SAS Software Limited

SAS Customer Intelligence 360 Proof of Concept

SAS CI360 Discover collects granular digital customer level behaviour data and makes it available in real-time for analytics, AI, decisioning, reporting and marketing use cases. Gain rich insights into your customers journeys, conversions and preferences to optimise your communications and use the data to create a single customer view.

Features

• Granular behavioural data capture from web and app channels.
• Conversion, goal and business process tracking and reporting.
• Data streaming engine for custom real-time reporting, decisioning and analytics.
• Customer journey monitoring and reporting.
• Analytical and rules-based attribution.
• Built in real-time reports and dashboards.
• Open data model for integration of offline and online data.
• Dynamic data collection with a single line of HTML.
• Scalable and extensible with integrations into 3rd party tools.

Benefits

• Build a complete, unified view of your customers.
• Reduced tagging means reduced total cost of ownership and maintenance.
• Improve your multichannel strategy and insights.
• Find opportunities to improve ROI.
• Enhance your customer experience.
• Make decisions quicker with real-time data.

£6,370 an instance a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ukframeworks@sas.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

673738357494293

Contact

Neil Cruden
01628 486933
ukframeworks@sas.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: The rest of the SAS Customer Intelligence 360 platform including: Engage Digital, Direct, Email, Optimize and Plan. It can also be an extension to SAS Viya, the core SAS analytics platform.
• Cloud deployment model: Hybrid cloud
• Service constraints: The solution is designed to be scalable and flexible to customers needs. For system maintenance SAS carries out third weekend maintenance. SAS will initiate this process and provide customers with advance notice of any planned maintenance.
• System requirements:
  • Client computers that run SAS interfaces require modern operating systems
  • SAS recommends 64-bit web browsers run on 64-bit operating systems
  • SAS supports 32-bit web browsers run on 32-bit operating systems
  • SAS requires Google Chrome 67.0 and later
  • SAS requires Mozilla Firefox 60.0 and later
  • SAS requires Microsoft Edge 42.1 and later
  • SAS requires Apple Safari 10.0 and later

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Level 1 (Blocker). Critical SAS production system down or does not function at all. Initial follow-up 30 minutes.; ; Level 2 (Critical). Issue relates to loss of data, the inability of a User to access the System, or potential impact to key deliverable or deadline. Initial follow-up 4 hours of a SAS Business Day.; ; Level 3 (Major). Incident impacting a User's ability to perform a task without a critical deadline. Initial follow-up 1 SAS Business Day.; ; Level 4 (Minor). Usage questions. Initial follow-up within 1 SAS Business Week.; ; Level 5 (Trivial). Cosmetic problems. Initial follow-up within the next SAS Business Week.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: SAS is committed to providing accessible software, documentation, training and support materials through the ongoing evolution of our products and internal processes. Our goal is to enable users of all abilities to access the power of analytics. SAS strives to be the vendor of choice for organisations that need to deploy analytics in an inclusive manner. ; ; SAS has adopted WCAG 2.0 AA as our internal accessibility standard for all software, documentation, training and support materials. SAS has appointed a Director of Accessibility and established a centralised Accessibility Team that is charged with implementing the internal accessibility standard. Several members of the team have disabilities. ; ; The Accessibility Team:; ; - is familiar with the WCAG 2.0 principles, guidelines, success criteria and common failures. ; - are resident experts on assistive technologies that are used by people with disabilities. ; - provide 3rd level customer support for SAS users with disabilities and recruit those users for usability tests in the SAS Usability Lab. ; - delivers accessibility training for R&D staff. To date, training classes have been created for WCAG 2.0, the Accessible Rich Internet Application (ARIA) specification, the JAWS screen reader for Microsoft Windows, and the VoiceOver screen reader for Apple iOS. ; ; Further information: www.sas.com/accessibility
• Onsite support: Yes, at extra cost
• Support levels: Level 1 (Blocker). A critical SAS production system is down or does not function at all, ; ; Level 2 (Critical). The issue relates to a loss of data, the inability of an individual User to access the System, or potential impact to a key deliverable or deadline.; ; Level 3 (Major). The incident is impacting a User's ability to perform a task without a critical deadline.; ; Level 4 (Minor). Usage questions; clarification of documentation.; ; Level 5 (Trivial) . Cosmetic problems in a document or interface.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: SAS has created a comprehensive set of learning resources to help users getting started including the SAS workbench which is a step by step onboarding document providing you with everything you need to get started.; ; These are accessible from: ; • https://support.sas.com/en/software/visual-analytics/8.html; ; SAS Education offers training to cover the features of the service, using a range of approaches, including: Instructor based (public); Customer specific courses; Online tutorials; Train-the-trainer; - On-site workshops.; ; SAS Professional Services help customers by delivering exceptional quality consultancy and support services.; ; The following resources are available to SAS users and communities and are free of charge:; • A UK Customer Support telephone help-line (0800 - 1800 Monday to Friday). ; • SAS UK User Groups – a calendar and agendas of User Group Events run throughout the year; • SAS Communities – an on-line forum for users to communicate with the global SAS community, both customers and SAS employees; • SAS Tutorials and Webinars - hundreds of short videos and Webinars which cover using the features of the service; • SAS Customer Loyalty - a team dedicated to helping customers getting started with SAS software and reaping all the benefits the software has to offer.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: EPUB
• End-of-contract data extraction: Onboarding documentation is available via the standard product documentation. Information about how to offboard from the solution (e.g. downloading data from the APIs) is also available there.
• End-of-contract process: Users can extract their data when the contract ends through the REST API Gateway.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Users can access info about the health of the service at http://status.360.sas.com/; ; Users can configure data descriptors that define how services and other tools interface with the REST APIs. Data descriptors are JSON objects that describe the structure and the type of data items that are contained in a data set. Data descriptors contain these parts:; ; - Top-level attributes - define basic information for the descriptor and specific implementation settings. ; - dataItems object - JSON object that contains a list of one or more data items. In an import descriptor, data items define each field that exists in your data.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: SAS is committed to providing accessible software, documentation, training and support materials through the ongoing evolution of our products and internal processes. Our goal is to enable users of all abilities to access the power of analytics. SAS strives to be the vendor of choice for organisations that need to deploy analytics in an inclusive manner. ; ; SAS has adopted WCAG 2.0 AA as our internal accessibility standard for all software, documentation, training and support materials. SAS has appointed a Director of Accessibility and established a centralised Accessibility Team that is charged with implementing the internal accessibility standard. Several members of the team have disabilities. ; ; The Accessibility Team:; - is familiar with the WCAG 2.0 principles, guidelines, success criteria and common failures. ; - are resident experts on assistive technologies that are used by people with disabilities. ; - provide 3rd level customer support for SAS users with disabilities and recruit those users for usability tests in the SAS Usability Lab. ; - delivers accessibility training for R&D staff. To date, training classes have been created for WCAG 2.0, the Accessible Rich Internet Application (ARIA) specification, the JAWS screen reader for Microsoft Windows, and the VoiceOver screen reader for Apple iOS. ; ; Further information: www.sas.com/accessibility
• API: Yes
• What users can and can't do using the API: Users can access the API gateway to perform the following tasks:; • Stream events to an on-premises environment; • Download metrics and data in bulk; • Perform GDPR functions; • Upload data and configure jobs; • Check the health of the service and the gateway itself
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users can create their own custom events, business processes, data collection rules and data views. They can further customise the service through two way integrations with other SAS or third-party tools to enhance the functionality of each.

Scaling

• Independence of resources: SAS leverages IaaS and a microservices architecture to autoscale vertically and horizonally. SAS Customer Intelligence 360 is a SaaS offering that is designed to scale to meet the needs of clients.

Analytics

• Service usage metrics: Yes
• Metrics types: SAS provides session usage metrics through the SAS Customer Support Team who can offer detailed insights and analysis on monthly calls. The data is broken down by daily usage. They can also provide information and updates on support tickets. For more info see: https://www.sas.com/en_gb/customer-success.html
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Via REST API Gateway
• Data export formats:
  • CSV
  • Other
• Other data export formats: SAS7BDAT
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: As part of the service SAS offers a 99.5% up-time warranty.
• Approach to resilience: Applying an all-hazards planning approach, SAS’ incident preparedness and response is focused on protecting and recovering core business operations from threat impacts. Security, Facilities, IT, Communications, and the business units work together proactively to develop resilience and mitigation strategies. In a disruptive incident, they coordinate to execute response, recovery and business resumption plans. Under SAS’ pandemic plan, cross-functional taskforce members are engaged to coordinate proactive response activities in accordance with public sector guidance.; The underlying infrastructure is supported by SAS’s IaaS partner. Each customer’s environment is restricted to a specific geographic region. Within that region, multiple data centers are used to support the customer. These data centers are on different flood plain, have separate power sources and different internet connections. The underlying components autoscale. The applications have been designed for resiliency by running multiple instances of key components across availability zones.; For additional information regarding our global continuity of business initiative, please refer to: www.sas.com/corporate/continuity.pdf. Please also refer to the SAS Quality Imperative white paper: www.sas.com/qualitypaper.
• Outage reporting: Information on outages can be found at: http://status.360.sas.com/

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: There are strict access controls to prevent support teams from accessing customer data. The Principal of Least Privilege is used to control access to the environment. Bastion hosts in the environment are the only servers that permit operational access. Access to these servers is logged and monitored. User and programmatic access to the application is always encrypted using TLS 1.2. TLS Keys are stored in FIPS level 3 HSM. Access to the environment on all other ports is blocked on all other ports.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Essentials (CE)
  • Cyber Essentials Plus (CE+)
  • The infrastructure security certificates including ISO 27001, 27017 and 27018
  • The infrastructure security certificates including SOC2 and 3

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: SOC 2 Report – Report on Controls at a Service Organisation Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy (Type 2); ; SOC 3 Report – Trust Services Report for Service Organisations.; ; SAS monitors external standards, best practices, industry and regulatory requirements that may be applicable to customers.
• Information security policies and processes: SAS’ strategic business plan and risk management framework provide the context for identifying, assessing, evaluating and controlling information-related risks through the establishment and maintenance of an Information Security Management System (ISMS) Policy. ; The risk assessment, Statement of Applicability and risk treatment plan identify how information-related risks are controlled. ; The Information Security Manager is responsible for the management and maintenance of the risk treatment plan. ; Additional risk assessments may be carried out to determine appropriate controls for specific risks. Fundamental to this policy are business continuity and contingency plans, data back-up procedures, avoidance of viruses and hackers, access control to systems and information security incident reporting. ; Control objectives are contained in specific, documented policies and procedures. ; All employees of SAS and certain external parties are expected to comply with this policy and will receive appropriate training. ; The ISMS is subject to continuous, systematic review and improvement. SAS has established a management information security committee, chaired by the General Council (Europe) and includes the Information Security Manager, Head of Information Technology, Head of Customer Success to periodically review the security policy. This policy is continuously reviewed to respond to any changes in risk assessment or risk treatment plan and at least annually.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: SAS' policy is to utilise standardised, effective methods and processes for requesting, implementing and communicating change practices. Respective owning departments manage change management and maintenance of systems. ; ; SAS adheres to defined change management processes and procedures based on hosting customer requirements. ; ; Customers or SAS can request changes based on required functionality or maintenance of the hosted environment, a Change Advisory Board (CAB) manages changes to the SAS environment. Changes are tracked using ticketing systems. After a change is completed, the security function of the solution is checked to verify that the functions are implemented correctly and operating as intended.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: The application undergoes several types of testing to validate that it is secure. External penetration tests are performed annually by a third party - results available under NDA. All vulnerabilities identified during the penetration tests must be remediated based on the criticality of the issues. Every monthly release undergoes static and dynamic application scanning to check for vulnerabilities. Additionally each release is scanned using OWASP and SANS vulnerability lists. Critical items are remediated before the code can be installed. Less critical issues are addressed based on their classified severity. All external endpoints of the application are scanned daily for vulnerabilities.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Inside the environment SAS leverages ACLs, and IAM permissions to restrict the connections between servers so that access can only happen on the specific ports needed. Intrusion detection software runs in the environment to actively monitor for intrusions and threats. The system leverages AI in its monitoring and identification of threats.
• Incident management type: Supplier-defined controls
• Incident management approach: SAS’ Global Information Security (GIS) Group sets security policies within SAS, provides security related services and manages security incidents. SAS’ global COB program evolved from its longtime disaster recovery and crisis management procedures. Applying an all-hazards planning approach, SAS’ incident preparedness and response is focused on protecting and recovering core business operations from threat impacts. Security, Facilities, IT, Communications, and the business units work together proactively to develop resilience and mitigation strategies. In a disruptive incident, they coordinate to execute response, recovery and business resumption plans.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  SAS recognises that its most material environmental issues are related to the use of energy and related greenhouse gas emissions from site operations, data centres and the development of software solutions.; ; SAS remains committed to the goals of the Paris Climate Accord and joined the Business Ambition for 1.5°C. SAS was recognised as one of the first 1,000 companies to set a 2050 carbon-neutral goal and commit to establishing science-based targets. In 2020, SAS submitted 2025 and 2030 emission reduction targets to the Science Based Targets initiative (SBTi) for review. These targets expand on SAS' path to net zero by changing the base year for interim targets from 2011 to 2018 and now include scope 3 emissions that are affected by how the company operates.; ; To achieve its net zero ambitions, SAS assigns top priority to minimising energy consumption and related emissions from its operations. Key energy and emissions mitigation initiatives include establishing aggressive energy and emission reduction goals; building and maintaining facilities to LEED® guidelines; installing electric vehicle charging stations; investing in renewable energy; pursuing smart energy-efficient technologies for office buildings and data centres; encouraging teleconferencing to limit travel; and developing analytic tools to help employees understand the environmental impacts of their business decisions. ; ; The SAS Environmental Management Programme applies best practice ISO 14001 Environmental Management System processes and structure to drive continual improvement across business operations, and in the development of solutions and services to address its environmental impacts.; ; SAS uses its own technology to measure and analyse the performance of its sustainability initiatives. SAS software calculates the company’s global carbon footprint and the impacts of business processes and mitigation initiatives. SAS solutions support the application of global standards such as the Greenhouse Gas Protocol and the Global Reporting Initiative Enabling continual improvement of environmental processes.
• Covid-19 recovery:

