Kumoco

Mi-C3 Affectli Software License Partner

Kumoco are a fully accredited Affectli Sales and Service partner. Our Affectli Licensing Service provides our Government Customers with the ability to purchase licensing across the platform. Kumoco 's Certified Affectli professionals, have the skills to advise on your licensing requirements to optimise your spend.

Features

• ServiceNow Implementation
• IT Service Management
• IT Asset Management
• Field Service Management
• Legal & Compliance
• Security, Risk and Business Continuity
• Service Assurance
• Cloud Management, Optimisation and Compliance
• CMDB
• FinOps

Benefits

• Single Source of Truth
• Integrate with your existing systems
• Use with mobile
• Simple Interface

£10 to £1,500 a user a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ukgov@kumoco.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

810130610607866

Contact

Paul O'Shea
02075944000
ukgov@kumoco.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: None
• System requirements: None

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: As per agreed SLA
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Yes, at an extra cost
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AAA
• Web chat accessibility testing: Fully tested.
• Onsite support: Yes, at extra cost
• Support levels: Support is tailored to customer requirements. Our managed service team are here to support you. Support is provided to SLA.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Kumoco's team will ensure your staff are ready to take full advantage of Affectli. ; Business Readiness and Training services are available.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Online Wiki
• End-of-contract data extraction: The client retains 100% ownership of their data.; A request is submitted for the preferred file formats of data extraction. The lead time would be dependent on the client's preferred Cloud Service provider's Terms & Conditions.
• End-of-contract process: End User License Agreement Terms and Conditions would apply.; ; EULA is available here: https://support.affectli.com/en/legal/endusersubscriptionlicenseagreement

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Affectli is designed Designed using Progressive Web App (PWA) technology and is always designed using a “Mobile First” approach. ; Our platform is accessible from any browser, adaptable to all devices including mobile, tablet, desktop and large monitors user a browser of choice, and it is user friendly, easy to navigate, fast, fresh and responsive.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: Affectli is the service interface.
• Accessibility standards: None or don’t know
• Description of accessibility: Affectli is accessible through a web browser of your choice.
• Accessibility testing: Fully tested.
• API: Yes
• What users can and can't do using the API: Full API support. REST, SOAP and other interfaces available.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Affectli has the ability to customise processes, reports, integrations, maps, alarms, alerts and more, as well as tailor any functionality and configuration.; ; Workflow and analytics designs can be customised, as well as Data pipeline and visualisation tools.; ; These can be customised through any elected party with authorised permissions.

Scaling

• Independence of resources: Affectli is deployed on multi-instance architecture that provides separate application nodes and database processes for each customer. There is no mixing of customer data in a shared database that would exists in a multi-tenant architecture. Affectli deploys instances on a per-customer basis, allowing the multi-instance cloud to scale horizontally or vertically to meet each customer’s performance needs.

Analytics

• Service usage metrics: Yes
• Metrics types: Affectli can provide any type of server metrics required, down to a level of granular detail. ; ; We provide both standardised Out The Box Reports and Dashboards, and customised options to suit our client's requirements.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Affectli

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: The process for the return of data follows: 1) Affectli exports the entire database. 2) Affectli provides the customer a set of instructions on how to import the data on the customer's side. Customers are permitted to store data hosted within Affectli's servers or their own servers for the duration of their service subscription.
• Data export formats:
  • CSV
  • Other
• Data import formats:
  • CSV
  • Other

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Affectli provides 99.8% availability (calculated monthly) for production instances. This design includes redundancy and fault tolerance of the entire Affectli application and platform stack, including electrical, cooling, network, security, and server infrastructure. Over the last 3 years (2020-2023), we have averaged 99.9% availability and have not fallen below 99.8% (contract SLA) in any quarter.
• Approach to resilience: Affectli utilises high availability architecture - more information available on request.
• Outage reporting: Affectli has a customer portal where all requests, changes and incidents can be logged. Customers also have complete transparency into the real availability of their production and non-production instances. Users can view the impact severity of issues and drill into incident records to view details for problems.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: The Groups and Permissions module allows the permissions admin/s to allocate users to teams and workspaces. Permissions can be managed to a granular level.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Cup Cert Ltd
• ISO/IEC 27001 accreditation date: 22/06/2020
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • SOC 2 Type II
  • ISO 9001
  • ISO 14001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: SOC 2 Type II Audited and current
• Information security policies and processes: ISO 27001:2013; ISO 9001:2015; ISO 20000-1:2011; ISO 14001:2015; SOC 2 Type 2; ; More details available on request

