Proteus AI Accelerator Hub

Service scope

Software add-on or extension: No
Cloud deployment model: Public cloud
Service constraints: The Proteus AI Accelerator, as with any other cloud based service, will be constrained by the organisation's own limitations of their communications network i.e. available bandwidth, limitations on access connectivity etc.

We regularly review the functionality, features and technology used on the Hub to ensure they continue to be appropriate, relevant and up to date. Where technology i.e. browsers or plug ins used to deliver content change are no longer supported we will advise all impacted clients and work with them to ensure the latest version can be supported e.g. Removing compatibility with older no longer supported browsers.
System requirements: Accessed on: Desktop (windows/mac), Tablet and Mobile (IOS/Android).

Minimum Operating Systems: Windows 7+, Mac OS X 10.5+.

Internet Browsers: IE9+, Chrome 17.0+, Safari v4+, Firefox 3.6+.

Download speed: 0.5mb/s to fully benefit from video resources.

Flash Plugin: required when using Windows 7 and IE.

Popups: require enabling.

Firewall: https://www.proteuslearninghub.com may need adding to your company's 'White List'.

User support

Email or online ticketing support: Email or online ticketing
Support response times: Given the nature of typical questions/support requests we provide email support which is augmented by a ticketing system and phone/face-to-face support. All client questions/support requests are responded to within 1 business day of receipt (and within two hours for a priority 1 incident). Requests received at weekends are responded to on the next business day. As part of our development pipeline, and in direct response to feedback, we'll be adding 'Live Chat' to the Hub in addition to the above.
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: No
Onsite support: Onsite support
Support levels: Proteus support arrangements work on the basis that the Proteus primary point of contact works directly with the nominated customer primary contact, who’s championing/leading the embedding and use of the Hub within their organisation, to:

• Answer questions.
• Quickly resolve any issues encountered.
• Validate and fix any identified bugs/defects.
• Provide information or support as appropriate for identified issues not directly related to the AI Accelerator Hub software e.g. client network issues etc.

Proteus service levels:
• The Hub availability/uptime 99.5% in business hours (9-5 UK local time).
• Set up new Hub users (until such time as the customer’s super users are established to do this) within 2 working days of request.
• Remove Hub users (until such time as the customer’s super users are established to do this) within 2 working days of request.
• Respond to requests for help within 1 business day.
• Respond to issues/faults within 2 hours of receipt and then,
• For High severity issues provide hourly updates until the issue is resolved.
• For Low severity issues provide updates on a daily basis until resolved.
• Support clients with any FOI requests within the timescales requested by the client.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: To help every customer get started quickly and maximise the value from the AI Accelerator Hub, and in line with the services outlined in our Pricing Document, we will work with a designated contact in the client organisation to:

• Create a corporate exclusive area for your organisation which includes your organisation's corporate logo, tailored welcome message, tailored standard email that will be sent to new users.
• Identify the different communities who are involved in change and who would benefit from accessing the AI Accelerator Hub e.g. project managers, sponsors, corporate project offices, design/BA people, change managers etc.
• Set up users using their corporate email address, as provided by the organisation’s designated contact, and a password
• Provide familiarisation support on how to use the Super User Console and administer the AI Accelerator Hub.
• Provide a getting started email for the designated contact to tailor and send out to the people within the organisation
• Provide familiarisation and ongoing coaching support on how to maximise the value of the hub to your client designated contact such that they can support others in the organisation.
Service documentation: Yes
Documentation formats: HTML

ODF

PDF

Other
Other documentation formats: To further support users we can also create video guides.
End-of-contract data extraction: Should a customer not wish to renew their licence to continue using the AI Accelerator Hub at the end of the agreed contractual period there are two options to extract their data:
Option 1: Client super users can download a csv file of all their data ahead of the licence ceasing.
Option 2: Client super users can request Proteus to provide a csv file of all their data, which will be encrypted, and then sent to the client within 5 days of the licence ceasing.
End-of-contract process: Should a customer not wish to renew their licence to continue using the Hub at the end of the agreed contractual period we will do the following which is at no extra cost:

Step 1: Within 1 day of the request to not renew – we’ll confirm in writing that the AI Accelerator Hub licence will cease on the contract end date, recommend super users obtain necessary data extracts from the Super User Console and remind the client that the licence to use Proteus approaches, resources and tools contained within the Learning Hub will cease on this date.

