Haplo

Cayuse Research Grants & Contracts

Cayuse Sponsored Projects with Fund Manager offers institutions and organsisations a central location managing the full end-to-end grant/award process of pre-and post-award activity – it facilitates the management of the lifecycle of a project and streamlines that process from proposal creation to close-out.

Features

  • Centralised capture and storage of all research administration data
  • Real-time visibility into the status of projects, proposals, and awards
  • Detailed award and subaward tracking
  • Comprehensive overview of entire research portfolio, simplifying management, improving oversight
  • Financial reporting and forecasting
  • Rolebased dashboards provide information related to proposals/awards/projects, increasing efficiency
  • Contract negotiation functionality for increased workflow and tracking
  • Costing of Research Projects
  • Smart-form technology utilising branching logic, automated workflow, routing
  • Streamlines research administration processes provides transparency to entire research portfolio

Benefits

  • Automated electronic routing that speeds proposal review and approval cycle
  • Enhancing collaboration between investigators and administrator
  • Maximise resources, increase productivity, and improve strategic decision-making
  • Administrators can easily manage the lifecycle of a project
  • Increases efficiency and drives greater productivity.
  • Easily check remaining funding
  • Interface to existing ERP systems for real-time synchronisation
  • Single place to monitor financial health and risks to compliance.

Pricing

£54,000 an instance a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids@cayuse.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

6 7 9 0 4 3 8 6 3 8 3 0 6 4 6

Contact

Haplo Jason Porter
Telephone: 44 (0) 7368 266097
Email: bids@cayuse.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
No
System requirements
Our suite can be accessed via any web enabled device.

User support

Email or online ticketing support
Email or online ticketing
Support response times
During core working hour (8AM-5PM GMT) the below is for both email/ticket or phone support response:
* Critical issues are responded to within 1 hour (fix: continuous effort) * High within 2 hours (fix: 1 business day)
* Medium within 4 hours (fix: 4 business days)
* Low within 6 hours (fix: by agreement.) During non-core working hours:
* Critical issues are responded to within 2 hours (fix: continuous effort) * High within 2 core service hours (fix: 1 business day)
* Medium within 4 core service hours (fix:4 business days) * Low within 6 core service hours (by agreement.)
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
No
Support levels
Our standard support offering is part of the Cayuse annual subscription fee. Our technical support contact information is available on every page within the system.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Haplo products are configured for each client and integrated with institutional systems. The Haplo team work closely with each client to implement their Haplo solution.

1) Requirements gathering and specification process. Requirements information is shared via a secure online project room and reviewed at an on-site workshop with key stakeholders from the institution and the Haplo team.

2) Configuration and integration. Haplo is configured to reflect institutional terminology, organisational structure, regulations and processes. Haplo is integrated with institutional identity management and authentication systems, Student Record Systems (if using PhD Manager) and/or HR system and other institutional systems as required.

3) Testing and revision cycles. Haplo attend for a 0.5 day on-site training for key users prior to testing.

4) Deployment. Haplo work with IT colleagues to set up DNS, SSL certificate, identity management, SMTP relaying; ensuring data feeds are live and working as required; and assist with one-off data imports if required.

5) Training and user documentation. Training system is provided matching the institution's preferred configurations with suitably anonymised data.
Service documentation
Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
  • Word
  • Excel
  • Video content
End-of-contract data extraction
Mutually agreed format eg. csv
End-of-contract process
£250 per 50GB or part thereof for the export process, which includes the cost of storage devices. The user is responsible for secure courier fees.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The user interface provides the same functionality on mobile and desktop. Mobile has small affordances to ensure a good user experience on touch devices.
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
A web based interface which enables users to find information about research, submit applications, approve other applications, submit research outputs, and collaborate with other users. Privileged users have access to configuration and service management functionality.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
Use of accessibility evaluation tools to ensure compatibility with assistive technology.
API
Yes
What users can and can't do using the API
REST style APIs are provided to:
- Add or change data in the system
- Receive messages about changes and events
- Access reporting information

Batch file APIs are provided to:
- Manage users and their profiles as an automated feed
- Import information

A server-side JavaScript API is provided to implement additional APIs and custom functionality.

Initial creation of an application instance is not available through an API.
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Haplo is tailored to meet the requirements of each institution. The following elements are configurable:

* terminology

* organisational structure

* data received and data held about each researcher

* which workflows are included and custom workflows

* text of online forms and approval routing workflows

* business logic and business rules

* reporting

* authentication methods

* branding

* public repository interface (entirely customisable to match the existing university website.)

Customisation is generally performed by Haplo, working closing with the institution, but training is available for the institution's developers to make customisations.

Scaling

Independence of resources
Each application instance has a resource limit which ensures that an application cannot apply a load which would affect other instances. When an application reaches the limit, requests are still serviced without error, but at a slower rate.

Analytics

Service usage metrics
Yes
Metrics types
Metrics are available on system usage, users and storage.
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Bulk export of data can be undertaken via an API.

End users (with appropriate permissions) can use the standard user interface to export data to excel (such as reports) or PDF (such as completed application forms.)

An archive process is available to export all data in a computer readable format at extra cost.
Data export formats
  • CSV
  • Other
Other data export formats
  • JSON
  • XML
  • CSV
Data import formats
  • CSV
  • Other
Other data import formats
  • JSON
  • XML
  • CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
SSH with mutual authentication is used to transfer data.

Data is always encrypted in transit, even on the local private network.

