SmartSimple Cloud for Granting
SmartSimple Cloud for Granting is Grant Management software that maps to your own business processes through a secure, configurable, and scalable grant-management platform. Manage grants, programmes, contracts and payments all in one solution with automation and a workflow subsystem. Collaborate in solution and track and report on KPIs and Impact.
Features
- Grants Management
- Dashboards and In-Built Reporting
- Your GDPR policy can be enforced in Solution
- Your Data Retention policy can be enforced in Solution
- Impact Measurement and KPI tracking
- Workflow Subsystem
- Business Automation
- Contract Management
- Full Life Cycle of Grant Managed
- Grant Project Management and follow up
Benefits
- Increased Administrative Efficiency
- Improved security and GDPR compliance
- Enter Data once and Reuse as Best Practice
- All data can be aggregated and reported on by client
- Clear Audit trail and Transparency
- Community User Groups
- Publish reporting to Website available
- Good data categorisation for appropriate aggregation
- Improve end user experience
- Future proof through continue evolution of solution
Pricing
£900 a unit a day
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
6 9 4 5 1 5 7 3 1 9 0 6 0 2 3
Contact
SMARTSIMPLE SOFTWARE UK LIMITED
Brendan Bardley
Telephone: +353 879 195 200
Email: bbradley@smartsimple.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Public cloud
- Private cloud
- Service constraints
- No constraints.
- System requirements
- Internet browser
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Our support desk is open 24 x 5 with 24 x 7 critical support available. Our support team are direct employees of SmartSimple and are system experts.
Response times available in our Service Level document here: https://cdn2.hubspot.net/hubfs/6704953/2_-_SmartSimple_Service_Level_Policy.pdf - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- We have an internal ticketing system that operates through your solution. In addition, our website offers a web chat which sometimes clients utilise to reach out to us.
- Web chat accessibility testing
- Testing has not been completed specifically on the website chat option.
- Onsite support
- Yes, at extra cost
- Support levels
-
Technical Support is provided by a dedicated team through three support channels (phone, email and in-system community portal). Live support is available Monday to Friday, 24 hours.
24x7x365 support for critical issues is available as detailed through our Service Level Agreement. Critical support (Tier 1 and Tier 2 only) is managed via a dedicated email account. This service is included in the subscription fees with no additional charges.
Essential support is included in the subscription fees which is based on the number of internal and external users.
Premium Support is available at an additional cost. It can include a named dedicated support representative, scheduled access to Director of Customer Success, on-going configuration services and training depending on the package chosen. Pricing is as follows per month: Silver Package £600; Silver + Package £1,000; Gold Package £1,700; Platinum Package Custom - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
On-site and on-line training is available depending on client requirements. User documentation in the form of training videos is provided to clients in addition to our public wiki.
All clients start at the scoping phase of the project where we review the current business processes, pain points of the current process, and goals for the new solution. - Service documentation
- Yes
- Documentation formats
- HTML
- End-of-contract data extraction
- The client owns all of their data stored in the platform. SmartSimple acts as the data steward. The platform can provide all client-stored data to National Archives Electronic Records Archives (NARA) standards. The significance of this functionality is that it provides self-serve access to all data within your system in a format that you can use without the requirement of the SmartSimple application/platform.
- End-of-contract process
-
Contract pricing is based on two components;
1) Initial One Time Fee for System Configuration - this is an implementation fee associated with setting up a system to authentically reflect an organization's business process
2) Subscription Fee - Access to a the configured system and includes all support and maintenance costs. Clients can opt for premium support for an additional cost.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Our platform is fully optimised for mobile use, including uploading images or documents from your mobile and completing applications.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
- Extensive thought has been put into the user interface to ensure it meets accessibility requirements for our clients and their end users.
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- Testing is done on the platform at each upgrade including screen reader testing. In addition, we offer guidance to clients on meeting accessibility standards with their own branding in platform and testing sites available. https://wiki.smartsimple.com/wiki/Accessibility
- API
- Yes
- What users can and can't do using the API
-
SmartSimple actively supports three APIs: OData, A Web Services API (a SOAP based API), and SmartConnect (a JSON based API). The JSON API is available for testing on our website:
https://api.smartsimple.com/devtools/api.html
https://wiki.smartsimple.com/wiki/Odata_Overview
Using the above API’s a wide range of integrations are possible.
SmartConnect API Details:
You define the fields that can be retrieved from that object through that function.
You choose the Action Type that you wish to use for the function. Currently there are five action types:
Get - Retrieve a single record for the object type you have selected in the function.
