Hitachi Consulting UK Ltd

Finance Back Office Modernisation

Hitachi Consulting is offering a solution to accelerate customers in realising the benefits that Cloud applications provide, but within predictable timeframe and costs. By choosing from a set of off-the-shelf pre-defined offerings, we can provide a pragmatic approach to your software implementation, delivered by a trusted, experienced and professional team.

Features

  • Business Case Development
  • Cloud Readiness Assessment
  • Industry Specific Solutions and Processes
  • Standardisation on Best Practice Processes
  • Templated configurations and best practice processes across different industries
  • Pre-developed content and tools to accelerate implementation
  • Deployment of specific bolt-on modules or full Financials implementations
  • Packaged offerings for a range of options and scenarios
  • Deployed via the Oracle Public Cloud
  • Change management support for organisation structure design and workforce engagement

Benefits

  • Accelerated implementation timescale with reduced costs
  • Reduced cost of ownership of Finance systems
  • Improved productivity by standardising and automating processes to best practices
  • Access to timely, accurate financial data to improve decision making
  • Transformation of back-office processes
  • Increased ability to react to changing business conditions
  • Allows the retirement of legacy systems
  • Support for aggressive expansion plans including eased integration of acquisitions

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Any other Oracle Cloud SaaS
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints No.
System requirements
  • Most major web browsers are supported.
  • Licencing is part of the subscription.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times As per agreed SLAs.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels We provide 2nd and 3rd line support. Costs vary according to the nature and extent of services supplied. We provide various roles, including support engineer, lead support engineer, service delivery manager and technical account manager.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started All training options are available and would be agreed with the client as part of the change management plan.
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
  • Online documentation
  • Excel
End-of-contract data extraction Data can be extracted into Excel or other similar formats.
End-of-contract process There are no specific end of contract services included in the standard contract as extracting any necessary data can be done by the client themselves.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Some user self-service tools have specific mobile applications but most elements are supported via web browser. Capability dependant on mobile device.
API Yes
What users can and can't do using the API There are an extensive set of API's allowing integration with the majority of transaction types and static data.
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Can be extended but not customised.

Scaling

Scaling
Independence of resources The Cloud subscription will guarantee a consistent level of service for each subscriber.

Analytics

Analytics
Service usage metrics Yes
Metrics types Service status and service usage.
Reporting types Real-time dashboards

Resellers

Resellers
Supplier type Reseller providing extra support
Organisation whose services are being resold Oracle

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Via API's or into Excel.
Data export formats
  • CSV
  • Other
Other data export formats Excel
Data import formats
  • CSV
  • Other
Other data import formats Excel

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks IPsec or TLS VPN gateway
Data protection within supplier network IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Oracle works to meet a Target System Availability Level of 99.5% of the production service, for the measurement period of one calendar month, commencing at Oracle’s activation of the production environment. Oracle measures the System Availability Level by dividing the difference between the total number of minutes in the monthly measurement period and any Unplanned Downtime by the total number of minutes in the measurement period, and multiplying the result by 100 to reach a percent figure.
Approach to resilience Oracle deploys the Oracle Cloud Services on resilient computing infrastructure designed to maintain service availability and continuity in the case of an incident affecting the services. Data centres retained by Oracle to host Oracle Cloud Services have component and power redundancy with backup generators in place, and Oracle may incorporate redundancy in one or more layers including network infrastructure, program servers, database servers, and/or storage. Oracle periodically makes backups of Your production data in the Oracle Cloud Services for Oracle's sole use to minimise data loss in the event of an incident. Backups are stored at the primary site used to provide the Oracle Cloud Services, and may also be stored at an alternate location for retention purposes. A backup is typically retained online or offline for a period of at least 60 days after the date that the backup is made.
Outage reporting Oracle will provide You with access to a Customer notifications portal. This portal will provide metrics on the System Availability Level for Cloud Services purchased under the ordering document. For those Cloud Services for which such metrics are not available via the Customer notifications portal, Oracle will provide metrics on the System Availability Level upon receipt of a Service Request submitted by You to Oracle requesting the metrics.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Access to the Cloud Customer Support Portal is limited to Your designated technical contacts and other authorised users of the Cloud Services.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Description of management access authentication We can also provide single sign on.

Audit information for users

Audit information for users
Access to user activity audit information You control when users can access audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI Assurance UK Ltd
ISO/IEC 27001 accreditation date 03/08/2016
What the ISO/IEC 27001 doesn’t cover Not applicable.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Responsibility for our Information Security Policy lies with the Head of Information Security (HIS) and the UK Leadership Team. We deliver our security objectives through our Information Security Management System which takes account of legislation and best practice, including: Data Protection Act 1998; Sarbanes Oxley; ISO 27001 and 9001; and Computer Misuse Act 1990. We routinely identify all assets, assess the threats and risk levels and define what action needs to be taken to protect those assets. All security incidents, breaches, “near-misses” or concerns are required to be reported immediately to the HIS and Information Security Manager. In case of a breach, all critical IT systems are tied into a monitoring system which notifies IT personnel of any breach or anomaly. Our IT security and governance practices are reviewed annually by the Hitachi Ltd auditors. These reviews are cover all key systems utilising a framework based on the COBIT standards.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Oracle performs changes to cloud hardware infrastructure, operating software, product software, and supporting application software to maintain operational stability, availability, security, performance of the Oracle Cloud. Oracle follows formal change management procedures to review, test, and approve changes prior to application in the production service. Changes made through include system and service maintenance activities, upgrades and updates, and customer specific changes. The change management procedures are designed to minimise service interruption during the implementation of changes. Oracle works to ensure that change management procedures are conducted during scheduled maintenance windows, while taking into consideration low traffic periods and geographical requirements.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Oracle Software Security Assurance (OSSA) encompasses every phase of the product development lifecycle and is Oracle's methodology for building security into the design, build, testing, and maintenance of its products. It’s goal is to ensure that Oracle's products remain as secure as possible and is a set of industry-leading standards, technologies, and practices aimed at fostering security innovations and reducing the incidence of security weaknesses in Oracle products. Key programs include Oracle's Secure Coding Standards, mandatory security training for development and the use of automated analysis and testing tools. Oracle has adopted transparent security vulnerability disclosure and remediation policies.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Oracle has adopted security controls and practices that are designed to protect the confidentiality, integrity, and availability of all customer data. Oracle continually works to strengthen and improve its security controls and practices which are aligned with the ISO/IEC 27002 Code of Practice. Oracle Oracle personnel are subject to the Oracle information security practices which govern their employment. Rather than focusing on individual components, Oracle Cloud takes a holistic approach to information security, implementing a multi-layered defence security strategy where network, operating system, database, and software security practices and procedures complement one another with strong internal controls, governance, and oversight.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Support Services consist of: Diagnosis of problems or issues with the Oracle Cloud Services, Reasonable commercial efforts to resolve reported and verifiable errors, Support during Change Management activities, Assistance with technical service requests 24 hours per day, 7 days a week, 24 x 7 access to a Cloud Customer Support Portal, Live Telephone Support to log service requests, Access to community forums, Non-technical Customer service assistance during normal Oracle business hours (8:00 to 17:00) local time. The severity level of a service request is selected by both you and Oracle, and is based on 4 severity levels.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £90000 per unit
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