FUSION PRACTICES LTD

GrantsNow Ethics & Risk Management System

Simple Ethics Management, with unique capability to build your own custom forms. Configure to display your own forms for Researchers or Students, approval workflows, Risk Categorisation, hierarchies and terminology.
Automated appoval workflows to committees and provides extensive reporting suite for all progress and status reporting. Docusign for online signatures

Features

• Simple & intuitive Cloud solution
• Create your own online forms, approvals, and reports
• Risk categorisation for each application
• Audit trail of actions taken, storage of previous versions
• Reviews & approvals for ethics committees with online approvals,notes/actions
• Capability to edit and resubmit applications
• Notification of approvals/rejection to all participants
• Full Document Management Capabilities

Benefits

• Full visibility of the status of applications at every stage
• ully atomated workflows removes manual processes.
• This saves time and increases level/quality of Ethical Governance
• Integration with your CRIS system
• Secure storage of contract documents, control view and edit rights

£10,000 a unit a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at consulting@fusionpractices.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

747673748682321

Contact

Anil Passi
+442071019621
consulting@fusionpractices.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Not Applicable
• System requirements: Latest version of web browsers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We respond to questions in 30 mins.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AAA
• Web chat accessibility testing: We have Oracle Digital Assistant BOT (ODA) to provide an initial level of user assistance before raising tickets.
• Onsite support: Onsite support
• Support levels: Priority 1 (P1) - Critical: An Incident that is business-critical relating to a business outcome, (including but not limited to the financial impact) (a) affects all Users within a department; or (b) affects users carrying out vital business tasks.; ; Priority 2 (P2) - High: An Incident that is business-critical that affects a single department and either:; A production system’s processing/ effectiveness/ performance (is significantly degraded where the cause of the degradation is the fault of the Supplier and not as a result of third parties or unplanned actions of Users including, but not limited to, running unscheduled reports, the input of incorrect data).; ; Priority 3 (P3) - Medium: A fault that is business/mission-critical and affects a single User.; ; Priority 4 (P4) - Low: A fault that is not business/mission-critical. User does not need the function to perform work tasks; or; Users can continue to use function and therefore can continue to work; ; We provide a technical account manager to provide managed support services to our clients.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide users with various artefacts such as user documentation and training manuals. User training is provided while onboarding the client.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Videos
• End-of-contract data extraction: We will assist users to extract their data in Excel format or either data can be archived in zip files.
• End-of-contract process: We have a subscription-based model. The scope of work is well-defined during the contract signing stage with the buyer. Additionally, required services & support are charged extra at actual.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There are no differences between the mobile and desktop service
• Service interface: No
• User support accessibility: WCAG 2.1 AAA
• API: Yes
• What users can and can't do using the API: GrantsNow offers comprehensive API documentation, detailing endpoints for various operations (GET, POST, PUT, DELETE) along with required parameters and request body data. Data is exchanged in JSON format.; ; The API supports both Inbound and Outbound data elements for push & pull of data/batch files between systems. Users have the flexibility to create an integration platform, utilising specified endpoints to interact with GrantsNow.; ; Typical purposes of an API are for: receiving messages about changes/events, loading legacy data; receiving HR / Salary data from your HR system; integrating with your finance system to synchronise budget codes and receive 'actual expenditure' data for reporting.; ; The API documentation provides a thorough guide on authentication, ensuring secure access. Our APIs are secured with OAuth 2.0, and users are required to employ registered credentials for accessing the service through the API. Users can test the API in a dedicated test environment before deploying it in the live setting. Additionally, every API release undergoes full change control documentation, including versioning, ensuring transparency and reliability with each update.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Fusion Practices GrantsNow is the completely configurable solution. Users will have access to configure the solution as per their needs.

Scaling

• Independence of resources: Our solution is based on Oracle Cloud. Based on the bandwidth of the other users' the solution upscales automatically.

