Sopheon UK Limited

Sopheon Accolade Software as a Service

Our enterprise innovation management software (Accolade) aligns and connects an organisation, drives best-practice innovation processes and enables fast, iterative decision-making.

Accolade balances the rival needs of running innovation and other strategic initiatives with efficient and consistent governance, and enables flexibility, agility, and rapid communication across and between teams.

Features

• Strategic Initiative Management
• Innovation Management
• Portfolio Management
• NPD. Product Development
• Stage Gate Automation
• Scenario Planning
• What-if Analysis
• CAPEX Investment Planning
• Ideation
• Resource Planning

Benefits

• Make better, faster decisions
• Assess and select the best project / product to develop
• Informed Go / No-Go decisions at each gate / TRL
• Compare scenarios to decide which delivers maximum value
• Reduce duplicate developments
• Help identify future technologies
• Collaborate with innovation network - industry and universities
• Great data security to ensure access control management
• Road mapping integrated to innovation / development process
• Clear view of resourcing requirements over multiple years

£300.00 to £1,080.00 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tim.sharp@sopheon.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

910401860406046

Contact

Tim Sharp
07736519009
tim.sharp@sopheon.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: Microsoft stack only.; Support is currently available in tiers ranging from 8/5 - 24/5 with pricing consequences. ; Extended support beyond the above can be discussed case by case.
• System requirements:
  • Modern internet browser (IE, Edge, Google, Mozilla, Firefox, Safari)
  • Optional Office Products (Word, Excel, Powerpoint)
  • Optional Email Products (Outlook)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 1. Critical -System down, data lost, or business severely affected, and no work-around is available. 2 business hours.; 2. Major - Use of Licensed Software is severely restricted or a sub-component of the Licensed Software is non-functional. 4 business hours.; 3. Minor - Cosmetic defect or minor malfunction that does not cause a material software or system failure. 24 business hours.; 4. Query - General questions and requests for enhancements. 48 business hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Standard: ; 8 hours of coverage Monday-Friday ; Product releases; Bug fixing; Custom = billable; Cost is included in the SaaS fee; ; Extended – Standard plus:; 16 hours of coverage Monday-Friday; Cost is an additional 4% SaaS fee; Optional billable - include configuration support: creation of new templates/reports; ; Premium – Extended plus:; 24 hours of coverage Monday-Friday; Cost is an additional 10% SaaS fee; Optional billable - include all upgrades, including re-stitching
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide a mix of onsite, online and user documentation for training and context sensitive help.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: A customer can export most data using standard Accolade functionality prior to termination. For example: Excel Table Wizard, HTML Reports, Dashboards, Web API, Project Export.; Customer data handover consists of a database backup (currently SQL Server). After confirmation of receipt, data is then purged from systems and backups.
• End-of-contract process: Handover upon Termination. In the event that the Service is terminated or not renewed, at Client's request Sopheon will hand over to the Client, or to its nominee all data stored on the Client's behalf on readable data storage media or by other mutually agreed means and all objects, computer programs or any other material to which, under the terms of the Master Agreement and any applicable Orders, the Client has right of ownership or right of use extending beyond the duration of the term for the Services. To the extent that such handover takes place prior to the end of such term Sopheon shall remain entitled to fees as though the Services had continued to be provided throughout the term. Client shall pay fees and costs to Sopheon for the handover as professional services in addition to any taxes, insurance, shipping and handling costs that are incurred.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems: Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Accolade Go / Mobile is a small subset of functionality targeted at a specific set of tasks when a full laptop or desktop computer may not be available. Responsive designs / screens can be created for mobile also using layouts for additional functional areas.
• Service interface: No
• User support accessibility: WCAG 2.1 AAA
• API: Yes
• What users can and can't do using the API: REST based API using JSON data sets.; Almost all end user functionality is available through the API.; A small subset of configuration/management functionality is available through the API.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Accolade is highly configurable, and customization is typically not needed.; Buyers can have Sopheon Consulting customize the service as part of a statement of work.

Scaling

• Independence of resources: Servers are sized and configured based on the guidelines in the Accolade Hardware and Software Requirements and updated as Customer’s usage changes over time (as part of Sopheon’s managed hosting service). CPU, Disk, and RAM are monitored and adjusted over time for any unique usage cases or system growth.

Analytics

• Service usage metrics: Yes
• Metrics types: User Login History.; User License Allocation.; User reports based on data changes are quite often configured by/for customers to analyze customer business process; ; In addition, Accolade provides a Data API for extract to other analytical tools.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export most data using standard Accolade functionality. For example: Excel Table Wizard, Excel download, HTML Reports, Dashboards, Web API, Project Export.; ; In addition, the Accolade Integration Engine is an option which enables connectivity to other Enterprise applications. Sopheon has many pre-configured integrations available, for commonly used applications, and/or our Consulting Services can easily create new integrations as part of a Statement of Work.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XLS
  • HTML
  • JSON
  • Smart Office Integration
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XLS
  • JSON
  • Smart Office Integration