Step 2: On the licence expiry date – we’ll confirm the licence has been terminated; the date we’ll return all client IP included within the Hub.

Step 3: Within 2 working days of Step 2 – we’ll remove access to the Hub for all client users, remove the client's exclusive area, package up/return any client collateral that has been uploaded to the Hub e.g. logo's, customer specific IP etc.

Step 4: Within 5 working days of Step 2 – we’ll provide a final data extract of all user names and email addresses together with usage details in an encrypted csv file.

Using the service

Web browser interface: Yes
Supported browsers: Internet Explorer 11

Microsoft Edge

Firefox

Chrome

Safari
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: There are no differences in functionality between what a user can access on a desktop to what they can access on a tablet or mobile. The AI Accelerator Hub has been designed for Desktop and optimised for both Android and IOS Tablet use. The AI Accelerator Hub will work on small screen devices and as part of our development pipeline we are looking to optimise the Hub fully for mobile.
Service interface: Yes
User support accessibility: None or don’t know
Description of service interface: The Hub is cloud/web based. Once logged in, users arrive at their tailored homepage. From here they can access a mix of the following based on packages purchased:
Diagnostic Tools that are insight and action driven, proven to help create a shared understanding of what good looks like.
Capability Modules providing practical material to increase confidence and credibility in successfully delivering change.
Hot Topics providing insights on what works/doesn’t work.
A dashboard showing progress/interactions.
Intelligent Delivery Software to. manage plans and tasks including automated RAID logs and meeting minutes, which are aggregated to give portfolio reporting views.
Accessibility standards: None or don’t know
Description of accessibility: The AI Accelerator Hub meets accessibility criteria outlined in WCAG2.0 A by:
• Providing text alternatives of key messages to support images or multimedia content.
• Being adaptable and compatible with assistive technology.
• Ensuring what’s available is easily distinguishable.
• Providing keyboard accessibility.
• Ensuring any timed audio/video content can be fully controlled by the user, e.g. pause, stop, scroll, re-wind etc.
• Not having content that includes flashing images or is known to cause seizures.
• Providing navigation alternatives.
• Ensuring all pages are fully legible.
• Providing appropriate input assistance that can be accessed by assistive technology.
Accessibility testing: The AI Accelerator Hub has been tested with assistive technology. This was undertaken by a leading global authority on the use of digital technology to help disabled people against the WCAG 2.0 AA standard. We've incorporated the recommendations into our development roadmap and we've been actively working on them to improve the accessibility of the Hub.

As part of our continued commitment to ensuring the Hub is accessible to all, and in parallel to continuing to address the recommendations from the WCAG 2.0 AA review, the AI Accelerator Hub will be assessed against the new features / additional success criteria that's outlined in WCAG 2.1. As WCAG 2.1 builds on all that's available in WCAG 2.0 AA, any additional recommendations from this second review will be incorporated into our development roadmap so that they can be appropriately addressed.
API: No
Customisation available: Yes
Description of customisation: The AI Accelerator Hub can be customised in the following ways to maximise value for each client:
1. The content available to each customer is tailored based on the product and packages purchased e.g. Audit functions would use a customised set of tools and know-how that was relevant to their requirements.
2. Client Branding - the AI Accelerator can be branded and welcome messages/emails tailored to help support the organisation embed the AI Accelerator Hub in their organisation.
3. Client Specific content and products - modules can be tailored to reflect client specific exemplars, contacts and links to other organisational templates and information e.g. sharepoint.
4. Tailoring content to specific groups - within the permitted content provided under the licence, client super users can tailor content to specific groups within their organisation e.g. design community, change community, project community etc.

Scaling

Independence of resources: We guarantee our clients aren't affected by the demands of others by:
• Ensuring the Hub technical infrastructure/hardware continues to be right-sized for the current/future number of clients/concurrent users.
• Incorporating, and regularly reviewing, spare computing capacity that’s utilised in periods of peak activity.
• Utilising the auto-scaling capability within AWS, our cloud hosting provider
• Undertaking regular load tests on the database, as demand for the Learning Hub grows, and optimising the database as appropriate.

