Mosaic Island

EA Tooling - Sparx EA and Prolaborate SaaS

Sparx EA combined with Prolaborate is the most popular EA modelling toolset in the world. We offer secure cloud-hosted Sparx EA and Prolaborate based SaaS solutions that cover a wide range of requirements and budgets. Our range of subscription based solutions are suitable for organisations of all sizes and complexity.

Features

• Cloud hosted, browser based access to Sparx EA client
• Cloud hosted Sparx repository (private or public)
• Prolaborate included
• Integrations - Jira, Confluence, Sharepoint (using Pro Cloud Server)
• Technical Support integrated with client 1st line support if required
• User Management (onboarding and offboarding)
• Backup/recovery services and platform operations
• Security vetted (SC, BPSS) support team (option)
• Managed upgrades to new SW versions
• Solutions for small to large teams, choice of cloud provider

Benefits

• Complete Sparx toolset offered as a single SaaS
• Browser based access to full Sparx EA suite
• Powered by AWS/Azure with a choice of Cloud location
• Fully hosted solution, fully supported by Mosaic Island
• Fully tested and managed SW upgrades - client driven
• Fully managed service - reviews, governance, documentation
• Choice of Sparx EA editions and Repository technologies
• Integration with external data sources/repositories (optional)
• Migration services (from on-premise deployment) (optional)
• Fully secure - integrated with client SSO (optional)

£110 to £300 a user a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tony.silcock@mosaicisland.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

810226968676821

Contact

Tony Silcock - Head of Operations
07595594926
tony.silcock@mosaicisland.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: We offer a choice of SLAs with different levels of Service Availability, RPO, Response and Fix times depending on your budget and needs.
• System requirements:
  • Internet connection required
  • Access via HTML-5 enabled web browsers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We have a choice of service levels available. The specific arrangement suitable for your needs/budget will be discussed as part of the initial requirements discussion.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We offer a choice of SLAs with different levels of Service Availability, RPO, Response and Fix times. Service credit models are also supported. ; ; We provide clients with a single point of contact for all service related matters. Governance for small solutions is lightweight. For larger solutions, we provide formal service governance (reporting, meetings with Vendor Management etc).
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide access to a technical user guide as part of the deployment - this shows users how to access the toolset. We also provide instructions for adding and removing users and for setting up their access rights. ; ; We also offer additional (separate) support services covering specific training and user guides for the tools. E.g for Enterprise Architects, Solution Architects, Business Process Modellers etc. Optionally we can also integrate onboarding/offboarding with your service desk.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
  • Other
• Other documentation formats:
  • MS Powerpoint
  • MS Word
  • Confluence Wiki
  • Sharepoint
• End-of-contract data extraction: We will provide the client with a full export of their repository. This will be in a format that can be readily imported into a separate deployment of Sparx EA. We can also provide an HTML based read-only version of content.; We can provide additional extracts of content in document form or as data extracts (via the Sparx API) on request.
• End-of-contract process: Exit plan is maintained within contract / standard operations. Termination notice is issued. Transition plan is agreed to implement the exit plan. Artefacts and data are transferred or destroyed as required:; ; Offboarding of all users is included.; Provision of export of repository is included.; Provision of read-only HTML version of repository is included.; Provision of additional exports at extra cost.; Migration services to load repository into a different tool at extra cost.; Other services available at extra cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: Buyers can specify a range of platform characteristics. For example: Security (e.g. VPN, SSO etc), cloud hosting arrangements (public, private, AWS, Azure etc). Editions of Sparx EA (Ultimate, Unified etc) Size of Prolaborate user base, number of repositories, URL, and so on.; ; We are happy to work with clients to add support for additional integrations, companion applications, plug-ins and add-ons.; Sparx EA has an API. ; ; We are happy to work with clients who wish to develop integrations via the Sparx API.; ; Optionally we can also provide integrations between our platform and other tools (e.g. CMDB, ServiceNow, LeanIX, DOORS etc). ; ; Users can configure the desktop environment from within Sparx.; Users can configure role based access to the capabilities of the toolset.

Scaling

• Independence of resources: We use AWS (Azure available) services to ensure complete segregation of each client's deployment so that it is not possible for one client to compete for the same resources as another.

Analytics

• Service usage metrics: Yes
• Metrics types: Included: Number of Users per month.; ; At extra cost - we can provide customer specific usage metrics aligned with the clients own KPIs.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Sparx Systems Pty Ltd, Sixth Force Solutions Pvt Ltd

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Sparx EA provides in-built data export capabilities which can be made available to specific users or user groups via role-based configuration of the user permissions.; ; Export capabilities include; XMI, CSV, .EAP, and various document formats.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Microsoft Office Compatible
  • RTF
  • XML
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XMI/XML
  • External integrations to data sources (CMDB, Catalogues etc)

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: This varies based upon the size of the installation (itself based on the number of content authors). We have a range of SLAs available commensurate with your needs.
• Approach to resilience: Available on request.
• Outage reporting: Email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: For deployment and support/operation : Resource-level access controlled by AWS IAM.
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: EY CertifyPoint
• ISO/IEC 27001 accreditation date: Not available - refer to AWS
• What the ISO/IEC 27001 doesn’t cover: This is AWS certification. Details at: ; ; https://aws.amazon.com/compliance/iso-27001-faqs/
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: SOC2 standards being followed, awaiting certification