Analytics

• Service usage metrics: Yes
• Metrics types: Usage statistics and data reports
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export data in Excel format or we can assist users by archiving required data in zip format.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Oracle Cloud Service works to meet the Target Service Availability Level, or Target Service Uptime, of 99.5%. Oracle will provide buyers with access to a customer notifications portal. This portal will provide metrics on the Service Availability Level for Oracle Cloud Services that buyers purchased under the order. Users are refunded through service credits in case guaranteed levels of availability are not met. Service credits are calculated as a percentage of the net fees you have paid to Oracle for an Oracle Cloud Infrastructure Service in the month in which any applicable Service Commitment was not met and are credited to you in the calendar month following Oracle’s approval of your claim.
• Approach to resilience: It's available on request
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: We use role-based access control to restrict access to management interfaces and support channels.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 31/10/2025
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Fusion Practices' Information Security Policy guides the principles and practices to be followed by employees at all times. Fusion Practices' addresses the great importance of information security. An Apex Committee is formed, comprised of Directors, Key Managers, Administrators, Users, Inspectors and Specialists with the aim of establishing a management framework to coordinate, encourage and control the development of information security within the organization. Mr. Mukesh Jain is appointed as the CISO. Mr. Goutham Sridharan is appointed as the Management Representative. Both would be responsible for the implementation of IMS and overall security. MR / CISO will engage the professional auditing services of specialist to conduct internal audit of the organization.; ; General Functions of the Apex Committee includes:; • Examination and approval of the information security policy and general responsibilities.; • Control of major changes affecting the informational assets of the organization.; • Examination and monitoring of information security incidents.; • Authorization of initiatives aiming to improve security within the organization.; ; We ensure policies are followed by taking the following steps:; 1. By sharing the Risks with Every Employee Team; 2. By helping Employees Identify Threats; 3. By educating employees on best practices; 4. By conducting review meetings

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We follow Information Technology Infrastructure Library-based change management process where every change that goes into production is assessed, planned, and approved to eliminate any service disruptions.; ; Our change management process will follow ITIL best practices templates for emergency, normal, pre-approved changes capturing:; • Risk assessment considering business impact; • Affected application/business services criticality, collision, historical change information; • Compliance with maintenance windows.; • Review and testing of implemented changes. All change requests are documented in an electronic, access-controlled ticketing system. The workflow prevents the ticket from being moved into the 'scheduled for implementation' phase without the required review and approvals.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Penetration tests of the system are conducted at least annually. A commercial vulnerability scanning tool is configured to scan all external IP addresses and internal nodes at least quarterly. The results of vulnerability scans and penetration tests are reviewed by management. Vulnerabilities and threats are assessed, documented and tracked through resolution. Oracle Cloud Infrastructure has deployed security information and event monitoring (SIEM) solution which ingests and stores security-related logs and alerts from networking devices, hosts and other components within the infrastructure. SIEM is monitored 24x7x365 basis designed to defend and protect against unauthorised intrusions and activity in the production environment.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: OCI's deployed SIEM ingests logs and alerts from networking devices, and hosts. SIEM is monitored 24x7x365 basis designed to defend and protect against unauthorised intrusions and activity in the production environment. In the event of a security incident, Oracle Cloud Infrastructure activates an agreed protocol which includes GIS, Global Product Security, and Privacy & Security Legal, as applicable, to provide specialist subject matter expertise to respond to the incident. In the event that Oracle determines that it is required to report an incident involving the breach of personal information to a customer, Oracle will promptly notify the affected customer.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incidents, including incidents reported directly to a customer’s account manager, are recorded via an internal access-controlled electronic ticketing system. Routing, communication, and escalation of incidents vary depending on a number of factors including urgency and impact to customers. The severity definitions are detailed below. Incidents reported via My Oracle Support (MOS) or through the external user incident reporting process are routed to Oracle Cloud Infrastructure personnel and tracked in the electronic ticketing system in the same manner as an internally identified incident.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  Fusion Practices Limited is dedicated to encouraging a supportive and inclusive culture amongst the whole workforce. It is within our best interest to promote diversity and eliminate discrimination in the workplace.; Our aim is to ensure that all employees and job applicants are given equal opportunity and that our organisation Fusion Practices Limited is representative of all sections of society. Each employee will be respected and valued and able to give their best as a result.; This policy reinforces our commitment to providing equality and fairness to all in our employment and not provide less favorable facilities or treatment on the grounds of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, ethnic origin, colour, nationality, national origin, religion or belief, or sex and sexual orientation. We are opposed to all forms of unlawful and unfair discrimination.; All employees, no matter whether they are part-time, full-time, or temporary, will be treated fairly and with respect. When Fusion Practices Ltd selects candidates for employment, promotion, training, or any other benefit, it will be on the basis of their aptitude and ability.; ; Fusion Practices Ltd commitments:; • To create an environment in which individual differences and the contributions of all team members are recognized and valued.; • To create a working environment that promotes dignity and respect for every employee.; • To not tolerate any form of intimidation, bullying, or harassment, and to discipline those that breach this policy.; • To make training, development, and progression opportunities available to all staff.; ; • To regularly review all our employment practices and procedures so that fairness is always maintained.; ; Our equality and diversity policy is fully supported by senior management and has been agreed with trade unions and/or employee representatives.

Pricing

• Price: £10,000 a unit a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Buyers will have access to the complete system for a limited time period

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at consulting@fusionpractices.com. Tell them what format you need. It will help if you say what assistive technology you use.