Crayon Limited

IT Asset Management and Preservation Tooling

Leading ITAM, archiving, and SAM tools such as Flexera, Preservica, and Snow, provide active preservation, visibility, control and optimisation across IT assets, hardware, and on-premise, SaaS and cloud software. Crayon can advise, implement, manage and provide services for multiple tools, covering vendors such as IBM, Oracle, and Microsoft, among others.

Features

• Complete asset visibility and access
• IT Spend Transparency
• Licensing and IT Spend Optimisation
• Digital Preservation and Archiving
• Software Asset Management
• Cloud Cost Optimisation
• SaaS Application Optimisation
• IT Lifecycle Visibility and Resolution
• IT Risk Reduction And Audit Defence
• IT Governance and Control

Benefits

• Reduce software maintenance spend
• Reduce unnecessary license purchases and cloud waste
• Reduce overprovisioning of software
• Understand compliance, financial and security risks
• Preserve and view legacy content and file formats
• Increase renewal negotiation insights
• Remove SaaS application security risks
• Complete visibility of assets in a centralised location
• Hybrid IT visibility and optimisation
• Full realisation of IT asset investments

£30.48 a device a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders.uk@crayon.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

833432282678223

Contact

Kevin Johnson
+447495 586689
tenders.uk@crayon.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Crayon's own Software Asset Management and Cloud Economics services
• Cloud deployment model: Public cloud
• Service constraints: For high-security environments, on-premise configurations are available and may be preferred.
• System requirements: Minimum of 1 Windows server OSE

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Silver support comes as standard - SLA of 16 business hours for a response. Improved SLA's can be made available at extra cost.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Each maintenance plan is per licensed user and allows you to submit unlimited support requests for the duration of your plan. Dependent on product, there are silver, gold and platinum support plans with increasing levels of support provided. For example, silver SLA's are 16 hours, and gold reduces critical responses down to 4 hours.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: There are many facets of support available to customers including onboarding workshops, online training, user documentation, knowledge transfer, specific specialist services and full managed services.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Data may be extracted via the UI and/or via an API.
• End-of-contract process: At the end of the contract, access to the service is terminated and data deleted within 30 days. Additional services included within the contract are subject to scoping.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There are no differences.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: It is a browser based UI for operation configuration.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Testing as required for EN 301 549
• API: Yes
• What users can and can't do using the API: API access for authorised users allows for data import, management and extraction. This can be driven from user interaction and/or automated integration with 3rd party systems.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Customer specific configurations of external data and 3rd party systems are fully supported by RBAC controlled authorised users.

Scaling

• Independence of resources: By leveraging the extensive scalability of microservices of public cloud that allows for service performance to dynamically increase based on demand.

Analytics

• Service usage metrics: Yes
• Metrics types: Service and availability metrics are available via a System Status Dashboard. Metrics such as whether products are operational, scheduled system maintenance, downtime and incident reports are available.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Flexera, Snow, Other

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data is extracted via the UI or an API. Full documentation is available upon request.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • XLS
• Data import formats:
  • CSV
  • Other
• Other data import formats: XLS

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Flexera will maintain systems and controls designed to maximize Monthly Uptime, minimize unscheduled outages, and enable prompt notification in the event of any unscheduled outage. Flexera will credit to Licensee the percentage specified below of the total Monthly Fee paid by Licensee to Flexera, for any calendar month in which Monthly Uptime for the month falls within the range specified below. In order to receive a credit, Licensee must request such credit in writing within thirty (30) days of the end of the month for which it seeks a credit. ; ; Monthly Uptime % = % Monthly Fee Credited; ; 99.50% - 100% = 0%; 97.5% - 99.49% = 5%; 95% -97.49% = 10%; Less than 95% = 15%; ; If Monthly Uptime falls below 99.5% for any three (3) consecutive months, or falls below 95% in any single month, Licensee may, within thirty (30) days of the end of the month giving rise to this termination right, terminate the subscription related to the failed Monthly Uptime commitment upon written notice to Flexera.
• Approach to resilience: Information is available upon request.
• Outage reporting: There is a public dashboard made available to customers. Email alerts are able to be subscribed to.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Through standard RBAC control processes.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: TÜV SÜD Management Service GmbH
• ISO/IEC 27001 accreditation date: 08/09/2023
• What the ISO/IEC 27001 doesn’t cover: N/a
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Crayon's DPO team are based out of our HQ in Oslo, Norway. They control all the Security Policies and procedures and apply and update existing.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Cloud infrastructure and applications are managed within a change management methodology that includes processes for the request, review, approval, and verification of changes. Development and SRE; teams work together to coordinate and approve changes via the Change Management Ticketing system. For any scheduled high-risk changes, test and back out plans will be discussed before the change is approved.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Flexera uses a vulnerability management service to scan for various external facing security vulnerabilities on all systems on the network on a weekly basis. Flexera uses a 5-level vulnerability scale with 5 being the highest severity. The level 4 (critical) and level 5 (urgent) vulnerabilities are entered into the Change Management System and remediated within documented timeframes (available upon request)
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Cloud applications and servers are monitored using system monitoring applications that provide notification of critical system and application events. Industry standard tools are installed for white-box monitoring and third-party external SaaS tools for black-box monitoring.; ; Application and security logs are sent to our centralized logging service and continuously parsed for suspicious events. The Site Reliability team is alerted to any suspicious activity. The alert method will vary depending on the severity of the event. It can range from an immediate page to the on-call personnel for critical or high alerts to a daily or weekly summary report delivered via email.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents may be identified through a variety of means, both internal and external. The first priority is for the Site Reliability Engineering team to investigate and resolve any issues affecting the availability, stability, performance, or security of the Cloud services. If an Incident cannot be resolved within 15 minutes and the Incident meets the Flexera definition of a Critical or High Priority Incident; the Incident Management team will be engaged. The Incident Management team will then gather Incident information, direct restoration efforts, and send Major Incident Communications to Customers and Internal Stakeholders.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  The successful implementation of an ITAM tool enables organisations to have complete visibility of their estate and what is in use. By analysing this data, we are able to optimise an organisations estate and by acting upon this information, reduce the associated carbon footprint (e.g reduce cloud consumption and the number of services used); ; Services are delivered remotely wherever possible thus reducing emissions from consultants not being required to travel on site.; Services are delivered remotely wherever possible thus reducing emissions from consultants not being required to travel on site.

Pricing

• Price: £30.48 a device a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Proof of Concepts and Use Case Analysis options are available upon request.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders.uk@crayon.com. Tell them what format you need. It will help if you say what assistive technology you use.