EXCELLEDIA VENTURES LIMITED

Enterprise management software (isorobot)

isorobot is an automated enterprise management system that helps organisations to efficiently manage their international frameworks such as multiple ISO standards, legal and regulatory frameworks, all the major business excellence & strategy frameworks.

Features

• Integrated People, Process & Asset Management
• Roles Based Access
• Ticketing System (Support)
• API Console
• Chatbot User Guide
• Escalation Notification
• Conditional Filtering
• import and export capability
• Manage Workflow
• Business Assessments & Awards

Benefits

• Complete Visibility & Management
• Smooth Onboarding & Integration
• Increased Agility
• Dynamic organisation Structure & People Management
• Governance and Compliance Management
• Management System, Certification Body and External Audits
• Business Process Improvement
• Efficient enterprise risk management solution

£2,250.00 a user a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at farooque@excelledia.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

689949246504653

Contact

Farooque Muahmed
+44 7999 399981
farooque@excelledia.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: N/A
• System requirements: N/A

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We expect to respond to all support requests within 30 minutes, 7 days/week.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Excelledia are subject matter experts in business continuity.; ; Our system operates to a high degree of availability (99.99999%). Our standard RTO (Recovery Time Objective) is a maximum of 30minutes and our maximum and our standard RPO (Recovery Point Objective) is a maximum of 30 minutes.; We can deliver Real Time recovery if required but have not costed on this basis (we have costed according to the above maximum RTO and RPO).; ; We will operate a ticketing system to address issues raised based on priority. Our Service SLA will ensure our responses are timely, fully monitored and in keeping with your requirements.; ; Local phone support will be put in place as required (i.e. 08:00 to 18:00 Mon-Fri, excluding bank holidays.); ; Our Contract Manager Mr Paul Ibbotson will have overall responsibility for the delivery and quality of the ongoing work and the success of the contract. He has the authority to intervene where necessary to ensure this is achieved.; Support cost will be 20% of the contract value and complementary for the first year .
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Excelledia has an extensive and established dedicated training function (Excelledia Training Academy.) With our training team working across our global offices, Excelledia Training Academy provides a platform for interactive, practical and value-based learning.; Our system is highly intuitive and user friendly but we view training as a critical part of this contract. Given the considerable investment to introduce this new system, we will ensure that those who use it (or interact with it in any way) understand what the system means to them and how to use it to its maximum benefit, for them as an individual, and for the benefit of the organisation as a whole.; We provide the following training:; Management Training; End-User Training; Admin Training; We also provide comprehensive user guides.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Our solution has the capability of exporting data to all standard formats/ applications such as (MS Office, Adobe, PDF, CSV, and XML etc.). Our cloud connector feature can also store and retrieve files from cloud storage locations and bring them into the system. This means you have a secure place for all your documents to be accessed and shared from anywhere. Should you chose to end the contract all data can be recovered in whatever format you chose.; The system provides for data encryption as a measure to ensure information security. It has the capability to compress and encrypt data automatically to enhance confidentiality. It encrypts stored data, has back ups in place and permits replication.
• End-of-contract process: The effect of termination of a contract releases the parties from their outstanding obligations under the contract until the contract is renewed. ; In case of final termination and non-renewal, excelledia will discontinue the service, return all data and delete the subscription or instance from its server, if applicable.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The system has a responsive design makes use of flexible layouts, flexible images and cascading style sheet media queries including a responsive web design for all mobile devices e.g. phones, tablets.; functionally, there is no difference between the desktop service and mobile .
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: The solution can be customised as per the client requirement by our technical team.

Scaling

• Independence of resources: For each project, we create a separate committee to deal with the specific project, including communication with the client, feedback, demand,; ; Each client has a different team and a different approach depending on their needs and requirements.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Our solution has the capability of exporting data to all standard formats/ applications such as (MS Office, Adobe, PDF, CSV, and XML etc.). Our cloud connector feature can also store and retrieve files from cloud storage locations and bring them into the system. This means you have a secure place for all your documents to be accessed and shared from anywhere.
• Data export formats: CSV
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Severity Level 1. Occurrence is potentially damaging to end user supplied data; gives incorrect results without warning; prevents user from using any functionality that would normally be available and requires immediate action due to unavailability of a workaround known to the user.; Maximum response time: 30 min ; Severity Level 2. Occurrence is not potentially damaging to end user ; Maximum response time: 4h
• Approach to resilience: We will provide this information upon request.
• Outage reporting: The service will report outages via dashboard and email alerts.

Identity and authentication

• User authentication needed: No
• Access restrictions in management interfaces and support channels: At the very least, limit authorised inbound IP addresses to those used by dedicated management devices. Deploy jump servers where you need to expose management interfaces to less trusted networks.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BQA
• ISO/IEC 27001 accreditation date: 26 February 2020
• What the ISO/IEC 27001 doesn’t cover: Design Development Implementation Maintenance and Testing; of Software Products and Implementation of IT Infrastructure
• ISO 28000:2007 certification: Yes
• Who accredited the ISO 28000:2007: BQA
• ISO 28000:2007 accreditation date: 10/03/2021
• What the ISO 28000:2007 doesn’t cover: Design Development Implementation Maintenance and Testing; of Software Products and Implementation of IT Infrastructure
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Isorobot is GDPR compliant as well as compliant with the internationally recognised best practices of ISO 27001 Information Security, ISO 19600 Compliance, ISO 27014 Information Security Governance and ISO 22301 Business Continuity Management Systems. This ensures the highest possible standards of security and business continuity.; Independent external audits are carried out once a year. Internal Audits and Management Review Meetings are carried out twice a year.; Secure Log retention is achieved by leveraging an audit trail.; Minimum log retention for a period of 6 months is available and can be reviewed in the case of breaches. An admin approval process will be followed each time new accounts are created and access to your data from a secure device is made possible with HTTPS secure access. We have a process for the immediate removal of access to data for all staff leaving the organisation who no longer require access.; All resources, including the roots, organizational units, accounts, and policies in an organisation are owned by an administer account. Permissions to create or access a resource are governed by permissions policies.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We follow a strict change control process:; - Identify the need for a change; - Log change in the change request register ; - Conduct an evaluation of the change ; - Submit change request to Change Control Board (CCB) ; - Change Control Board decision (CCB); -Implement change; Secure Log retention is achieved by leveraging an audit trail: a digital record of server activity including data entry and user access activity. Audits will regularly be performed on applications and devices across your environment while simultaneously helping ensure the safety of your system by comparing issues to a list of known threats.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Approach to vulnerability management; How you assess potential threats to your services: Using incident management software ; How quickly you deploy patches to your services: Real time, maximum 30 minutes ; Where your information on potential threats comes from: we perform a risk analysis to define all potential threats and act accordingly.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: How do you identify potential compromises: by performing a continuous risk analysis ; How do you react when you find a potential compromise: we have an internal committee to handle all compromises, they implement immediate corrective action, then look for the root cause and implement preventive action.; How fast is your response to incidents: real time, max: 30 minutes
• Incident management type: Supplier-defined controls
• Incident management approach: Do you have predefined processes for common events: Yes, we do. ; how users report incidents: using our incident management solution ; how you provide incident reports: our incident management solution will generate an automated report

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  We will share upon request
• Covid-19 recovery:

  Covid-19 recovery

  We will share upon request
• Tackling economic inequality:

  Tackling economic inequality

  We will share upon request
• Equal opportunity:

  Equal opportunity

  We will share upon request
• Wellbeing:

  Wellbeing

  We will share upon request

Pricing

• Price: £2,250.00 a user a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Entire system for 15 days

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at farooque@excelledia.com. Tell them what format you need. It will help if you say what assistive technology you use.