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Affectlil has a formally documented change management process that uses an internal Affectli instance to track change requests and approvals. All changes to production environments must go through the change management process. Change requests must include the change procedure, risk, and back out plans. Change requests are reviewed and approved by the Change Advisory Board (CAB) if client requires this approval phase. All assets are uniquely identified and audit tracking applied though the Affectli Master Data Management Engine.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Affectli's Architectural stack is customized at each layer to specifically support the only application residing in the Affectli private cloud. With the small footprint of technology required and the limited ports and services enabled, many system and security patches published do not apply to the private cloud's systems. For each published patch, Affectli follows risk-based approach to determine if the patch is to be deployed. If a patch needs to be deployed, the process follows Change Management process to identify assets, the risk and potential impact to the environment, the testing process as well as the timeline for deployment.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Affectli uses Tenable for vulnerability scanning and is also connected to a CVE monitoring portal. All CVE vulnerability are dealt with in line with our hardening and security policies (copy on request). These systems are monitored with both proactive alerting and regular log files reviews. Events are responded to according to SLA requirements.
• Incident management type: Supplier-defined controls
• Incident management approach: Affectli's documented Security Incident Response policy, process and workflow is available on request. Our Incident Response process includes event discovery, triage, escalation, notification (including customer notification) remediation, and post-mortem review.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Other
• Other public sector networks:
  • Affectli is being use by other Government agencies.
  • We have have the ability to integrate multiple
  • Public sector networks into the Affectli platform.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity

  Fighting climate change

  Kumoco is dedicated to advancing sustainability and reducing environmental impact. This Planet Policy outlines our commitments and actions as a supplier, adhering to the agreement’s provisions.; ; Environmental Commitment; ; Policy Establishment: Develop an Environmental Policy that actively supports the reduction of our carbon footprint, encourages the use of renewable energy, and aims to reduce plastics use.; ; Carbon Footprint Reduction Initiatives; ; Recycling Facilities: Build on our existing recycling points for materials like paper and plastic.; Renewable Energy Plans: Continue to ensure our facilities are powered by renewable green energy.; Business Travel Emission Reduction: Develop strategies to minimise emissions related to business travel.; Paperless Operations: Continue to adopt a paperless principle for all operations .; ; Renewable Energy Commitment; ; Energy Targets: Set a target to use 100% renewable energy in our operations by 2025 and establish a governance system to monitor progress.; RE100 Membership: Join and actively participate in the Renewable Energy 100 (RE100) Climate Group.; ; Additional Commitments; ; Environmental Initiatives: Continuously engage in initiatives that support environmental protection and sustainability.; This policy applies to all activities undertaken by Kumoco and impacts upon key suppliers and customers. We are committed to minimising the environmental impact of our operations. ; ; In particular, we will achieve this through our commitment to: ; ; comply with all relevant legislation and regulations; ; review the environmental impact of our activities, endeavour to reduce our overall environmental impact and prevent waste; ; involve employees in our environmental programme and provide -necessary guidance to enable them to discharge their responsibilities; ; work with key suppliers to encourage them to develop environmental best practice; ; improve resource efficiency (including our use of water, energy and raw materials); ; actively promote recycling both internally and amongst its customers and suppliers;

  Equal opportunity

  Kumoco are dedicated to providing equal opportunities within employment in compliance with the UK’s Equality Act 2010. We aim to foster a diverse and inclusive work environment, valuing the unique contributions of all staff, job applicants, customers, suppliers, and visitors. It underscores our commitment to fairness and equality in every aspect of employment, both in the office and remotely, irrespective of individual differences or personal characteristics.

Pricing

• Price: £10 to £1,500 a user a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ukgov@kumoco.com. Tell them what format you need. It will help if you say what assistive technology you use.