KORE LABS LIMITED

KorePRM® (Product Relationship Management-as-a Service) with WikiKore®

Kore is the first ever Product Management-as-a-Service platform providing end-to-end product governance. Our set of digital tools provide a controlled environment for creating, managing and monitoring all types of products and services - from ideation to withdrawal.

Features

• End-to-end lifecycle management of products & processes
• Golden source of all metadata, documents, processes
• Rule engine with configurable controls and business logic
• Granular audit trail of all events, decisions, changes of status
• Dashboards, reporting and analytics
• Permission-based, with the ability to set delegated authorities
• Ability to create visibility perimeters for separate business units
• Global taxonomy for product description, KPIs and reports
• Connectivity with internal and external data sources (APIs/file ingestion)
• User journey enriched by AI/ML algorithms

Benefits

• Turn-Key SaaS platform with embedded/constant R&D
• Single source of truth increasing efficiency and reducing manual processes
• Unlimited controls and embedded business logic reduce risks/process inconsistency
• Clear set of authorities and delegation for robust/defendable approval processes
• Allows real-time governance of data, documents, processes, people authorities
• Hyper-configurable, with drag-and-drop features, adaptable to any product, business, process
• Governance adaptable to meet any external regulation or internal policy
• A platform for connectivity with internal and external data sources
• Modular, for quick implementation and incremental adoption
• Light-touch IT engagement and low cost/time to adoption

£15 to £250 a user a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at finance@korelabs.co. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

682877374480476

Contact

Sabrina Del Prete
0780 241 4515
finance@korelabs.co

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Incident: Level 1 - Critical - response time 2 hours/restoration time 4 hours; Incident: Level 2 - Blocking - response time 4 hours/restoration time 8 hours; Incident: Level 3 - Non-Blocking - response time 2 business days/restoration time 5 business days; Incident: Level 4 - Outside of SLA - no SLA; Service Request: Level 4 - Outside of SLA - no SLA; Change Request: No SLA, timescales agreed on a case by case basis.; ; Out of office hours monitoring and response to critical incidents.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Our customer is right at the centre of our Support & Service Management Approach; We provide a blend of technical and industry expertise to support with both how the system works and how you work with the system. We are with you every step of the way from a pre-pilot to get the ball rolling, to developing a deeper sandbox for you to try more things out, developing a Minimum Viable Product, onboarding, going live, rolling out and beyond.; At a high-level the role of each of the client-facing teams is: ; - Client management: Leads all aspects of a prospective and client relationship through the the ‘land and expand’ client lifecycle ; - Technical sales support: Ensures all technical aspects of the product are delivered to the client from sandbox through to product implementation (integration and configuration); - Customer success: Provides the ongoing support to the client and enables the training, adoption and product usage. Plays a key role in expanding the client relationship. ; ; We offer 4 tiers of support levels depending on the clients size and requirements: Embedded, Gold, Silver and Bronze.; ; Cost is all included in the agreement.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our customer is right at the centre of our Support & Service Management Approach; ; We provide a blend of technical and industry expertise to support with both how the system works and how you work with the system.; ; We are with you every step of the way from a pre-pilot to get the ball rolling, to developing a deeper sandbox for you to try more things out, developing a Minimum Viable Product, onboarding, going live, rolling out and beyond.; ; A team of experts to support you at all stages of your journey including:; - Client Manager; - Customer Success Manager; - Delivery Manager; - Service Desk; ; Kore Labs will provide up to 10 in-person hours of support for any additional configuration support of the Kore Labs Platform following completion of the On-Boarding process. ; ; Kore will provide up to 5 in-person hours of training to Admin Users in relation to usage of the functions that aid the configuration of the Kore Labs Platform. This will take place in the form of two virtual sessions at a pre-arranged time & date, recording will be made available. Additional queries can be supported through our Customer Success mailbox.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: PPT
• End-of-contract data extraction: At the end of the contract, data can be extracted and made available to the client, in line with the data portability requirement under the GDPR provisions. This is a manual process. If the contract has expired and Kore is mandated to destroy data in cloud services, this data is encrypted, the key is destroyed and then the environments and data is wiped.
• End-of-contract process: We will discuss requirements with the client on an ad hoc basis. There is no cost included in the cost of contract - any additional cost will depend on the client requirements.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Application follows responsive design layout and principles to support mobile and tablet devices.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: The Supplier Platform offers integration capabilities via an enquiry API in order to query products according to required criteria and to retrieve product information and attributes. The query of data in scope of this Enquiry API is as below:; • Product query: query products and filter by status, business unit or a configurable product feature; • Product data: retrieve product information such as name, code, description status or any configurable product feature.; ; Access to the API is subject to additional API licence costs, API support & maintenance costs and the policies:; • Authentication will be via provided Client ID and secret with Read access to query information via a Service account; • The service level for the API will be in alignment with the existing SLA. ; • The Supplier may update or modify the APIs from time to time. In general updates to the API will be non-breaking. A non-breaking change (e.g adding an additional data field to the API) refers to a change that can be integrated without causing disruption; • In the event that a breaking change must be deployed, the previous version of the API will be supported for up to 6 months from implementation.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Kore is highly configurable, modular and designed to guide users through a consistent product roadmap without constraining them. Configurable product taxonomy, monitoring templates, rule engine, controls and product lifecycle management (and other admin options) are designed for non-technical product SMEs. The provision of simple forms and drag and drop functionality is out of the box, without the need for bespoke customisation. 95% of Kore’s features are configurable and do not require code customisation. Typically, it takes 4 to 12 weeks to adopt Kore