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO 27001 controls in line with Mosaic Island Statement of Applicability. This includes a customer security assessment completed for each engagement by the engagement lead and approved by the Head of Information Security.; ; We are able to support higher levels of security as required by our clients. Additional technical options exist for clients who are managing sensitive information where restrictions around data storage, transfer and access have to be tighter than those provided in a “standard” deployment. ; ; For an extra level of security, we are able to provide a UK based support wrap comprising BPSS and SC level security cleared Mosaic Island personnel.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Change management is limited to ensuring that the latest software versions of all components are installed. For the parts of the service provided by AWS/Azure, this is handled by AWS/Azure.; ; Any major changes to the components comprising the service are assessed on a case by case basis and are tested prior to deployment for their potential security impacts.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Use AWS Trusted Advisor to monitor for potential vulnerabilities.; ; Minimise the window of vulnerability by timely application of patches from Sparx and Prolaborate.; ; Additional intrusion detection is available at an additional cost.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Underpinned by AWS and uses AWS IAM Access Analyser and CloudWatch with additional log analysis at an application level within Sparx Pro-Cloud Server.
• Incident management type: Supplier-defined controls
• Incident management approach: Via email or integration with client's trouble ticketing. Trouble ticketing can be provided at additional cost if needed.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Mosaic Island recognises the importance of environmental and sustainability issues, and how these contribute to overall climate change. We therefore consider these matters in all our business decisions, ensuring we adhere to our company environmental policy, demonstrating our commitment to the wider community and clients. Remote working has a positive impact on a company’s environmental footprint and is a huge factor into why we made a permanent shift to having a remote workforce, and closing our main office which therefore brings a reduction in our individual and business carbon footprints. We prioritise the procurement of eco-friendly products and services from local suppliers, emphasising the reduction of environmental impact throughout our supply chain and ensuring that they are produced and supplied in a sustainable fashion, do not contain toxic materials, and can be recycled and/or are produced from recycled materials. We actively seek suppliers who share our dedication to sustainable practices. By collaborating with environmentally conscious suppliers, we aim to create a network that collectively contributes to the preservation of our planet. Our services prioritise energy efficiency, and we advocate for the adoption of green technologies that align with carbon reduction goals. We also work closely with our customers to implement strategies that optimise their eco systems, reducing overall carbon footprint. We have an efficient use of equipment – by keeping our surplus electronic equipment out of the landfill. At times when our business replaces electronic items, we recycle as much as possible, by holding technology auctions to our employees. All proceeds are then donated to charity. We have introduced a work cycle scheme, encouraging all our people to be eco-friendly with their transportation. In addition, we report on our carbon footprint which helps increase transparency and accountability in our supply chain.

  Equal opportunity

  Our Diversity & Inclusion committee is in place to ensure we are prioritising an inclusive working environment. As part of this ongoing commitment to creating an inclusive workplace and to close the disability employment gap, we ensure our entire workforce undertakes compulsory training on equality and diversity. We also make sure our hiring process is inclusive, and we ensure we include language that appeals to a wider breadth of people. We also carry out work assessments which provide a framework of questions to help understand how best to cater for our people’s needs; this provides equality to all and ensures no one feels isolated. We also make sure we use the most modern and up to date technology to create more opportunities for people without restrictions, as well as operating a fully flexible working environment which ensures restrictions such as inaccessible public transport can be avoided as an example. We have clear policies that outline our position on equality including a statement on the prevention of Modern Slavery and Human Trafficking. These policies affirm our zero-tolerance approach and governs all our business dealings and the conduct of all persons or organisations with whom we contract directly or who we appoint on our behalf. We have compiled a supplier code of conduct which formally explains how we expect suppliers to operate, which includes relation to avoiding labour exploitation and driving equal opportunities. All our contracts require our suppliers to adhere to this policy and we will not engage with any supplier that does not. We have adequate controls in place to manage, monitor and mitigate such risks which inform us which parts of our Supply Chain or Business areas are most vulnerable. Our risk assessment is reviewed periodically and updated to ensure that our controls remain appropriate and robust.

  Wellbeing

  As a fully remote working organisation, it is especially important for us to combat any potential feelings of isolation and ensure our people are happy, engaged, and productive. Health and wellbeing play a large part in this and is always encouraged throughout our workforce. We conduct regular initiatives to build stronger physical and mental health, this became more apparent throughout the COVID19 pandemic where the strongest of mindsets were tested. Initiatives such as team step challenges to encourage the importance of keeping active. We also run weekly coffee mornings to ensure we communicate regularly with the team, also encouraging people to take regular breaks. We run regular initiatives for ‘mental health awareness week’, which include encouraging time spent outdoors, connecting with nature, checking in with people and taking breaks, supported by our 5 qualified Mental Health First Aiders, who act as a point of contact for all mental health and wellbeing matters. We have a Diversity/Inclusion committee which includes the topic of mental wellbeing, where monthly workshops are held. We assess risk, provide resources, promote mental wellness strategies, and evaluate the effectiveness of relevant initiatives running. Our most recent workshop was a campaign for workplace culture change called ‘bringing your whole self to work’ which empowers employees to support their own and others wellbeing. We have active Cycle Scheme and Gym membership initiatives to encourage physical and mental health benefits. We provide proactive support including Employee Assistance Programmes which provide access to support services including qualified, confidential guidance and counselling to ensure our people have the support needed. All of these topics and resources are documented on our central ‘hub’ accessed by our workforce, including details of any initiatives we run, signposting to useful organisations and helpful guidance and advice on health and wellbeing.

Pricing

• Price: £110 to £300 a user a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tony.silcock@mosaicisland.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.