IBM Maximo Enterprise Asset Management and Work Management

Service scope

Software add-on or extension: No
Cloud deployment model: Private cloud
Service constraints: Minimum 12 month contract term
System requirements: Must have access to the internet via broadband

Must have browser access for users

User support

Email or online ticketing support: Email or online ticketing
Support response times: 4 hours minimum
24X7 Support is also available
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: None or don’t know
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: No
Onsite support: Yes, at extra cost
Support levels: BPD Zenith has the following priority levels for support:

Priority 1 = System Down
Priority 2 = Critical Business Failure
Priority 3 = Program Failure
Priority 4 = Request for Information

These levels are used to prioritise service requests, with each having it's own target response time (Monday - Friday 8:30am - 5:00pm).

Costs depend upon the client demand for the support service, and will be billed on a time and material basis.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: BPD will carry out initial discussions with the customer to understand business, functional and non-functional requirements. IBM Maximo full featured COTS product - that means that it provides an extensive set of functionality meeting the needs of most customers requiring work management and related functions.
BPD will then document these requirements and advise the customer how much configuration will be required to meet their needs. These needs will then be prioritised and a balance can be struck between configuration effort and the customer's budget and timescales.
BPD will then configure the solution, working with the customer and providing consultancy led training. This is effectively "train the trainer". More structured training is also available if required.
The solution will then be configured, loaded with data, undergo User Acceptance Testing by the customer then finally, the solution will go live in a configured form. Key to success is the BPD collaborative project approach that leverages available functionality to build a configured solution that enables the customer to achieve a solution aligned with the customer's business.
Service documentation: Yes
Documentation formats: HTML

PDF
End-of-contract data extraction: Throughout the lifecycle of the solution, BPD is purely an operator of the date. The customer retains ownership. At the end of the contract, BPD will agree with customer the required data format. This can be csv, a data format, or a copy of the whole Maximo system and data structure.
End-of-contract process: The BPD Maxicloud offer and the Maxicloud contract cover all aspects of the Maximo solution. This includes hosting (including management of infrastructure components, hot fixes and security (ISO27001, Cyber Essentials Plus Certified), support (usually level 3 support) and licensing (BPD resells IBM licenses from the BPD license pool). The services is therefore a full SAAS solution within a private cloud. All the customer needs to provide is users, data and SMEs who can ensure the system will meet the customer's requirements - working with BPD consultants.

Using the service

Web browser interface: Yes
Supported browsers: Microsoft Edge

Firefox

Chrome

Safari
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: The mobile service is designed to fit the screen of the mobile device.

Screens work with touch interface rather than standard mouse and keyboard, with some of the "hover over" options which are available on the desktop, not available on mobile. The mobile service delivers tailored information to users in the field so they can can complete tasks at the point of work in real -time where there is connectivity. The application also works off-line allowing the user to seamlessly operate and data is sychronised when a connection is available. Mobile working delivers efficiency and effectivenes to field users.
Service interface: Yes
User support accessibility: WCAG 2.1 A
Description of service interface: A service interface is available. Configuration for customer requirements can be carried out at an additional charge via consultancy at SFIA rates.
Accessibility standards: WCAG 2.1 A
Accessibility testing: None currently, however, provided that the interface requirement is defined by the customer, it can be configured to WCAG 2.1 A at additional cost.
API: Yes
What users can and can't do using the API: For security reasons, API abilities and requests are evaluated on an individual basis.
API documentation: Yes
API documentation formats: PDF
API sandbox or test environment: Yes
Customisation available: Yes
Description of customisation: Any area of the environment can be customised to meet the needs of your business requirements, although this may incur an additional charge.

Scaling

Independence of resources: The BPD Maxicloud SAAS solution will be sized according to the number of users (both named and concurrent). Other factors considered including use of mobile and scheduling funcionality (IBM Scheduler Plus). A 20% contingency is built into the sizing of the hardware ensuring that users are not affected by the concurrent user numbers using the system.

Analytics

Service usage metrics: Yes
Metrics types: The BPD support team will provide monthly reports on the status and usage of the system. This includes uptime, named users, concurrent users as well as data storage status. Additional metrics can be provided upon request.
Reporting types: Regular reports

Reports on request

Resellers

Supplier type: Reseller providing extra features and support
Organisation whose services are being resold: IBM Software

Staff security

Staff security clearance: Conforms to BS7858:2019
Government security clearance: Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: Yes
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least once a year
Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest: Physical access control, complying with CSA CCM v3.0

Physical access control, complying with SSAE-16 / ISAE 3402

Encryption of all physical media
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation

Deleted data can’t be directly accessed
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach: Data export is performed through standard or custom built reports, or if preferred can be delivered by BPD in an alternative agreed format.
IBM Maximo can also leverage a tool, MX Loader. This is an excel spreadsheet tool which enables customers (with no involvement from BPD) to upload and download date from/to IBM Maximo. Link: https://www.ibm.com/support/pages/maximo-mx-loader