Analytics

Service usage metrics: Yes
Metrics types: In line with our stated service levels we provide the following service metrics:
1. The Hub application metrics: %age of uptime/availability.
2. Proteus support metrics: %age of users set up/removed, %age of questions/support requests answered, %age of issues fixed etc.
3. Client usage/value for money metrics: e.g. %age of client users who've actively used the Hub, %age of client users who've specifically completed the modules, %age of users who've actively used the caterpillars, checklists, diagnostic tools etc.
4. Benchmark metrics: e.g. client usage/activity benchmarked against others in the client's sector, client usage/activity benchmarked against high performing role model organisations etc.
Reporting types: Regular reports

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Conforms to BS7858:2019
Government security clearance: Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: No
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least once a year
Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402

Other
Other data at rest protection approach: All of our data at rest is encrypted using an industry standard AES-256 encryption algorithm. AWS' data centers are secure by design and their controls make that possible. Physical access is granted to approved employees only and is controlled at building ingress points by professional security staff utilizing surveillance, detection systems, and other electronic means. Authorized staff utilize multi-factor authentication mechanisms to access data centers. Entrances to server rooms are secured with devices that sound alarms to initiate an incident response if the door is forced or held open. Access is monitored and reviewed regularly.
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation
Equipment disposal approach: A third-party destruction service

Data importing and exporting

Data export approach: Within the AI Accelerator Hub clients can have nominated super users who actively manage the day to day operation of the service for their organisation. Within the Super User Console there is the ability for super users to download a mix of reports and data extracts.
Data export formats: CSV
Data import formats: Other
Other data import formats: Users can securely upload their exemplars in PDF format only.

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability: Proteus is pleased to offer our customers an availability/uptime of the AI Accelerator Hub of 99.5% uptime in business hours (9 am – 5 pm UK local time).

A financial recompense model for not meeting the service level stated above is available. During any year of the agreement, Proteus shall pay to Customer a service credit calculated as an amount equal to 1/365th of the Annual Licence Fee multiplied by the number of days that the portal was not fully available for use by Customer in that particular year.

From 2010 to date Proteus has continued to meet these availability/uptime service levels to the satisfaction of all our corporate clients.
Approach to resilience: Our approach includes:

Step 1: Reviewing all aspects of our solution to identify/reduce the probability of system failure including: infrastructure, hosting environment, application, client communication network etc.
Step 2: Having effective monitoring and alerting systems (we use DataDog, integrated with AWS) in place so our teams have real time alerts of any service disruptions
Step 3: Having in place clear contingency arrangements, i.e. different availability zones where our infrastructure will be redeployed should one experience an outage.
Step 4: Having a clear disaster recovery plan with named contacts
Step 5: Undertaking regular reviews to learn lessons/refine our resilience approach. Whether a test or real scenario we take time to: review lessons learnt and take remedial actions to further increase resilience. As part of our GDPR compliance, our incident management and disaster recovery/business continuity plans have been independently reviewed by the BSI.

Further information on our approach to resilience is available on request.
Outage reporting: 1. Proteus immediate/automatic notifications:
Within the fabric of the Hub solution we’ve integrated the DataDog alerting system which will automatically notify our team via email and Microsoft Teams immediately should there be an issue/outage associated with the software/application, database, hosting environment etc.
Once notified our IT team will immediately respond by:
• Investigating the nature of the issue immediately to determine the cause/associated fix.
• Fixing the issue to ensure it is resolved in the fastest possible time and within our published service levels.

2. Proteus notifications to our clients:
As soon as we are aware of an issue/service outage, and in parallel to actively investigating/resolving the issue, we advise our clients by providing appropriate email communications to our client primary contacts to:
• Initially notify them of the issue, the known/potential impact and any recommend available temporary work arounds/alternatives e.g. different ways to access the content, Proteus to undertake the analysis on behalf of the client etc.
• Continue to keep them advised of progress, in line with our published service levels, until the issue is closed and the full service has been restored.

Identity and authentication

User authentication needed: Yes
User authentication: Username or password
Access restrictions in management interfaces and support channels: We’ve two management interfaces:
Client Management: Our Super User Console enables clients to undertake day-to-day management of the Learning Hub, e.g. authenticating users/3rd party access as per client email protocols. Console access is restricted to individuals authorised by the client. Proteus reviews the super users with the client primary contact every 3 months.