Scaling

• Independence of resources: Client environments are single tenant with auto-scaling enabled, designed for performance and resilience.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide KPIs as part of Customer Success quarterly review
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Using the PRM User Interface - manual Import/Export (Report export (pptx, pdf, csv))
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PPTX
  • PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • PPTX
  • PDF

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: High Availability:; ; Availability of the Kore Labs Platform will be in accordance with the following conditions: ; • Databases will be replicated in near real time across zones, with automatic fail over. ; • Application cluster: Automatic Kubernetes node reprovisioning within Region ; • Disk storage replicated across 2 Zones
• Approach to resilience: All environments are defined and deployable as IaC (Infrastructure-as-code).; ; Key technologies:; - Google Cloud Platform; - Kubernetes (GKE); - Gitlab, Gitops, CI/CD; - Terraform; - FluxCD; - PostgreSQL; ; Hosted by default on GCP London or any Google cloud location.
• Outage reporting: Our Security Incident Management process is compliant with ISO27001 standards. Timely communication and ongoing updates to the customer's stakeholders (defined during the customer onboarding phase) will be made through the channels agreed with the customer by the Customer Success team or Delivery Manager in charge.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: In line with the Access Management Policy, which is compliant with ; ISO27001 standards, user activity and access are role and permissions-based.; Kore Labs employs the principle of least privilege - any additional access beyond what is essential for job functions requires explicit authorisation from the appropriate authority. Regular reviews of access rights are conducted to ensure alignment with current roles and responsibilities.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Citation ISO Certification Limited (Certificate number 451172024)
• ISO/IEC 27001 accreditation date: 20/02/2024
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Our Information Security Policy and linked policies, procedures and standards, demonstrate Kore Labs’ Information Security Management System (ISMS), as well as highlight principles in safeguarding the company’s assets.; We recognise that security threats are constantly evolving; Kore Labs will use best endeavours to follow the most current industry security best practices and principles in order to stay cyber secure and resilient, in compliance with ISO27001.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Every change is effectively a release. Before changes are applied to the production like environment, they undergo thorough documentation, multiple peer reviews, risk reviews as well as receive the approval from relevant line managers, following the assessment of potential business impacts and risks. This is to prevent vulnerabilities and ensure compliance with security standards. ; ; Measures implemented to maintain version control, record changes, communicate details to relevant stakeholders, update associated documents, and review information classification. ; ; Regular checks conducted to detect unauthorised changes and confirm the accuracy of implemented modifications.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Kore Labs' agreed enterprise patch management solution (Intune) must be used for patching all our endpoint devices, which must be centrally managed with automated patch implementation to devices i.e. require no end user interaction.; The enterprise patch management solution is to be centrally managed with automated patch implementation to devices.; Patching must take place using a risk based approach (outlined within the section titled “Patching Timescales”).
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: In compliance with ISO27001, we developed a Montioring, Logging & Alerting Standard and Incident Management Policy. Logging and monitoring mechanisms are critical in preventing, detecting, and minimising the impact of a data compromise. Thus, Kore Labs’ security incident response / management is an organised approach to addressing and managing a security incident, breach, or attack, and its aftermath.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Kore Labs’ security incident response / management is an organised approach to addressing and managing a security incident, breach, or attack, and its aftermath. It is also compliant with ISO27001 standards.; ; All incidents are recorded within an incidents log. The CTO is ultimately responsible for collating incidents logs, providing a report of incidents as part of our periodic / regular risk meetings, which discuss information security reporting.; ; On a monthly basis, a report of all the incidents that have occurred is compiled, and the top-rated incidents are reported into the appropriate committee(s).

