INFORMOTION EMEA LTD

EncompaaS - Intelligent Information Management Platform

EncompaaS provides federated supervision and management of content across the enterprise, covering over 400 applications, including M365,
solving information management complexity via dashboards in a centralised view.

Customers work with us so they can harness the full value of information; unlocking commercial opportunity and generative AI, while maximising existing investments.

Features

• Centralised Management Dashboard
• Manage M365 content - SharePoint, Teams, OneDrive and Exchange
• Automated Discovery, Capture and Classification
• Discover, Understand and identify data for Gen AI projects
• Facilitates secure, enterprise-wide information visibility, with modern federated search
• Automates compliance using machine learning and AI
• Real time Reporting
• Discovery, Classification and Disposition across multiple repositories
• Connector Framework into over 400 applications, including structured and unstructured
• Content Intelligence - extract entities and enhance metadata automatically

Benefits

• Reduce information risk by centralising your information governance strategy
• Increase productivity by removing governance decisions from end users
• Improve compliance by automating content classification
• Help to drive adoption of M365 and digital workplace tools
• Retire applications and content to reduce operational costs
• Identify trends and patterns by using intelligent analytics
• Leverage Content Intelligence to make better business decisions
• Automatically identify data to enable GenAI safely and efficently

£10 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at grace.crossley@informotion.com.au. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

861285946368777

Contact

Grace Crossley
07368427156
grace.crossley@informotion.com.au

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: EncompaaS is a standalone SaaS information management platform, helping organisations to centralise their information and governance strategy.; ; However, the platform can be used as an extension to major enterprise applications, providing additional governance capability to M365 and Purview and providing guard rails for GenAI projects.
• Cloud deployment model:
  • Private cloud
  • Hybrid cloud
• Service constraints: EncompaaS leverages the Microsoft Azure platform to deliver our solution. As such, the security, architecture and service expectations already evaluated in G-Cloud apply.
• System requirements:
  • The user requires a Chrome or Edge browser
  • Microsoft Azure hosted service - can be provided by EncompaaS

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We are providing ticketed support (Zendesk) that is accessible from our application and also submission via email. This is included in the price.; ; Encompass will respond to support tickets based on priority. Urgent: Every 1 business hour until resolved. High: Every 4 business hours until resolved. Normal: Every 2 business days until resolved. Low: Every 3 business days until resolved
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Yes, at an extra cost
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: To complete
• Onsite support: Yes, at extra cost
• Support levels: EncompaaS provide Service Desk Support – Unlimited Phone and Email support (includes access to the Portal; Knowledge Base, and community). Service Desk Support can include multiple products and the price will vary depending on complexity. Technical Maintenance is available which includes Service Desk Support plus pre-emptive Technical System Maintenance. The client can select the frequency of this service. Functional Maintenance is also available and includes Service Desk Support plus pre-emptive Functional Maintenance. The client can select the frequency of this service.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Projects commence with either onsite or remote engagement, enabling core subject matter experts and governance or compliance teams to establish their working cadence, solution design and stand up their working model. Change Management and onboarding to transition to business as usual activities is a key goal during this engagement. ; Online documentation and help is provided through the Information Management Center, connecting through to product support.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
  • Other
• Other documentation formats:
  • Core product Support Guides are electronically available
  • Microsoft Word
  • Microsoft Excel
  • Zendesk
• End-of-contract data extraction: Customers can offboard (terminate) the service and remove their data with two primary approaches:; - The EncompaaS API can be accessed to allow the copying of data, however as EncompaaS can manage information in place, there will be minimal data to extract.; ; When an agreement is terminated by a customer who is utilising an EncompaaS provided Azure tenant, the customer environment is destroyed. All resources used by the customer environment are contained in a dedicated resource group only used by that customer. Destroying this resource group performs and immediate destruction in Azure of all resources including machines, files and databases. For customers utilising their own Azure tenant, the document linked below provides details on the process to remove all reference and data related to EncompaaS.; ; Further details around environment destruction can be found here: https://docs.microsoft.com/en-us/azure/security/azure-physical-security; ; Business services to transition, consult, import or provide any personalised export service will be negotiated with the customer and an estimate will be provided for approval prior to the commencement of any work.
• End-of-contract process: The service will remain active for the agreed term, with the option to extend and/or re-negotiate the terms, structure and conditions of the service offering.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Access to EncompaaS is via a web browser, as a cloud-based web application and has been built in a responsive framework. Chrome and Edge browsers are supported. Supported clients are primarily desktops & laptops, with some support for iPad or Android tablets running Chrome. ; ; Information creation and consumption is done through the consumer interface in Microsoft Office 365 (leveraging Office UI Fabric). For users who create and consume content, they continue to work in the specific application, such as M365. EncompaaS operates in the background transparently to end users. EncompaaS is primarily a tool for Information Management and Governance teams
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: EncompaaS provides administrative access for the configuration and management of the platform. The performance, consumption, status, troubleshooting and audit services are available to authorised staff via the Policy Monitoring Centre. Our service “EnWeb” provides a defined RESTful interface.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: Aligned to core UX/UI design paramaters - Visual Design Guidelines are part of our UI/UX design framework.
• API: Yes
• What users can and can't do using the API: Certified Partners and customers can leverage the RESTful API to create their own Apps, Connectors and integrated processes.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Customisation is achieved through the development of Apps and Connectors and the configuration of dashboards, views and policy and processes. Certified Partners and customers are able to create their own Apps to support information governance functions or connect to other applications to execute processes or leverage the data insights created by EncompaaS - for example data mining and process automation

