Wovex

Wovex Benefits Realisation Management

Wovex is for:
1. Teams and people performing benefits realisation management.
2. Organisations wanting to standardise benefits realisation management.
3. Portfolio and PMO areas wanting to automate and improvement benefits realisation management.
4. Managers who need to justify business cases and then report on benefit and outcome performance.

Features

• Benefits Mapping - workshops, business cases and strategic alignment
• Benefit/Measure definition - standard libraries
• Benefit/Measure tracking - automation, import, integrations/API
• Benefit/Measure standard calculations and create own
• Reporting and visualisations - ad-hoc and regular governance cycles
• Options analysis for a project/initiative - benefits compared
• Scenario and portfolio analysis for multiple projects/initiatives
• Tables and spreadsheets - automated financial and non-financial
• Scorecards to agree what measure data needed and when
• Early warning of risk of missing objectives

Benefits

• Less time and cost to manage business benefits and outcomes
• Meet benefit targets more consistently and confidently and communicate this
• Faster reporting on benefits with proven dashboard templates
• Easier agreement on which Benefits and Measures to manage/achieve
• Efficient tracking data collection from large numbers of people created
• Informed/trusted/evidence-based/Real-time benefits information available
• Simpler and more convenient management of business benefits
• Reduced risk of poor business impact from non-delivery of benefits
• Easier decisions on initiatives and portfolios to optimize business value
• Central source of business benefit information - planned, delivering, achieved

£40 to £510 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@wovex.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

978485436985991

Contact

Trevor Howes
+44 (0)1978 520627
contact@wovex.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No significant constraints.
• System requirements:
  • Access to a standard internet browser
  • That the URL for your Wovex environment is accessible

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Acknowledgement response within 5 minutes.; High-priority issues within 1 hour.; Lower-priority issues within 24 hours.; The weekend is 24 hours.; Separate service levels can reduce these times e.g. during critical periods, some customers require all tickets to be responded to within one hour for working days and weekends.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: We user chat provided by Intercom, who have tested with assistive technology users. Wovex has not performed its own independent testing.
• Onsite support: Yes, at extra cost
• Support levels: Low/Normal priority: 80% SLA Same business day. Included in licences.; High priority: 80% SLA Within two business hours. Included in licences.; Urgent priority: 80% SLA Within one business hour. Included in licences.; All customers at Enterprise level have a Technical Account Manager.; ; For 'Enterprise' customers a Technical Account Manager is allocated.; Extra support business meetings with a Business Manager is £200 per hour.; ; Onsite support service is available through Wovex partners at rates dependent on the level of expertise, location and availability needed. For example, during which times of the day and if weekdays/weekends.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Online training, user documentation and guidance steps in the software.; Web-based Q&A sessions for new customers.; by request, we can provide training environments.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Exported spreadsheets of data.; Downloaded images and pdfs for visual benefit maps.; PDFs for Dashboard outputs, Profiles, Scorecards, and Impact Assessments.
• End-of-contract process: Included in the cost:; Access to extraction functions for the data, as mentioned.; Options are available for retention of the database, e.g.; - Delete it and all backups.; - Archive on 'cold' storage - so it can be restored.; ; Additional cost:; Wovex performing the extractions for you.; Retention of the database for later access in non-cold storage - so, if required, the database and access can quickly be available again.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Restful APIs - setup systems as users with own credentials, ; Data can be pulled from Wovex (GET) and also loaded into Wovex (POST).; The system needs to authenticate itself with the Wovex system to show that it is known and trusted.; To GET information, the system must make multiple requests, depending on the data needed.; For example, to pull all generated dashboard data to be recreated in Power BI or Tableau.; ; To POST information, for example, into a time-series, then values for Date, Measure ID and Initiative ID are required.; Every POST request will receive a response with a message on if it was a success or failed. These responses will need to be checked, and any actions needed to be taken by the system.; Wovex will also store a log of successes/failures to support the management of the API.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Benefit map default shapes and colours, pick list values, headings on most screens, help text, various settings. In the highest level editions: tooltip text, field names, form layouts, role permissions, security settings, default naming of items, images. Links to help URLs, naming of time periods for tracking, forms used to collect data from users, multiple lists and colours of values e.g. for Scorecards, Impact Assessments.; Weightings and criteria to perform scenario analysis.; If users can self-register with a company email address.; Multiple settings for how Scorecards and Impact Assessment functions work.; On some screens the users can select the columns seen, ordering and column size.; Company logo and name.; The Admin area has the functions to customise the settings.; Also, Impact Assessment and Scorecard areas have their own settings.; We also support development days, paid for by the customer, to add to the software.; The higher the level of software edition, the more you can customise.; Some customisations are available to all users e.g. column widths/ordering. Other to just the Admin user. Wovex uses role based permissions, and some permissions relate to access to customisation options.

Scaling

• Independence of resources: All customers have their own database and app, i.e., the database you use is not shared with any other customers (single-tenant).; Our resources are monitored in Azure elastic resource pools to ensure capacity meets demand.; These are actively managed to ensure pools keep available resources available. ; Customers can have their own dedicated resources for an additional £600 per month/£6k per annum.

Analytics

• Service usage metrics: Yes
• Metrics types: User access - date/time and if successful.; User changes to data - date/time, value before and after.; Number of users, types of user, when invited/changed licence level and who performed the action.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Through 'Manage Data' export functions:; - Spreadsheet ; - RestAPI; ; Maps and individual : Download as images.; Reports/Dashboards: PDF.; Benefit and Initiative Profiles: Spreadsheet.; Detailed reporting data can be sent to Microsoft PowerBI.
• Data export formats: Other
• Other data export formats:
  • Spreadsheets
  • PDF
  • PNG/JPG/SVG
• Data import formats: Other
• Other data import formats:
  • Paste of text (line or comma separated)
  • Spreadsheet templates
  • RestAPI

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The service is 99% available 24 hours per day, 365 days per year.; Response Expectations and credits, if missed.; 1 credit = £3 refund.; ; Priority 1 (5 credits) ; Status communicated every 3 Business Hours.; Criteria: The entire Managed Service is completely inaccessible. ; ; Priority 2 (4 credits) ; Resolution or action plan communicated within 8 Business Hours. ; Criteria: Operation of the Managed Services is severely degraded, or major components of the Managed Service are not operational and work cannot reasonably continue. ; ; Priority 3 (3 credits) ; Resolution or action plan: Configuration fixes: Within (10) Business Days after response Software fixes: next release. ; Criteria: Certain non-essential features of the Service are impaired while most major components of the Service remain functional.; ; Priority 4 (2 credits) ; Resolution or action plan: When reasonably possible. ; Criteria: Errors that are, non-disabling or cosmetic and clearly have little or no impact on the normal operation of the Services.; ; Priority 5 (1 credit) ; Resolution or action plan: When reasonably possible. ; Criteria: Customer requests basic information or a product enhancement that is currently not part of the specification or product roadmap.
• Approach to resilience: We offer the ability to host your service across multiple data centres, availability zones and geographic regions. ; We use Microsoft Azure data centres that provide in-built resiliency across energy suppliers, cooling systems, telecoms networks etc.; Automated backups are made, and you can revert or restore data to a ‘known good state’. ; Wovex undergoes annual vulnerability assessments and is updated with security patches and updates as necessary.
• Outage reporting: Email alerts are provided.; For key customers (Enterprise level) the relevant account manager will contact you personally.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: Management and support channels are not published on the client side.; Processes are in place for customers requiring additional restrictions, with standard responses to anyone contacting support e.g. referring back to approved support route.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Our security governance is regularly and formally assured by the UK Ministry of Defence (Army).
• Information security policies and processes: For later

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All assets/components, configurations and dependencies of the Wovex service are tracked with multiple systems including Azure DevOps and Azure Datacentre/Database/Application etc. services. ; ; This enables Wovex to identify, assess and manage changes for potential security impact and this awareness enables us to fully mitigate vulnerabilities.; ; Security mechanisms are in place to detect and prevent unauthorised changes to deployed service components and their configuration.; Wovex will give you appropriate notice before making changes that affect how you use the service or your ability to use the service.; Wovex implements all technical changes automatically and consistently across our infrastructure.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We use Azure Defender on all applicable services and review scans and information.; Intruder.io performs daily scans for: Vulnerable software & hardware, Web Application Vulnerabilities, Attack Surface Reduction, Information Leakage, Encryption weaknesses, Common mistakes & misconfiguration. ; Also, monthly internal app checks with an agent based scanner.; Critical patches are applied within 24 hours, less critical monthly and low priority with general updates.; Potential threat information from: ; x.com: thecyberthreat and cybersec4u ; nist.gov/cyberframework; iso.org/standard/27001; DefStan_05-138_issue_3.pdf; iasme.co.uk; owasp.org/www-project-top-ten/; ncsc.gov.uk/collection/cloud/the-cloud-security-principles; cisa.gov/known-exploited-vulnerabilities-catalog; exploit-db.com/exploits/49864; learn.microsoft.com: assurance-risk-assessment-guide, shared-responsibility, azure-resources-to-assess-risk-and-compliance; intruder.io.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Reports from Azure Defender, Intruder.io, Azure Datacentre and service alerts, in-app automated alerts, and the app's access log. Wovex employees.; Responding: We have an incident management policy, log and SLAs.; Responses are dependent on the severity of the incident, category and type. The incident is triaged and categorised with a Security incident classification framework For each incident severity level, there should be an escalation and notification process that is either part of or coupled with the triage process. ; For Class 1 and Class 2 incidents, notifications are made by phone 24/7.; Class 3 incidents, during business hours within 24 hours.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Yes, we have pre-defined processes for common events, defined in an Incident Management Policy and Log, and in a Business Continuity policy.; 1. Preparation.; 2. Detections & Analysis. ; - Detection; - Triage; - Escalation and notification; - Analysis; 3. Containment; 4. Eradication; 5. Recovery; 6. Post Incident Activity; Users report issues through Messanger (in app and wovex.com,), email: support@wovex.com, phone: +44 (0)1978 520627; Incident reports provided by email and, if required, phone/web calls.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  We are working towards net zero greenhouse gas emissions.; Our system enables customer organisations to focus on the agreement and delivery of benefits/outcomes. For example, staff, suppliers, customers and communities to manage and impact environmental protection and improvement.

Pricing

• Price: £40 to £510 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: 14-day free trial of our 'Essentials' Boost 2 version.; Features included for mapping, benefit registers, benefit tracking, basic reporting.; Features not included for advanced mapping, tracking, calculations, governance dashboards, impact analysis, scorecards, scenarios, benefit/initiative profiles, SSO, APIs.
• Link to free trial: Www.wovex.com

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@wovex.com. Tell them what format you need. It will help if you say what assistive technology you use.