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Our service provision will prioritise renewable energy sources, reduce carbon emissions, promote sustainable practices, and innovate eco-friendly solutions. It will promote transparency, sustainability, and responsible practices by facilitating the integration of sustainable design principles and providing lifecycle assessments. It will promote responsible sourcing practices throughout the supply chain and help comply with regulatory compliance.

  Covid-19 recovery

  Our service provision continues to support Covid-19 recovery by ensuring safety protocols, facilitating remote work and collaboration, enabling contactless transactions, promoting health awareness, and fostering community resilience. It will also enable transparency to help identify potential disruptions. While the direct impact on the virus itself might be limited, a product governance platform can be a valuable tool for businesses navigating the complexities of the Covid-19 recovery.

  Tackling economic inequality

  Our service provision will address economic inequality by supporting transparency and efficiency in financial services, improving trust, equality and resilience, offering affordable access, promoting financial literacy, creating job opportunities, supporting small businesses, and advocating for fair wages and policies. It will promote transparency, support decision-making processes, make data available for identifying disparities which can in turn inform and influence policy changes and targeted initiatives to address the issues.

  Equal opportunity

  Our service provision will contribute to equal opportunity in several ways by focusing on inclusivity and accessibility throughout a product’s lifecycle. It will encourage the use of design principles that consider a wide range of user abilities and needs. It will promote diversity and inclusion in the supply chain, and encourage sourcing practices that support diverse suppliers, including minority-owned businesses or those with strong disability inclusion programs. Our service provision is designed to meet accessibility standards, ensuring everyone can access and use its features regardless of ability. It will promote transparency and communication.

  Wellbeing

  Our service provision will enhance wellbeing through mental health support, promoting work-life balance, facilitating access to healthcare, encouraging healthy lifestyles, fostering social connections, and prioritising user satisfaction and safety. It will ensure safe product design and use by monitoring for potential product defects, tracking compliance with safety regulations, and using data to inform product improvements. It will promote ethical sourcing and worker wellbeing throughout the supply chain. The platform can facilitate user control over their data and privacy settings. This empowers users to manage how their data is collected and used by the product.

Pricing

• Price: £15 to £250 a user a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We provide a 6-week free Sandbox access with the following outcomes:; ; - Report against determined measures of success; - Stakeholder Demos; - Support for Business Case; - Understand of potential user cases to help form roll-out plans; - Configuration of dedicated sandbox environment according to identified use case

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at finance@korelabs.co. Tell them what format you need. It will help if you say what assistive technology you use.