Scaling

• Independence of resources: Elasticity and scalability of individual Azure services enable the EncompaaS platform to maintain a defined level of performance regardless of user load and processing. Most load is generated during data discovery and processing during ingestion stages, with the architecture enabling scaling accordingly.; EncompaaS monitoring and automation tools detect peaks in load and automatically provision additional resources during these times. Once a peak has subsided, resources are reclaimed, minimising consumption based costs.; On-premise connections will be impacted by outbound network pipe size, however ingestion can be tailored for off-peak hours and alternatively, content can be securely data-shipped to Azure data centres.

Analytics

• Service usage metrics: Yes
• Metrics types: Logs of all traffic and policy processing are available, including simple auditing initially, users and data discovered. A future version will provide a Policy Monitoring Centre, to view failures, status and aid troubleshooting.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: The EncompaaS API can be accessed to allow the copying of data and the XML structures with the data. For content that is being managed in place, it is still in the source system. For content that is managed within EncompaaS, where the source system has been retired, a new destination (for example a business system or a shared drive) may be elected by the customer to export their data and contents to. Audit data may also be extracted and policy data to retain history and business rules for future reference.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Additional export formats available via additional toolkit capabilities
  • Native Format
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Data can be captured in original format
  • EncompaaS provides a connector orchestration layer
  • Out of the Box capability to connect, analyze, manage
  • Leverage your content items across systems
  • It does not require bespoke software development

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • Other
• Other protection between networks: Private WAN - EncompaaS is offered via the Microsoft Azure platform, with most organisations already operating a connection between their network and Azure. All communication with EncompaaS uses https on port 443, including the API and application interfaces. This is the only port open on the EncompaaS environment. As most organizations typically allow access on port 443, it is expected that no firewall rules or network configuration is required.
• Data protection within supplier network: Other
• Other protection within supplier network: All data in encrypted at rest, including SQL databases, blob storage and search indexes. Any communication between services internally always uses the https protocol to ensure transmissions are encrypted.

Availability and resilience

• Guaranteed availability: EncompaaS leverages configured load balancing, Azure availability sets and regional failover (when configured to do so). The product utilises high availability services such as blob storage and Azure SQL to remove single points of failure. Automated environment creation, monitoring and repair ensures that should any aspect of the system fail, it is corrected.; EncompaaS target is 99.9% availablility, with no service credits.
• Approach to resilience: EncompaaS leverages configured load balancing, Azure availability sets and regional failover (when configured to do so). The product utilises high availability services such as blob storage and Azure SQL to remove single points of failure. Automated environment creation, monitoring and repair ensures that should any aspect of the system fail, it is corrected.; Capacity planning is catered for through Azure service capabililties for SQL DBs and document storage capacity. The platform is elastic and scalable as demands grow.; Detailed information is available at https://azure.microsoft.com/en-au/features/resiliency/
• Outage reporting: EncompaaS Policy Monitoring Centre provides information on performance, audits, monitoring and trouble shooting. We have internal monitoring to notify Product Staff when a critical service is out. Customer notification capabilities are planned for a future release.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: EncompaaS is specialist software for authorised users within an organisation. A user must have a valid named user account to access the platform. User authentication utilises Azure Active Directory (AAD). The EncompaaS platform delegates user authentication to AAD. Therefore, the authentication protocols and configuration implemented in your AAD implementation is used when authenticating to EncompaaS. OAuth authentication is utilised by the connection to Office365. Roles and permissions define what part of the applications can be accessed by a user.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Description of management access authentication: Leveraging AAD and Microsoft Office 365 offered multi-factor authentication, detailed information is available at https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods. If a customer already has Azure AD Premium or Enterprise Mobility + Security licenses, they already have Azure MFA and can enable this for multi-factor authentication.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Intertek SAI Global
• ISO/IEC 27001 accreditation date: 26/02/2024
• What the ISO/IEC 27001 doesn’t cover: All controls listed in our ISO27001 Statement of Applicability (SoA) are applicable to the scope of the EncompaaS platform service offering . Outside of this, some processes relating to the provision of professional service consultancy activities is not directly covered.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • Microsoft Azure trust reports and certifications
  • Located at https://servicetrust.microsoft.com/
  • Essential 8 Maturity Model Australian Cyber Security Centre (ACSC)
  • ISO27017 best practice guidelines for the information security controls

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: EncompaaS is aligned to ISO 27001 practices. ; Security is a multi faceted discipline from a software development perspective, through to business operations including customer support, service delivery, business systems, suppliers, processes and procedures to operate our organisation, as well as physical protections. ; Our software engineering philosophy is to continually review our software every sprint to reduce risk and develop robust software and leverage best practices available through our platform provide with Microsoft Azure.; PEN testing and Owasp top 10 testing is conducted daily.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We use the Agile development methodology with internal release management standards.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We perform automated penetration testing of the application to ensure known vulnerabilities are protected. The product we use for penetration testing is updated regularly when new vulnerabilities are discovered. Our product is tested at every sprint during development for the OWASP top 10 vulnerabilities (2013 and 2017 standards) and an extended list, testing over a thousand known vulnerabilities as part of our core software development procedures.; Our SaaS based vulnerability software is automatically updated with the latest vulnerabilities as they become known. If a vulnerability is detected, we are able to deploy a patch within 24 hours to rectify issues.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We perform automated penetration testing of the application to ensure known vulnerabilities are protected. The product we use for penetration testing is updated regularly when new vulnerabilities are discovered. Our product is tested at every sprint during development for the OWASP top 10 vulnerabilities (2013 and 2017 standards) and an extended list, testing over a thousand known vulnerabilities as part of our core software development procedures.; Our SaaS based vulnerability software is automatically updated with the latest vulnerabilities as they become known. If a vulnerability is detected, we are able to deploy a patch within 24 hours to rectify issues.
• Incident management type: Supplier-defined controls
• Incident management approach: EncompaaS ISMS-DOC-A16-2 Information Security Incident Response Procedure defines process clearly defines the holistic incident lifecycle, including how we identify, detect, protect, respond, and recover from an incident.; Common risks have documented procedures and a designated owner to update and maintain response protocal and induction or training procedures.; Users report incidents via a monitored email drop box or through the support channel as a Security Incident.; Incident reports are lodged centrally by the EncompaaS Incident Response Team. If an Incident Response Prodedure is activated, the Team Leader will coordinate the capture of the required incident outline. Post incident documentation is updated.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Our Environmental Policy is designed to set the framework for a series of objectives, procedures and reviews relating to our environmental performance.; In this Policy, the company commits to ensure that all our activities, whether internal or associated with services provided to our customers, are carried out without detriment to the environment, using the best available techniques and with due regard to costs; that they safeguard the environment; and promote sustainable development, based on economic and environmental considerations.

  Equal opportunity

  EncompaaS is an equal opportunity employer and is committed to ensuring that all applicants for selection or promotion are not discriminated against on any of the grounds of discrimination contained in equal opportunity laws.

  Wellbeing

  EncompaaS has established employment policies that support and protect our people from unfair treatment and to promote a fair and inclusive workplace.

Pricing

• Price: £10 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Software evaluation options available.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at grace.crossley@informotion.com.au. Tell them what format you need. It will help if you say what assistive technology you use.