  Covid-19 recovery

  In 2021, the SAS STEP Programme was launched in the UK and Ireland earlier. It is a free digital learning programme to aid post-pandemic economic recovery by training people in much sought-after data skills, with the aim of finding them employment.; ; The free SAS STEP programme provides jobseekers with skills in data literacy, data analytics and data science http://www.sas.com/step. The learning platform provides free access to SAS analytical software and a suite of digital learning resources. ; ; The programme uses SAS’ existing commercial learning platform and operational systems to manage every aspect of the learner journey from initial enquiry, through logistics to post-learning evaluation and analysis. There is no cap on organisation or participant numbers from charities or non-government commercial organisations.; ; Additionally, to meet the needs of learners and professionals adapting to new daily routines brought on by COVID-19, SAS launched flexible, free options for learning SAS. This resulted in more than 44,000 activations of the SAS Academy for Data Science and SAS Learning Subscription trials.; ; In additional to general policy issues, SAS will engage with governments to offer its assistance when society and the communities we operate in face significant issues such as the COVID-19 pandemic. Early in 2020, SAS developed specific analytics and software tools for our government partners around the globe as governments raced to understand the crises and how to respond.; ; The COVID-19 Data Analytics Resource Hub was created for this purpose. SAS continues to find ways to offer support to our government partners.
• Tackling economic inequality:

  Tackling economic inequality

  There is widespread evidence that big data analytics helps achieve short- and long-term development goals around the world. As the global leader in analytics, SAS is passionate about applying its cutting-edge technology and expertise to help solve some of society’s biggest problems such as poverty, disease, hunger and illiteracy. ; ; SAS has always been an organisation motivated by challenges to use its technology to build a better world. As the UN Sustainable Development Goals work to reduce inequalities and ensure healthy living, SAS seeks out opportunities where it can help create a brighter future for all. SAS’ social innovation initiative works to find creative ways to accelerate global progress and move the world toward a more sustainable future. One of the ways that SAS supports this goal is through the Data for Good movement, which encourages using data in meaningful ways to solve humanitarian issues around poverty, health, human rights, education and the environment. From helping to boost healthy bee populations and combating deforestation to revealing racial disparities in homeownership and investing in patient wellness, SAS is contributing to building a better world for the people and the planet. ; ; SAS’ social impact programs rely on the curiosity and expertise of SAS employees who are passionate about using their skills for social good. Thanks to these efforts as well as the company’s partnerships with customers, industry groups, non-profits, governments and global organisations, SAS continues to discover new opportunities for analytics to serve the greater good.
• Equal opportunity:

  Equal opportunity

  At world headquarters and across all of its country offices, SAS is committed to providing an equal employment opportunity that treats all employees and applicants equally based on merit and experience – without regard to age, race, colour, sex, gender, gender identity, ; religion, creed, ancestry, national origin, citizenship status, marital status, sexual orientation, veteran status, disability, medical condition, pregnancy, or any other protected class as defined by government, regional or local law.
• Wellbeing:

  Wellbeing

  SAS cultivates the optimal environment for creativity, encouraging employees to take risks and exceed expectations while helping them integrate work and life. SAS invests in employee career development, and employee health and well-being through several services, programs and benefits. As a workplace culture champion, SAS has always invested in keeping employees happy to help attract, retain and motivate top technology talent. SAS’ comprehensive support infrastructure ensures employees stay healthy – both physically and mentally – with such benefits as its Work/Life and Employee Assistance Program (EAP). SAS’ Work/Life ensures expert guidance for employees navigating difficult life events; it helps them lead balanced, healthy and productive lives. ; ; SAS supports the idea that all employees have a natural desire to learn and grow. As part of its culture and benefits, SAS provides many development opportunities for employees, whether for specific job skills, business acumen or interpersonal competence. Training includes instructor-led classes, e-learning and live web training. SAS encourages employees at all levels to pursue training to hone their skills. Employees with sharp, updated and relevant skills offer more value to SAS customers in the dynamic, evolving world of data and analytics.

Pricing

• Price: £6,370 an instance a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Access to environment for trial and demonstration purposes
• Link to free trial: https://www.sas.com/en_gb/trials.html

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ukframeworks@sas.com. Tell them what format you need. It will help if you say what assistive technology you use.