Cayuse Research Commercialisation
Cayuse Inventions is a cloud-based app built to manage all aspects of commercialisation, technology transfer, and intellectual property management.
Inventions was developed with top-tier technology transfer offices to seamlessly integrate with apps within Cayuse Research Suite.
Features
- Data transparency and integrity
- On-line disclosure and agreement request
- Royalty distributions (w/ fees and cost recovery)
- Patent management workflow
- Built-in Marketing Platform
- Internal and external notification system
- Deal-flow and Start-up Pipelines
- In-platform invoicing
- Robust reporting for all departments/stakeholders
- Priortises commercialisation activities
Benefits
- Increases engagement
- Helps tech transfer teams collaborate more effectively
- Improves decision making
- Manages patent filings and renewals to protect inventors and partners
- Drives ROI
- Seamlessly connects all tech transfer data to speed up processes
Pricing
£32,000 an instance a year
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
8 7 5 3 7 6 6 5 6 7 9 0 0 7 6
Contact
Haplo
Jason Porter
Telephone: 44 (0) 7368 266097
Email: bids@cayuse.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- No
- System requirements
- Our suite can be accessed via any web enabled device.
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
During core working hour (8AM-5PM GMT) the below is for both email/ticket or phone support response:
* Critical issues are responded to within 1 hour (fix: continuous effort) * High within 2 hours (fix: 1 business day)
* Medium within 4 hours (fix: 4 business days)
* Low within 6 hours (fix: by agreement.) During non-core working hours:
* Critical issues are responded to within 2 hours (fix: continuous effort) * High within 2 core service hours (fix: 1 business day)
* Medium within 4 core service hours (fix:4 business days) * Low within 6 core service hours (by agreement.) - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 A
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- No
- Support levels
- Our standard support offering is part of the Cayuse annual subscription fee. Our technical support contact information is available on every page within the system.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Haplo products are configured for each client and integrated with institutional systems. The Haplo team work closely with each client to implement their Haplo solution.
1) Requirements gathering and specification process. Requirements information is shared via a secure online project room and reviewed at an on-site workshop with key stakeholders from the institution and the Haplo team.
2) Configuration and integration. Haplo is configured to reflect institutional terminology, organisational structure, regulations and processes. Haplo is integrated with institutional identity management and authentication systems, Student Record Systems (if using PhD Manager) and/or HR system and other institutional systems as required.
3) Testing and revision cycles. Haplo attend for a 0.5 day on-site training for key users prior to testing.
4) Deployment. Haplo work with IT colleagues to set up DNS, SSL certificate, identity management, SMTP relaying; ensuring data feeds are live and working as required; and assist with one-off data imports if required.
5) Training and user documentation. Training system is provided matching the institution's preferred configurations with suitably anonymised data. - Service documentation
- Yes
- Documentation formats
-
- Other
- Other documentation formats
-
- Word
- Excel
- Video content
- End-of-contract data extraction
- Mutually agreed format eg. csv
- End-of-contract process
- £250 per 50GB or part thereof for the export process, which includes the cost of storage devices. The user is responsible for secure courier fees.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- The user interface provides the same functionality on mobile and desktop. Mobile has small affordances to ensure a good user experience on touch devices.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
- A web based interface which enables users to find information about research, submit applications, approve other applications, submit research outputs, and collaborate with other users. Privileged users have access to configuration and service management functionality.
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- Use of accessibility evaluation tools to ensure compatibility with assistive technology.
- API
- Yes
- What users can and can't do using the API
-
REST style APIs are provided to:
- Add or change data in the system
- Receive messages about changes and events
- Access reporting information
Batch file APIs are provided to:
- Manage users and their profiles as an automated feed
- Import information
A server-side JavaScript API is provided to implement additional APIs and custom functionality.
Initial creation of an application instance is not available through an API. - API documentation
- Yes
- API documentation formats
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
Haplo is tailored to meet the requirements of each institution. The following elements are configurable:
* terminology
* organisational structure
* data received and data held about each researcher
* which workflows are included and custom workflows
* text of online forms and approval routing workflows
* business logic and business rules
* reporting
* authentication methods
* branding
* public repository interface (entirely customisable to match the existing university website.)
Customisation is generally performed by Haplo, working closing with the institution, but training is available for the institution's developers to make customisations.
Scaling
- Independence of resources
- Each application instance has a resource limit which ensures that an application cannot apply a load which would affect other instances. When an application reaches the limit, requests are still serviced without error, but at a slower rate.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Metrics are available on system usage, users and storage.
- Reporting types
-
- Real-time dashboards
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with SSAE-16 / ISAE 3402
- Physical access control, complying with another standard
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
-
Bulk export of data can be undertaken via an API.
End users (with appropriate permissions) can use the standard user interface to export data to excel (such as reports) or PDF (such as completed application forms.)
An archive process is available to export all data in a computer readable format at extra cost. - Data export formats
-
- CSV
- Other
- Other data export formats
-
- JSON
- XML
- CSV
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- JSON
- XML
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Other
- Other protection within supplier network
-
SSH with mutual authentication is used to transfer data.
Data is always encrypted in transit, even on the local private network.
Availability and resilience
- Guaranteed availability
- We offer a 99.5% SLA (not including planned maintenance). Refunds are offered on a sliding scale as a % of monthly charges.
- Approach to resilience
- Available on request.
- Outage reporting
- Outages are reported by email alerts to subscribing users.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Other
- Other user authentication
- Users accounts are automatically configured by a user feed. Users then may be authenticated by Shibboleth (UK Access Management Federation), the user's AD FS or other SAML2 federated identify management. Users external to the institution may be authenticated by username and password if required by institution policy. Legacy LDAPS support is available.
- Access restrictions in management interfaces and support channels
- Users must be granted membership of privileged user groups before they can access management interfaces and our support services.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- Between 1 month and 6 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Lloyd's Register Quality Assurance Limited
- ISO/IEC 27001 accreditation date
- 21/5/2018
- What the ISO/IEC 27001 doesn’t cover
- Our ISO27001 certification covers the entire service.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
Haplo follows a no-compromise approach to information security as detailed in our Information Security Policy.
The Technical Director has primary responsibility for information security.
The Systems Administration Team is responsible for the day-to-day safety and security of the hosted platform and the information it contains.
The Haplo team are trained to follow our information security processes during induction and during regular staff training and security updates.
The Senior Management team meet regularly to review company information security practices.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
All infrastructure and platform software is managed inside source control, with the source control version ID used to track changes through their lifetime.
To release any change, an authorised user must create and cryptographically sign a package to deploy it into production.
The customised applications running on top of the infrastructure and platform are independently versions, and Haplo works with the user's change control process to deploy changes.
A formal code review process assesses all changes for potential security impact. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Processes within our ISO27001 ISMS assess potential threats to our services.
Information about potential threats is obtained by subscribing to supplier's security notifications or monitoring dependency updates. Security issues are evaluated, and then applied within 24 hours after testing after running a full test suite. An emergency process can be used to patch more quickly if the vulnerability requires faster action. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Full auditing is enabled on all servers, recording all command and access. Logs are shipped to an independent server with separate access controls on a remote network, and analysed for anomalies.
Potential compromises are investigated by preserving all logs and data, then analysing potentially affected systems. Response is immediate to any incident. - Incident management type
- Supplier-defined controls
- Incident management approach
-
Haplo's Incident Management Policy details pre-defined processes for how we respond to incidents. Haplo classifies issues relevant to Information Security in 3 categories with different pre-defined processes for each category, reflecting different levels of security implications.
Users should report incidents to our Support Helpdesk either by ticket or telephone. Incidents will also be reported by automatic monitoring systems. Clients are kept informed regularly during the resolution of an incident.
Upon resolution, Haplo generates a report of the causes of the incident, the scope of the breach, and the actions taken, which is shared with the client.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
As a software company, we do not produce any goods or deliver any services that have any negative environmental impact. We deliver software services and products that help reduce paper use. We follow Amazon Carbon Footprint Best Practices and procedures.
With a SaaS solution hosted offsite, with providers who already have a significant commitment and ability to reduce emissions and attain carbon neutrality, this will further reduce the need for onsite data centres and the emissions from cooling and power that come with them.
Please see link here: https://sustainability.aboutamazon.com/environment/sustainable-operations/carbon-footprint
Most of our employees are home-based which helps to reduce the carbon footprint of using vehicles. Prior to Covid-19 working from home recommendations, we provided employee travel cards to encourage lower vehicle use. For our UK based employees, we are planning to apply for the Bike to Work scheme.
We do our best to find offices based in modern, environmentally friendly buildings. For instance, our UK office is housed within a shared building that has a net neutral Carbon footprint, and our Portland office is based in the World Trade centre which operational practices are environmentally compatible and provide a healthy work environment for tenants and staff. Please follow the link here: https://wtcpdx.com/about-us/
The very nature of the solution itself significantly reduced the amount of paper required in research administration by automating workflows and bringing what can be heavily paper-based activities online. - Tackling economic inequality
-
Tackling economic inequality
Our corporate responsibility starts with the workplace giving initiative called the Community Reciprocity Project. We want Cayuse employees to be able to donate funds and time to local community enrichment organizations with donation matching and volunteer time off from our company.
While Cayuse supports ground-breaking research, it’s important to be able to directly support one’s own community. Employees around the world will be able to contribute to their own communities in a direct and connected way. For 2022 we have chosen Shelter as our primary charity within the UK and are actively developing giving initiatives.
Our offices are all supported by local teams, local vendors and we strive to invest into the local community both through charity commitments, such as sourcing and funding local AED devices in our London offices. In addition, we employ a remote first policy allowing our staff to work from home and reduce the impacts of travel, for role for which office work is more suitable, we recruit locally and we use local websites to source catering, cleaning and removal services and as mentioned in 5.3.17.5 we also operate a local intern programme in the UK.
Each year we operate an intern programme for local (London based) University students to obtain up to 12 months of paid work experience. Although we don’t have a regular structured graduate programme, we do have a healthy investment in graduate recruitment, with many of our team having started life within the company as graduate hires, either returning from an internship or newly recruited. - Equal opportunity
-
Equal opportunity
Cayuse’s core values are Integrity, Inclusion and Innovation and our corporate responsibility is tied closely to these values. We act with high ethical standards to foster trust regardless of the situation and we proactively recruit, engage, and retain diverse and empowered teams.
We are an equal opportunity employer. We encourage equality and diversity among our workforce. We believe that everyone deserves to work in an environment free from discrimination, harassment, victimisation.
We oppose all forms of unlawful discrimination such as pay and benefits, dismissal, redundancy, promotion, training and development opportunities, etc.
We value our employees and have our annual ‘Impact Award’ recognition programme, where awards are given to those within the company who have gone above and beyond and have exemplified the company Values and Commitments, we also employ a continuous recognition programme. This allows everyone to recognise teammates by sharing the impact they have had by upholding the company values and commitments to our clients.
Pricing
- Price
- £32,000 an instance a year
- Discount for educational organisations
- No
- Free trial available
- No