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Sopheon warrants that, other than during periods of reasonably scheduled maintenance as may be provided to Client with advance notice, the Software as a Service will be provided with a monthly uptime of at least 99.5%. Support and error handling for hosting is administered in accordance with the maintenance procedures set forth in the Master Agreement
• Approach to resilience: In Accolade Cloud, each customer has an individual instance, and the default pricing and configuration is to run non-redundant systems with spare capacity onsite and offsite for recovery. This configuration has historically exceeded the standard SLA. Accolade Cloud is operated from four production datacenters (two in the EU and two in the US) which provides redundancy and capacity. Backups are every 6 hours and are replicated offsite to dual regions. ; Higher Accolade Cloud DR capabilities can be contracted.
• Outage reporting: E-mail alerts to designated e-mail addresses.; incident reports/communication from support to named contacts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: Accolade relies on external authentication with rights and roles assigned within the application for visibility and functionality.; The Accolade login ID is linked to the customer infrastructure via Single Sign On and all password and login management is done within the customer source, including MFA. If a customer can not utilize SSO, then Accolade Cloud Active Directory accounts can be utilized along with custom password policies to adhere to any customer specific password requirements.
• Access restrictions in management interfaces and support channels: System administrators and database administrators can only access systems through back end network including MFA; ; Application access for IT and Support is controlled via SSO to corporate active directory.; ; All accounts are managed via Active Directory and Active Directory groups.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: ISOQAR Inc
• ISO/IEC 27001 accreditation date: 24 October 2019
• What the ISO/IEC 27001 doesn’t cover: All proposed services are covered (development, implementation, support and hosting services).
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • SOC 2® examination of controls relevant to security
  • McAfee's CloudTrust™ rating of McAfee Enterprise-Ready™
  • ISO 14001 (data centre)
  • ISO 9001 (data centre)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: AICPA SOC 2 CONTROLS RELEVANT TO SECURITY AND CONFIDENTIALITY.
• Information security policies and processes: Sopheon operates an ISMS adhering to the controls for ISO 27001 audits and SOC2 Type 2 examinations.; Processes and procedures ensure that data remains confidential and available. Information Security Policies and Procedures regularly reviewed and updated. Risk assessment and reviews performed.; Customer administers users authorization.; Customer verifies application during user acceptance testing before each upgrade.; Sopheon has secure colocation centers with physical security. Data is encrypted and access only available to Sopheon and customer. ; Dedicated application servers for each customer, dedicated databases for each customer ensures separation of customer data.; Change control policies and procedures ensure updates and modifications are applied consistently, are tracked and are traceable. In addition to change control policies and procedures, incidents follow a structured process.; Sopheon analyzes both internal and external sources for risk and follows the ISO 27005 framework.; Sopheon controls access to and monitoring of the infrastructure and data. The colocation centers provide power, physical rack space, and internet. In the IAAS model, Sopheon controls the servers and data.; Sopheon has employee hiring, development and termination procedures. ; The security program is overseen by the Director of IT, with initial training and annual sessions for both IT and Support staff specific to hosting operations.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Change control policies and procedures ensure that updates and modifications are applied consistently, are tracked and are traceable. In addition to change control policies and procedures, incidents follow a structured process to ensure collaborative resolution and future prevention.; Software development follows a structured SDLC modeled on Agile Framework.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: The Accolade product is tested as part of each development release cycle as part of the SDLC. Secure coding standards, peer code reviews, manual and automated testing as well as OWASP. ; Monthly unauthenticated external penetration/vulnerability scans are performed against all public URLs - automated, with manual remediation. ; Internal Information Systems are scanned with industry standard security vulnerability scanning software upon regularly scheduled intervals.; Discovered vulnerabilities are remediated as follows a) Critical vulnerabilities are remediated within 30 days. b) High vulnerabilities are remediated within 60 days. c) Medium and Low vulnerabilities are remediated as necessary based on risk impact.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: The Accolade product is tested as part of each development release cycle as part of the SDLC. Secure coding standards, peer code reviews, manual and automated testing as well as OWASP. ; Monthly unauthenticated external penetration/vulnerability scans are performed against all public URLs - automated, with manual remediation. ; Internal Information Systems are scanned with industry standard security vulnerability scanning software upon regularly scheduled intervals.; Discovered vulnerabilities are remediated as follows a) Critical vulnerabilities are remediated within 30 days. b) High vulnerabilities are remediated within 60 days. c) Medium and Low vulnerabilities are remediated as necessary based on risk impact.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Sopheon provides Tier 2 support. Customers report incidents through phone or e-mail. ; When an incident is received it is immediately logged, classified and assigned to a Support Engineer for resolution in a incident management tool. ; Support Engineers work cross-functionally with Software Development, Product Management, Infrastructure, QA, UX Design, Technical writing, etc. as required to identify root cause and provide complete resolution; Incident reports are distributed to named contacts.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Equal opportunity:

  Equal opportunity

  Equal Opportunity in Contract Delivery:; ; It is a core Sopheon value to foster inclusion and a spirit of equality. We commit ourselves to valuing diversity and creating an environment that treats all with dignity and respect. Part of Sopheon’s Equal opportunity training encourages all employees to create an inclusive environment, whether this be internally, or externally with customers who come under contract, and in contact with the Sopheon Solution. Sopheon’s Solution comprises both software and consultancy:; ; Software: Sopheon’s software is WCAG 2.1AA compliant, meaning we take action to increase the accessibility of our software for disabled people in the software user community. This in turn supports disabled people in developing new software skills relevant to our contracts, including training.; ; Consultancy: All matters pertaining to selling, delivering, hiring, training, and engagements during the contract delivery is administered solely on merit. This is regardless of race, color, creed, religion, ancestry, national origin, sex, age, sexual preference, marital status, status with regard to public assistance, or disability.; ; All levels of management and staff are responsible for applying the Equal Opportunities Policy. The Company will treat any complaint of discrimination very seriously. If a customer believes they are being discriminated against, he/she may ask for the matter to be dealt with through our Grievance Procedure.

Pricing

• Price: £300.00 to £1,080.00 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tim.sharp@sopheon.com. Tell them what format you need. It will help if you say what assistive technology you use.