Maximo also has a powerful integration framework, MIF (Maximo Integration Framework). This is used for integration of Maximo with other systems via REST APIs and other methods. It is extremely versatile and can also support automated export/import of data to other target systems.
Data export formats: CSV

ODF

Other
Other data export formats: Xml

Pdf

HTML

Web Services

PostScript

Word Document
Data import formats: CSV

ODF

Other
Other data import formats: XML

Data-in-transit protection

Data protection between buyer and supplier networks: Private network or public sector network

TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Legacy SSL and TLS (under version 1.2)
Data protection within supplier network: IPsec or TLS VPN gateway

Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability: 99.95% uptime
Approach to resilience: We're certified to ISO22301 (Business Continuity Management and Resiliency) as well as ISO27001. All aspects of the Data Centre Facilities are provided N+1 with no single points of failure. We can also provide our full business continuity plan is also available for review.
Outage reporting: Our proactive monitoring services are designed to capture and report any system outages. These monitoring services can also be tailored to provide email system alerts on behalf of clients. We also provide access to the monitoring system to end users.

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Username or password
Access restrictions in management interfaces and support channels: The network provides protection against network attacks.
Procedures and mechanisms are in place to appropriately restrict unauthorized internal and external access to data, and access to customer data is appropriately segregated from other customers. API endpoints are hosted on large, Internet-scale infrastructure and use proprietary DDoS mitigation techniques. Additionally, networks are multi-homed across a number of providers to achieve Internet access diversity.
Access restriction testing frequency: At least every 6 months
Management access authentication: Dedicated link (for example VPN)

Username or password

Audit information for users

Access to user activity audit information: You control when users can access audit information
How long user audit data is stored for: User-defined
Access to supplier activity audit information: You control when users can access audit information
How long supplier audit data is stored for: User-defined
How long system logs are stored for: User-defined

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: Amtivo Group on behalf of British Assessment Bureau
ISO/IEC 27001 accreditation date: 22 /2/2022
What the ISO/IEC 27001 doesn’t cover: Not applicable
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: Yes
Any other security certifications: ISO 27001

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: We adhere to the complete ISO 27001 policy process and management system. We are also accredited by Cyber Essentials Plus.
The Chief Technical Officer (CTO) is responsible for security and ensuring policies are implemented, reviewed and audited. The CTO reports to the main board of Galanthus partners, the CEOs of BPD Global Limited.

Operational security

Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach: Change Control and Management
We use an ITIL based Change Management process to manage any proposed changes to the infrastructure.
Our change request forms ensure that changes are clearly detailed and that all the relevant personnel have signed these off before any changes are made. Particular attention is given to any impacts potentially to Security and performance. Additionally we carry out regular security and vulnerability scans as part of the service using Nessus Enterprise
Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach: Our Information Security Management Committee meet every month and part of their remit is to review our current detection methods, and responses to any security issues.
Our customers are notified within 24 hours of any security issues being identified along with a description of the remedial action required and whether this needs to be undertaken by us or the customer. Systems are monitored 24 hours a day for any potential security incident utilising technology which correlates logs from various sources, including on customer end points to formulate a “picture” of what is going on at any given point.
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: BPD uses a suite of monitoring tools that maintain a continuous watch on all systems within the datacentres.

Any potential compromises are dealt with by our Incident Management Process with initial response as per our SLA within 30 minutes.
Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach: The BPD Service Monitoring System alerts based on pre-specified criteria. This can be tailored based on pre-defined processes to ensure that common events are dealt with swiftly or sent on for automated action.

The Service Desk is accessed either by phone or email to report incidents. Further to an incident a detailed service report is provided to the client outlining the incident, any action and future mitigation. This is provided within 24 hours.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: No

Social Value

Fighting climate change

Fighting Climate Change is an important part of current day to day business planning, especially where, companies have a global footprint. As part of an International group, we have employees travelling between countries on a semi-regular basis alongside our local activities keeping an office open and domestic staff travel.

We are committed to being a responsible employer and we want to lower our carbon footprint as a Company and offset our usage in the long term. To enable this objective, we have joined Go Climate Positive on their “Road to Net Zero” Certification scheme.

We are currently working towards achieving this by collecting and analysing the data for the last two financial years to calculate our Carbon Footprint. The process is to first understand and calculate our carbon footprint and then work through the programme with GCP to reduce and offset. The GCP Certification requires public disclosure of our emissions, targets, actions and impacts which means we will be held accountable by the general public if we do not achieve what we have agreed/signed up to.

This is not simply a tick box exercise for us but one from which we intend to build core company values and objectives to minimise the impact our business activities have on the environment. We are only at the start of our “Road to Net Zero” Certification journey, there are many tasks still left to complete but we progressing this as diligently and as efficiently as we can.

Pricing

Price: £850 to £4,700 a user a year
Discount for educational organisations: Yes
Free trial available: Yes
Description of free trial: Full non-production access can be provided to the MaxiCloud system. Time trial period is available on request

IBM Maximo Enterprise Asset Management and Work Management

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

IBM Maximo Enterprise Asset Management and Work Management

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents