00 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ukcat@uk.ibm.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

656856769586691

Contact

Anne-Marie Wheeler
0207 202 3000
ukcat@uk.ibm.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: IBM Apptio Cloudability integrates and works other IBM products like Targetprocess, Cloudability, Turbonomic and Instana.
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: See service terms here: https://www.ibm.com/support/customer/csol/terms/?id=i126-9701&lc=en
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: Thorough and recurring testing with assistive technologies
• Onsite support: No
• Support levels: Initial Response: ; ; - Critical - 30 min response time; - High - 1 business hour; - Medium - 1 business hour; - Low - 1 business hour; ; Ongoing:; - Critical - 1 hour; High - 8 business hours; Medium - 2 business days; Low - 3 business days
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Apptio will perform the Professional Services engagement set forth herein toonboard and enable Subscriber on standard Cloudability; application functionality. After initial enablement, Apptio will conduct a seriesof work sessions on Financial Operations (FinOps) best; practices, designed to help Subscriber establish their FinOps function.; ; Project Tasks; Apptio; Tasks; Kickoff; ; - Conduct Engagement Kickoff call; Phase 1: Onboarding and Enablement; ; - Conduct the following four (4) enablement Work Sessions:; o Week 1: Implementation & Foundational product training – Review currentsetup, and identify tasks to complete implementation including credentials,user preferences, current activity, and daily mail and API key generation.Review tagging, account groups, views, business mappings, and sharedgoals; o Week 2: Foundational product training – Review dashboards, and widgets,reports, alerts, true cost, and tag explorer; o Week 3: Foundational product training – Review containers, anomalydetection, scorecards, reservation portfolio, rightsizing, RI planner,automation, and workload placement; o Week 4: Foundational product training – Review current month, forecasts,and budgets, and user rollout; ; - Each Work Session is approximately 50 minutes in length
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Deletion and Return of Content; • If requested prior to termination or expiration of the Cloud Service, IBM will return a copy of Content that is accessible to IBM within a reasonable period and in a reasonable format. IBM will delete the Content at the end of the period specified in the 'Duration of Processing' Section above.; • Client may also request removal of Content at any time prior to termination or expiration of the Cloud Service.; • Where IBM stores Client Personal Data, as part of the cloud service, IBM hereby certifies that all Client Personal Data are deleted at the end of the retention period specified in section ; • IBM may charge for certain activities performed at Client's request (such as delivering Content in a; specific format).
• End-of-contract process: Deletion and Return of Content; • If requested prior to termination or expiration of the Cloud Service, IBM will return a copy of Content that is accessible to IBM within a reasonable period and in a reasonable format. IBM will delete the Content at the end of the period specified in the 'Duration of Processing' Section above.; • Client may also request removal of Content at any time prior to termination or expiration of the Cloud Service.; • Where IBM stores Client Personal Data, as part of the cloud service, IBM hereby certifies that all Client Personal Data are deleted at the end of the retention period specified in section ; • IBM may charge for certain activities performed at Client's request (such as delivering Content in a; specific format).

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: The Cloudability API implementation is based on REST principles. You shouldfind the interface to be predictable with use of resource-oriented URLs andreliance on standard HTTP features that are generally understood by off-the-shelf HTTP clients.; The full details on Cloudability details can be found in the following link :https://help.apptio.com/en-us/cloudability/api/v3/aboutcloudabilityapiv3.htm
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: SaaS solution hosted on containers in the cloud means we scale automatically and have separated tenancy

Analytics

• Service usage metrics: Yes
• Metrics types: Cost and Usage Dimensions; Cost and Usage Metrics
• Reporting types:
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Cloudability has an API first approach that enables integration to pretty muchany system/data source and we have a number of out of box integrations tosource systems such as AWS, Azure, GCP, Datadog and many others and wecan always push/pull through CSV
• Data export formats:
  • CSV
  • Other
• Data import formats:
  • CSV
  • Other

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: IBM has a suite of corporate security policies designed for protecting the confidentiality, privacy, availability and integrity of Client data, including network security requirements. Information security policies are reviewed annually by the Information Security leader. Policy updates are distributed companywide via email and the policies are also posted to our intranet site for easy access by employees.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Production environments utilize a standard 3-tier system. The top DMZ tier, the middle application tier, and the lower data tier. Each tier is separated by firewalls configured in a mostly closed configuration. Only specific ports between network tiers are allowed to communicate, both inbound and outbound. Firewalls access are limited to authorized network personnel only. They function on a deny-by-default policy and only have rules to allow authorized traffic through. Packets are filtered through a firewall between each network segment. They are configured using a mostly closed configuration with open ports only where required.

Availability and resilience

• Guaranteed availability: If the System Availability during any given month falls below 99.5% and Subscriber requests an SLA Credit, Apptio will provide Subscriber with a SLA Credit equal to 2% of the monthly subscription fee. If below 99%, the credit is 5%. If below 95%, the credit is 10%.
• Approach to resilience: We follow best practices outlined by the certified standards listed above
• Outage reporting: Public dashboard

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Other
• Other user authentication: The application stores passwords within the database using a one-way computationally-intensive hashing algorithm; it is not based on a symmetriccipher. Customers are given an administrator account which allows them to manage and create additional accounts and roles for other members of their team. If Single Sign-On is used, then customer account authentication will be handled by the customers identity provider using SAML 2.0. The application’s roles can be mapped directly to an assertion based role in the identity provider configuration (ie using security groups). The solution is extremely flexible and can support many types of custom configurations.
• Access restrictions in management interfaces and support channels: In accordance to best practices outlined by the certified standards listed above, IBM takes commercially reasonable measures in compliance with best industry practices to prevent disclosure or dissemination of Subscriber Data to any person not having a need to know of or access to such information. IBM maintains access controls and policies to manage access from each network connection including the use of firewalls or functionally equivalent technology. Least privilege‐based authentication and authorization controls are maintained and periodically reviewed to ensure that access can only be granted to IBM personnel whose function and/or duties justifies such access.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Schellman
• ISO/IEC 27001 accreditation date: 15/6/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 30/11/2021
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: N/A
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • SOC2 Type II Report and SOC3 Report
  • FedRAMP Certification
  • General Data Protect Requirements (EUGDPR)
  • California Consumer Privacy Act (CCPA)
  • EU-US Privacy Shield
  • ITIL Alignment

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: • CSA STAR Level 1 (Self-Assessment); • FedRAMP Moderate Impact Level; • SOC2 Type 2; • SOC3
• Information security policies and processes: The Information Security team, Legal department, and Internal Compliance/Audit department all work together to ensure that industry best security practices are met.; This cloud service environment follows stringent guidelines to protect the confidentiality, integrity,privacy, and availability of your data. ; We have the following reporting structures: SOC2 Type II Report and SOC3 Report , ISO27001:2013 Certification, FedRAMP Certification, Cloud Security Alliance – STAR Level One Certification, General Data Protect Requirements (EUGDPR), CaliforniaConsumer Privacy Act (CCPA), EU-US Privacy Shield, ITIL Alignment

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We have specific individuals who are designated as “custodians” over customer data. Our asset management program includes critical assets, asset ownership and critical supplier relationships. Our asset tracking processes allows our company to track what assets, who owns, where each is located,who has it, when it was checked out, when it is due for return, when it is scheduled for maintenance, and the cost and depreciation of each asset. ; Basic mechanisms for label inheritance are implemented for objects that act as aggregate containers for data where applicable. (Subfolders will retain permissions/settings of parent folders).
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Vulnerability Assessments & Penetration Testing: We regularly assess our systems and applications for vulnerabilities using industry-standard tools. ; ; We subscribe to threat intelligence feeds to stay informed about emerging cybersecurity threats.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Security Incident Monitoring: We continuously monitor our systems for suspicious activity that might indicate a security breach.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: IBM team is alerted automatically by its monitoring services and appropriate operations and development personnel are paged within seconds of a failure or anomaly detection in any service component. These cloud services are built to be resilient to failure with load balancing and re-routing of transactions through redundant service roles deployed at each layer of the topology. These services are actively monitored on a real-time, 24x7 basis. Any service interruption or degradation of service is reviewed internally and improvements made to target faster Time-to-Detection, Time-to-Mitigation, and Time-to-Heal as part of the regular rhythm of operating the service.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  IBM are committed to achieving net zero greenhouse gas emissions globally by 2030. On this path, IBM are on track to have reduced; greenhouse gas emissions by 65% (against 2010 base) in 2025, and 75% of our global electricity consumption will be from renewables by; 2025. The IBM UK Carbon Reduction Plan (CRP) is published annually in which we report progress in achieving Net Zero; most recent in; September 2023.; In fulfilling our responsibilities under our contracts, our staff operate in line with our IBM Environmental Policy and implemented through; our worldwide Environmental Management System (EMS), which covers objectives including achieving our net zero greenhouse gas; commitment, reduction in water use, reduction in waste going to landfill, creating green space, enhancing the natural environment and; improving air quality. Local initiatives are in place around IBM and client’s locations, promoting e.g. shared or zero-carbon travel, various; cycle-to-work and car-share initiatives/incentives as well as environmentally focused volunteering.; To influence staff, suppliers, customers and communities through the delivery of the contract to support environmental; protection/improvement, we include Social Responsibility and Environmental Management requirements in subcontracts and encourage; staff to work with the wider teams on improvements. In some locations, an ‘Environmental Business Resource Group’ promotes Green; sustainability, also through community-based activities.; In 2020 IBM launched the ‘responsible.computing’ initiative, which addresses modern computing challenges and integrates aspects of; sustainability, climate, ethics, openness, privacy, and security. We assess proposed technical solutions against efficient energy usage.; IBM began detailed tracking and monitoring of our environmental footprint in 1990 - being forthright and transparent in our impact long; before it was fashionable or required. We have made significant improvements over the last 30 years and will continue to report; transparently on impacts and progress, using ‘Sustainable by Design’ framework and tools such as CO2 Emissions-Estimator and/or Envizi

  Covid-19 recovery

  We have continued promoting initiatives created to support COVID-19 recovery aimed at both communities and our/partners’ workforce.; To help local communities manage and recover from the impacts of COVID-19 IBM have created employment and re-training; opportunities. IBM provided a free, fully online offering called SkillsBuild Reignite, tailored for job seekers, and those needing to grow their; digital skills. Once an initial 30-hours of online learning was completed, Reignite offered free one-on-one coaching, seminars and; facilitated discussions from IBM volunteers.; IBM encourage our staff, suppliers, and customers to support our local communities through IBM Community Engagement Portal. The; IBM.org Volunteer’s Portal manages over 1.3 million hours of volunteering by IBM employees. IBMers are allowed to make a charitable; contribution of £7 for every hour of volunteering to their chosen charity.; We support our extensive ecosystem of external SME's managing/recovering from the impacts of COVID-19. IBM has invested to help; reduce barriers to entry that may preclude participation in delivery by SMEs. This could relate to financial standing, ability to accept risk,; invest in bids, or ability to supply sufficient volumes of resources.; We have had several initiatives to support staff with the impact of the COVID-19 and extended those initiatives to clients/partners. Mental; health support has been available at all times to all of our staff and their families, and we have trained volunteering staff as mental health; first aiders, with programmes in place to tailor a gradual return to work e.g. following illness.; IBM reimagined many of our workplaces and policies to support COVID-19 recovery. We have implemented our Work from Home Pledge & Hybrid Working Pledge for all staff, which ensures we establish and respect new boundaries and support each other in this new way of; working and living. IBM continue promoting an ongoing Hybrid working approach.

  Tackling economic inequality

  IBM invest to understand of the causes and effects of inequality. We run multiple initiatives to attempt to level opportunity, focused on; our stated social-responsibility goal to support education and skills development in Science and Technology, with a specific focus on those; who may not otherwise be attracted, or have the opportunity, to develop those skills.; The ‘IBM Ignite’ scheme, a national Movement to Work programme, offers vocational traineeships and work experience to disadvantaged; youth unemployed. Together with City Gateway, our London charity partner, IBM offer 2-week, onsite, workplace programmes to break; the cycle of ‘no work experience, no job’.; IBM are proud to have created skillsbuild.org. This is a global programme, and for the UK offering IBM have partnered with ACH.org.uk, a; social enterprise working to resettle refugees through labour market and social integration, City Gateway, a London charity working with; disadvantaged young people, women and families in deprived areas to build skills and ambition, and SaluteMyJob, a charity creating; opportunities for ex-Servicemen and women under the armed forces covenant. The SkillsBuild programmes offer training, in-person; support, credentials and opportunities to put the learning into practice. In addition to the direct training through charity partners,; SkillsBuild is now also available free to all online. The SkillsBuild training gives recognised qualifications to those searching for employment; in a digital economy. In addition, the programme gives job-search skills, teaches agile methods and design thinking, and has specific; training in growing IT fields, such as cybersecurity, big data, artificial intelligence.; IBM UK employ around 100 school-leaver apprentices every year. Our award-winning programme offers apprenticeships ranging from; Level 3 to Level 6, with all apprentices employed as permanent employees from Day 1. We also launched Early Professional Affiliates; Hiring programme enabling us to further acquire talent from underrepresented groups

  Equal opportunity

  In 1942, IBM hired blind psychologist Michael Supa to create a programme for hiring and training people with disabilities. Supa then; worked in IBM institutionalising disability representation and equality for 37 years, and 80 years after he was hired IBM continue to lead in; Accessibility, Inclusive hiring, and Representation to reduce the disability employment gap. The Accessible Workplace Connection portal; makes it easy for managers to accommodate IBMers who consider themselves to have disabilities, and all recruitment activities are; accessible and open. IBM support all employees in training and developing new skills relevant to them, with at least 40 hours of structured; training required every year; called THINK40. The training can link to recognised, external qualifications, building skills relevant to the; contract. IBM is accommodating of those with additional needs, ensuring all training is inclusive.; IBM believes that a diverse and inclusive work environment drives higher quality delivery. We have created employment/training; opportunities for those with protected characteristics in the UK since 1912. Our 300+ employee-led communities support ethnic; minorities, neurodiversity, LGBTQ+, females, veterans and more through regular events within their communities. Every IBMer completes; regular mandatory Diversity & Inclusion training, including on unconscious bias. Based on 2022 survey nearly 9 in 10 IBMers felt; comfortable being themselves at work with ~5,000 more recommending IBM as a great place to work. IBM run a “BeEqual” campaign and; programmes, with tens of thousands of employees making a BeEqual pledge of allyship to colleagues from minority groups and 6000; IBMers globally are certified as LGBT+ Allies, with 90+ events across UK and Ireland in 2023 focusing on inclusion, with approximately 3.5K; attendees. IBM have a culture of promotion and recruitment aiming to addresses workforce inequality for all to have the opportunity to; fulfil their potential

  Wellbeing

  IBM has an advanced Health and Wellbeing Programme, recognising the criticality and benefits of a healthy and supported workforce. A; wide-ranging Employee Assistance Program is provided confidentially to all employees 24/7, at no cost to them, backed up by medical; insurance with annual health assessments available. IBM operate a Mental Health First Aid Programme, with over 200 qualified mental; health first-aiders volunteering in the UK. These colleagues make themselves approachable as a first step. IBM UK have Disability; Confident Level 2 status, winning in 2023 UK-IT-Industry Award – DEI and in 2021 the Best Employer for Diversity and Inclusion award from; WM UK, due to the broad focus on D&I throughout the pandemic, including hidden disabilities and neurodiversity. IBM has a global; neurodiversity hiring program (ND@IBM).; In the new model of home/hybrid working, various initiatives have been created to maintain and improve both mental and physical health; when working remotely. The IBM Working from Home Pledge includes commitments to take time out for yourself, and to check-in; regularly on colleagues. It was recognised that working alone can be challenging for some, and regular sessions, support programmes and; training in place to keep people connected. Managers have undertaken training to recognise those struggling and have tools of early; support. A “2020 health challenge” was taken up by 20% of the permanent employee population, with 69% of participants reported being; less stressed, 74% exceeded 10,000 steps a day. We continue organising ‘Exercise challenges’ on miles walked/weight loss linked to e.g.; World Heart Day. Ergonomic equipment to create a better working-from-home environment is available to all.; Within projects/programmes, and as part of contract delivery, IBM seek to make these various initiatives available to joint team of; staff/suppliers/customers and communities. Project and colleague-based support and health initiatives are expanded where possible to; all

Pricing

• Price: £21,000.00 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: This cloud service supports a limited scope/time 28 day free trial. The trial will include software and depending on the scope support from our consultants to help deliver against the agreed scope/success criteria. Outputs will typically include: delivery against the agreed success criteria, recommendations and cost savings/business case inputs.
• Link to free trial: https://www.apptio.com/cloudability-free-trial-request/

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ukcat@uk.ibm.com. Tell them what format you need. It will help if you say what assistive technology you use.