Availability and resilience

Guaranteed availability
We offer a 99.5% SLA (not including planned maintenance). Refunds are offered on a sliding scale as a % of monthly charges.
Approach to resilience
Available on request.
Outage reporting
Outages are reported by email alerts to subscribing users.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication
Users accounts are automatically configured by a user feed. Users then may be authenticated by Shibboleth (UK Access Management Federation), the user's AD FS or other SAML2 federated identify management. Users external to the institution may be authenticated by username and password if required by institution policy. Legacy LDAPS support is available.
Access restrictions in management interfaces and support channels
Users must be granted membership of privileged user groups before they can access management interfaces and our support services.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Lloyd's Register Quality Assurance Limited
ISO/IEC 27001 accreditation date
21/5/2018
What the ISO/IEC 27001 doesn’t cover
Our ISO27001 certification covers the entire service.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Haplo follows a no-compromise approach to information security as detailed in our Information Security Policy.

The Technical Director has primary responsibility for information security.
The Systems Administration Team is responsible for the day-to-day safety and security of the hosted platform and the information it contains.

The Haplo team are trained to follow our information security processes during induction and during regular staff training and security updates.

The Senior Management team meet regularly to review company information security practices.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All infrastructure and platform software is managed inside source control, with the source control version ID used to track changes through their lifetime.

To release any change, an authorised user must create and cryptographically sign a package to deploy it into production.

The customised applications running on top of the infrastructure and platform are independently versions, and Haplo works with the user's change control process to deploy changes.

A formal code review process assesses all changes for potential security impact.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Processes within our ISO27001 ISMS assess potential threats to our services.

Information about potential threats is obtained by subscribing to supplier's security notifications or monitoring dependency updates. Security issues are evaluated, and then applied within 24 hours after testing after running a full test suite. An emergency process can be used to patch more quickly if the vulnerability requires faster action.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Full auditing is enabled on all servers, recording all command and access. Logs are shipped to an independent server with separate access controls on a remote network, and analysed for anomalies.

Potential compromises are investigated by preserving all logs and data, then analysing potentially affected systems. Response is immediate to any incident.
Incident management type
Supplier-defined controls
Incident management approach
Haplo's Incident Management Policy details pre-defined processes for how we respond to incidents. Haplo classifies issues relevant to Information Security in 3 categories with different pre-defined processes for each category, reflecting different levels of security implications.

Users should report incidents to our Support Helpdesk either by ticket or telephone. Incidents will also be reported by automatic monitoring systems. Clients are kept informed regularly during the resolution of an incident.

Upon resolution, Haplo generates a report of the causes of the incident, the scope of the breach, and the actions taken, which is shared with the client.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

As a software company, we do not produce any goods or deliver any services that have any negative environmental impact. We deliver software services and products that help reduce paper use. We follow Amazon Carbon Footprint Best Practices and procedures.

With a SaaS solution hosted offsite, with providers who already have a significant commitment and ability to reduce emissions and attain carbon neutrality, this will further reduce the need for onsite data centres and the emissions from cooling and power that come with them.

Please see link here: https://sustainability.aboutamazon.com/environment/sustainable-operations/carbon-footprint

Most of our employees are home-based which helps to reduce the carbon footprint of using vehicles. Prior to Covid-19 working from home recommendations, we provided employee travel cards to encourage lower vehicle use. For our UK based employees, we are planning to apply for the Bike to Work scheme.
We do our best to find offices based in modern, environmentally friendly buildings. For instance, our UK office is housed within a shared building that has a net neutral Carbon footprint, and our Portland office is based in the World Trade centre which operational practices are environmentally compatible and provide a healthy work environment for tenants and staff. Please follow the link here: https://wtcpdx.com/about-us/

The very nature of the solution itself significantly reduced the amount of paper required in research administration by automating workflows and bringing what can be heavily paper-based activities online.
Tackling economic inequality

Tackling economic inequality

Our corporate responsibility starts with the workplace giving initiative called the Community Reciprocity Project. We want Cayuse employees to be able to donate funds and time to local community enrichment organizations with donation matching and volunteer time off from our company.

While Cayuse supports ground-breaking research, it’s important to be able to directly support one’s own community. Employees around the world will be able to contribute to their own communities in a direct and connected way. For 2022 we have chosen Shelter as our primary charity within the UK and are actively developing giving initiatives.

Our offices are all supported by local teams, local vendors and we strive to invest into the local community both through charity commitments, such as sourcing and funding local AED devices in our London offices. In addition, we employ a remote first policy allowing our staff to work from home and reduce the impacts of travel, for role for which office work is more suitable, we recruit locally and we use local websites to source catering, cleaning and removal services and as mentioned in 5.3.17.5 we also operate a local intern programme in the UK.

Each year we operate an intern programme for local (London based) University students to obtain up to 12 months of paid work experience. Although we don’t have a regular structured graduate programme, we do have a healthy investment in graduate recruitment, with many of our team having started life within the company as graduate hires, either returning from an internship or newly recruited.
Equal opportunity

Equal opportunity

Cayuse’s core values are Integrity, Inclusion and Innovation and our corporate responsibility is tied closely to these values. We act with high ethical standards to foster trust regardless of the situation and we proactively recruit, engage, and retain diverse and empowered teams.
We are an equal opportunity employer. We encourage equality and diversity among our workforce. We believe that everyone deserves to work in an environment free from discrimination, harassment, victimisation.

We oppose all forms of unlawful discrimination such as pay and benefits, dismissal, redundancy, promotion, training and development opportunities, etc.

We value our employees and have our annual ‘Impact Award’ recognition programme, where awards are given to those within the company who have gone above and beyond and have exemplified the company Values and Commitments, we also employ a continuous recognition programme. This allows everyone to recognise teammates by sharing the impact they have had by upholding the company values and commitments to our clients.

Pricing

Price
£54,000 an instance a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids@cayuse.com. Tell them what format you need. It will help if you say what assistive technology you use.