List - Retrieve multiple records or the object type you have selected in the function.
Update - Change data in one or more fields in the object you have retrieved. Update is also used to create new objects.
Download File - Downloads to the browser a file you have retrieved.
List Files - Retrieves a list of files from a specified object.
Search Files - Retrieve a list of files containing specific string values.
If you want to review how the API works and interact with some sample functions and test data be sure to visit the interactive demonstration page at api.smartsimple.com. - API documentation
- Yes
- API documentation formats
- Other
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
SmartSimple’s system is completely based on configuration, not customization. Everything within the system is configurable from the data model through applications, to the workflows and the portals.
During the initial implementation phase of the project our cloud specialists will map your own business processes into the solution with the flexibility that ensures your own wording, categorisation and KPIs are accurately tracked within our workflow subsystem and automised where appropriate for your business needs.
The configurable nature of the system means that no programming or coding is required to modify or extend the solution. This fact empowers SmartSimple’s clients to engage in activities like implementing new grant programs, modifying existing programs, manage communication templates, and more, without vendor involvement.
Scaling
- Independence of resources
- The system was designed for infinite horizontal scalability to meet user demands through the operation of a load balanced environment through multiple application servers.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Clients can always monitor their own service metrics through their solution.
- Reporting types
- Real-time dashboards
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
- Physical access control, complying with SSAE-16 / ISAE 3402
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
- The platform supports many data export/extraction tools. Data export types OData, Native APIs, Export to JSON/XML, and Other native tools. Additionally, supported data export formats include JSON, XML, XLS, XML, PDF, TXT, HTML, and others. Clients always have access to their data dependent on the staff RBAC and ABAC permissions assigned, ad hoc reporting is available - no vendor involvement is required to access these reports and export to excel, etc.
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- OData
- XML
- JSON
- TXT
- HTML
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- Autoloader
- Import wizard
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- Other
- Other protection between networks
- All data is encrypted in motion (SSL) and at rest (hard drives encrypted - AES 256-bit key).
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
SmartSimple uses commercially reasonable efforts to cause the Service availability in any month to be not less
than 99.9%.
SLA penalties are on a per client basis. - Approach to resilience
- Available upon request.
- Outage reporting
- Email Alerts
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
- Attribute Based Access Control (ABAC) and Role Based Access Control (RBAC) dictates everything from portal access to application access to the ability to view and modify the contents of a field. These controls extend past the user role, and encompasses the context (location, time of day and other attributes) to the field level. The primary mechanism used to manage permissions within the system is the security matrix. This defines how users can interact with each level of data, based on the way they need to interact with the data. Access settings includes deny, view, add, edit, delete, and assign.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- You control when users can access audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- BSI
- ISO/IEC 27001 accreditation date
- 20/05/2021
- What the ISO/IEC 27001 doesn’t cover
- N/A
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
-
- SOC1
- SOC2 TypeII
- SOC2 HiTrust
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
Certification and Compliance Standards 2022
SOC 1
SOC 2 Type II
SOC 2 + HITRUST Mapping
ISO 27001:2013
ISO 27017 is intended for future date
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
Components of our services are tracked through notifications.
Changes are assessed through weekly vulnerability scanning service. - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- Potential threats are assessed through internal and external vulnerability monitoring scans. These are performed on a periodic basis. Management takes appropriate action based on the results of the scans. Patches are applied quarterly as related to upgrades. Patches related to identified vulnerabilities would be applied within a week.
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- Logging and monitoring software is used to collect data from system infrastructure components and endpoint systems and used to monitor system performance, potential security threats and vulnerabilities, resource utilization and to detect unusual system activity or service requests. This software sends a message to the operations center and security organization and manually opens a problem ticket. Response times to incidents is dependent on severity.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- Yes, we have pre-defined processes for common events. Users provide report incidents through the SmartSimple support centre ticketing system. Incident reports are provided through the same support centre ticketing system. With high severity incidents, a root cause analysis is prepared and reviewed by operations management and then communicated to client.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
SmartSimple Cloud is Cloud technology enabling our UK clients to operate in a climate friendly manner. Cloud technology empowers online collaboration and reduction of the global carbon footprint. We are proud partners of AWS, hosting globally on AWS servers. AWS explains an IT company can reduce its carbon footprint by 88% by working from the cloud, while in total, UK customers of AWS have saved over 200,000 tonnes of CO2 emissions a year, the equivalent of planting an extra 400 million trees. All SmartSimple UK clients are hosted on SmartSimple / AWS.
Pricing
- Price
- £900 a unit a day
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- Login Access to a Demo site.