Carradale Futures LLP

SOPHIA

SOPHIA is a cloud-based platform designed to streamline processes and improve governance document management. It provides a centralised solution for creating, storing, and managing policies, procedures and interactive, step-by-step workflows. SOPHIA ensures quick access to accurate, up-to-date information, enabling teams to improve efficiency, maintain compliance and follow best practices.

Features

• Centralised storage for policies, procedures and workflows
• Interactive processes and checklists with media and step-by-step instructions
• Process maps auto-generated from workflow steps
• Full version history, change log, approval management and alerts
• Full analytics; usage data and compliance dashboards
• AI assistant turns documents into interactive step-by-step instructions
• Global library of over 1,000 SOPs templates
• eSignature capability and embedded quizzes to support training
• Access on mobile and tablet for seamless, on-the-go use
• Enhanced full text search for quick access to information

Benefits

• Reduce unwarranted variation through structured processes and real-time monitoring
• Ensure quick access to the latest policies and procedures
• Reduce training time with quizzes and interactive task-based instructions
• Ensure consistent, high quality outputs across teams
• Increase productivity by reducing manual errors and delays
• Organise and access governance documentation seamlessly
• Track usage and evidence robust governance
• Improve staff experience and foster a culture of continuous improvement
• Streamline processes by centralising policies, procedures and workflows
• Quickly manage and update content, simplify SOP creation with AI

£60,000 to £120,000 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at matt@carradalefutures.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

900429999498777

Contact

Matt Gee
07775896310
matt@carradalefutures.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements: Internet connection

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Critical Level: Acknowledge receipt of Critical Level Defects within 2 working hours; 4 working hours to provide a solution or a plan for a solution.; ; High Level: Acknowledge receipt of High Level Defects within 4; working hours (of a Working Day); within 2 Working Days, be in contact to provide a solution or a plan for a solution.; ; Medium Level: acknowledge receipt of reproducible Medium Level Defects within 1 Working Day; within 10 Working Days, provide a solution or a plan for a solution.; ; Low Level: Acknowledge receipt of reproducible Low Level Defects within 2 Working Days.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: N/a
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide onsite training, online training as well and also access to our eLearning platform which contains 100+ hours of instructional videos - www.SOPAcademy.university
• Service documentation: No
• End-of-contract data extraction: Any SOPs content can be downloaded as PDFs
• End-of-contract process: At the end of the contract, access to the platform will be terminated

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: N/a
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: No

Scaling

• Independence of resources: The service is hosted in Microsoft Azure environment. The servers are constantly monitored and scaled to meet demand

Analytics

• Service usage metrics: Yes
• Metrics types: Managers and admins can review utilisation by SOP, SOP Area, User, Team, Site.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Any SOP can be downloaded as a PDF. All reports can be exported into excel.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Excel
• Data import formats: Other
• Other data import formats: Word

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: N/a
• Approach to resilience: Available on request
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: N/a
• Access restriction testing frequency: Less than once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We adopt best practice as advised to us
• Information security policies and processes: System Administrator is responsible for security practices at Carradale Futures and also carries out the day to day operations and configuration and management of Carradale Futures’ computer equipment and networks; All Managers and supervisors must ensure that all appropriate personnel are aware of and comply with all relevant policies and that they create appropriate performance standards, control practices, and procedures designed to provide reasonable assurance that all users observe this policy. ; Violations may result in disciplinary action in accordance with company policy to include the termination of contract or cessation of work being carried out on the company’s behalf.; Defined policies include the use of the Internet and Email Policy, management of access codes and passwords and treatment of person identifiable data.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All the changes are built taking into consideration backward compatibility and scalability. With each change the security aspects are reevaluated
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Potential threats are discovered during analysis sessions and solution implementations. They are tracked and evaluated before a release.; Depending on the complexity of the solution of a threat the deployment time can vary from a few hours to a few days.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Potential compromises are discovered during analysis sessions and solution implementations. They are tracked and evaluated before a release. Depending upon the complexity of the solution of a compromise the deployment time can vary from a few hours to a few days.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Currently we manage incidents on the spot based on email support requests. Our Maintenance and Support section in our contracts details how how users report incidents and how Carradale provides incident reports.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  By reducing unwarranted variation, we help to ensure that all customers or clients of our clients' services receive the same treatment.

Pricing

• Price: £60,000 to £120,000 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Time limited to 3 months

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at matt@carradalefutures.com. Tell them what format you need. It will help if you say what assistive technology you use.