Proteus Management: This interface allows us to effectively configure/manage and support the service for each client. Access is restricted to 2 trusted nominated employees who’ve been approved by the Proteus Directors and their credentials are authenticated using 2 factor authentication.
Access restriction testing frequency: At least every 6 months
Management access authentication: 2-factor authentication

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: QAS International
ISO/IEC 27001 accreditation date: 05/11/2024
What the ISO/IEC 27001 doesn’t cover: N/A
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: No
Other security certifications: Yes
Any other security certifications: Crest Approved Web Application Penetration Testing Report, 9th December 2024.

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: Our security governance and underpinning policies and procedures:

• Are aligned with the Government Cloud Based Services Security 14 Principles and Information Principles
• Incorporate best practice from the ICO and have been externally reviewed by the BSI.
• Reflect best practice from our clients e.g. Financial Conduct Authority, etc.

Our information security policies/procedures are over and above strict adherence, by our consultants, to each client’s own information security policies and procedures. These include:

• Information Security and Data Protection.
• Vulnerability management.
• Configuration and change management.
• Protective monitoring.
• Incident management.

Our reporting/governance structure ensures policies/procedures are adhered to by:

• Appointing the BSI to undertake the DPO role for Proteus so we can continue to benefit from their expertise.
• Ensuring security processes/procedures are embedded at all levels including:
1. Board Level:
2. Company Wide:
3. Partners:

Operational security

Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach: Our configuration/change management processes ensures our service components are tracked through their lifetime and any potential security issues assessed/mitigated by:

• Utilising standard tools for configuration and development, including Jenkins for managing pipelines and deployments, GitHub for code version control, etc
• Complying with the latest OWASP standards when making changes e.g. all fixes/improvements are unit tested, integration tested, acceptance tested and then regression tested before deployed etc.
• Undertaking a full application Security Test every 12 months with a CREST accredited company.
• Adopting best practice when making non IT/content only changes e.g. publishing a new module etc.
Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach: Our vulnerability management process includes:

• Identifying potential threats by: 1)Running intrusive protective monitoring software to identify and address any potential threats or vulnerabilities. 2)Undertaking an annual IT Health Check with a CREST accredited company. 3)Liaising with our client’s security teams to share information on identified vulnerabilities.
• Assessing threats by determining the impact to our service/clients data and assigning an appropriate severity level e.g. critical.
• Using an accredited hosting company AWS, who are responsible for patching and fixing any issues/vulnerabilities within the infrastructure
• Automating core blocking rules to immediately address threats/vulnerabilities when certain thresholds are exceeded.
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: Our protective monitoring includes:

1.Identifying suspicious activities by:
• Running DataDog protective monitoring software which immediately alerts our team.
• Using AWS service CloudWatch to provide all our logging (including custom logs). Logs are grouped by environment and can be broken down further by timestamps.
• Undertaking a full IT Health Check every 12 months with a CREST accredited company.
•Liaising with our client’s security teams to share information on identified vulnerabilities.
2.Analysing audit events/reports within 24 hours of receipt to identify required actions.
3.Taking action to address
4.Providing communications to our clients.
5.Providing quarterly visibility to the Proteus Board.
Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach: Our incident management process includes:

1. Having defined/documented processes for specific events e.g. a hardware/software failure, a data protection breach, a security issue, a client data recovery/restore due to misuse by their personnel etc, including identification and immediate next steps
2. Providing clients with a primary day to day contact to report incidents to and a Director should an issue/incident need escalating.
3. Having clear service levels of how we will respond.
4. As part of our quarterly reviews we provide clients with any priority incident reports covering how the incident manifested, was addressed and key lessons learnt.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: No

Social Value

Equal opportunity
Wellbeing

Equal opportunity

Through our AI Hub and supportive services, our technology is disruptive in the sense that it gives clients access to predictive AI enabled functionality to predict the future risk profile of transformational change and thus enables us to give customers lower cost and/or higher quality goods and services in the long term.

Wellbeing

Through our AI Hub and supportive services, our technology supports wellbeing in the sense that it gives clients access to predictive AI enabled functionality that takes stress, ambiguity and uncertainty out of reviewing and assessing the health of change. It also created objective data driven insights that reduces conflict and enables people to position difficult messages in an easier way, reducing stress and anxiety. Our tools support better prioritisation of effort and also creates a sense of community through the community function to share insights and support other colleagues and members of your change community.

Pricing

Price: £30,000 a licence a year
Discount for educational organisations: Yes
Free trial available: No

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Proteus AI Accelerator Hub

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents