Xpand Group Ltd.

Xpand Access

GDPR compliant on-boarding for business support programmes. Better understand the insights of supported industries through live data.

Xpand Access provides businesses with the information needed to get to market faster. Connect to the relevant organisations, on-board onto support services and start to understand how each business relates to other markets.

Features

  • GDPR Compliant Support Programme On-Boarding
  • Signposting tool for Services, Funding and Events
  • Customisable Business Evaluation Tools
  • Self-Service Application
  • Generate Market Analysis Reports in Minutes
  • Tools and eLearning to help businesses expand
  • Market and Export Opportunity Sizing Tools
  • International Business Development and Collaboration Connection
  • Market Research Tool to help support businesses
  • Simplified Cloud hosted mobile friendly platform

Benefits

  • Facilitates strong data control processes quickly
  • Supports businesses to connect to relevant growth services
  • Tracks the effectiveness of programmes and required support services
  • Delivers value and support to all businesses seeking support
  • Supports Economic and Business Development Strategy
  • Provides data needed to help businesses and economies grow
  • Platform to host Self-Service eLearning support materials
  • Encourages International development through export and FDI
  • Simplified market analysis information to support business growth
  • Highly available cost effective solution requiring no training

Pricing

£0 to £0 per licence per year

Service documents

G-Cloud 11

134551979903970

Xpand Group Ltd.

Sales

+44(0)20 323 97263

sales@xpandaccess.com

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Xpand Insights (www.xpandinsights.com)
Xpand Insights provides visualisations and analysis for the data captured through Xpand Access.

Xpand Ability (www.xpandability.com)
Xpand Ability uses the evaluation data from Xpand Access to provide custom eLearning path / content as it becomes available.
Cloud deployment model Public cloud
Service constraints No
System requirements
  • Internet Connected Device
  • IE11+ / Safari / Firefox / Chrome
  • App Store Account if using Mobile Application

User support

User support
Email or online ticketing support Email or online ticketing
Support response times For free customers there is a 48 hour window for tickets.
This is between Monday - Friday
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AAA
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard WCAG 2.1 AAA
Web chat accessibility testing Slack is used for web chat and has been extensively tested with assistive technology users.
Onsite support Yes, at extra cost
Support levels Community Support
Organisations who are on the free version of Xpand applications can submit calls via the community GitLab / Jira Service account,
No dedicated manager provided.

Basic Support - £4,000 p/a
No dedicated manager - access to call raising and change request functionality. Ability to request and track support issues against SLA.

Standard Support - £10,000 p/a
Calls can be raised through the Jira Service desk and responded to between Monday - Friday (9am - 5pm)
Dedicated account manager provided.

Premium Support - £25,000 p/a
Customers can raise calls on a 24 / 7 basis with out of hours support available. Calls raised will receive expedited support targeted against SLA's.
Dedicated account manager provided.

On-Site Support & Training £1,000 / £1,500 per visit
Optional on-boarding, training and induction packages start from £1,000 per visit with in-person training and on-site support provided.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Onsite on-boarding services are available.

Documentation is available as to how to use the application.
Walkthrough Videos are also available to guide users how to use Xpand Access.

A support messaging platform is available.
Webinars are scheduled once a month to answer questions on request.

On-Site Training is available at £1,000 - £1,500 per day to train as many users as wished with as many sessions as requested throughout that day.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction Xpand Access business users can extract their data by : -

1) Logging onto the Xpand Access website
2) Visit My Profile Page
3) Click Download My Data
4) CSV with data will download

Organisations can request an extract of the data of their users and team through the Self-Service Xpand Insights application on the My Profile Page.

The designated data controller for the organisation will receive a link to download the file via secure transfer on the email address when it's available.

The data controller will need to re-enter their password or have 2 factor authentication setup to confirm that they will be able to download the file.
End-of-contract process Where annual pricing has been agreed : 60 / 30 days before the end of the contract customers will receive a notification of automatic renewal in order to ensure continuation of service (Quotations will be automatically issued).

Where monthly pricing has been selected : Notification of automatic monthly payment will be provided. Payments must be paid up to the end of the agreed monthly period.

60 days notice is required for requests for cancellation of service.

If the contract is renewed the information will be retained on the Application.

If the contract is discontinued - access to existing data will remain for 60 days with all access to additional data requests suspended until the contract resumes.

All buyer reports and custom data will be made available to extract according to individual data licensing.

Included in Cost: -
Access to current data
Analysis and usage statistics

Additional cost : -
Additional Support / Hosting of data
Additional analysis and reporting
On-Site SLA / Contract Meetings outside of Support Package

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The mobile application is optional and the application will work as a web based application via the website through mentioned browsers.

All functionality is available via the mobile application
API No
Customisation available Yes
Description of customisation GDPR related content, messaging and questions can be customised using Xpand Insights application to set up the customisation.

Key messaging and signposting content can also be customised through the Xpand Insights partner application.

Buyers can set who within their organisation can carry out the customisations.

Scaling

Scaling
Independence of resources The application has been designed on a scalable infrastructure incorporating containerisation to support independent resource management for each customer.

Analytics

Analytics
Service usage metrics Yes
Metrics types Usage Report : User Activity reports
Credit Reports : Usage of Credits
Client Usage Reports : How many clients have used the service and how they have used the service

Organisations can request full historic metrics via the Xpand Insights control panel and service requests via Service desk.

These will be provided in CSV / Dashboard
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Xpand Access users can individually export their data via the following steps.

1) Log onto application
2) Visit My Profile page
3) Select 'Download my details'

Xpand Access organisation users can make a request through the following options.

Option 1
1) Log onto Xpand Insights
2) Visit My Profile Page
3) Select request data download file as CSV file
4) When available the data-controller will receive an email with a link to download organisation file which will require 2 factor authentication to be set up in order to download

Option 2
1) Raise service call via the provided support panel
Data export formats
  • CSV
  • Other
Other data export formats JSON
Data import formats
  • CSV
  • Other
Other data import formats JSON

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 95% service availability SLA between 9am - 5pm Monday - Friday excluding bank holidays and agreed service notifications.

Users will receive a credit note for the next year to the value of 1% of their contract for each additional 1% of service unavailability.
Approach to resilience Full Information available upon request - support@xpandaccess.com

Multi data centre setup with manual failover procedures
Outage reporting Outage details are visible on the Xpand Access website via a publicly accessible dashboard. (www.xpandaccess.com/servicestatus)

Outage alerts are sent to organisations when a significant outage is predicted or has occurred for longer than 3 hours.

Information on outages are available via the Xpand Service twitter handle.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Username and Password for each person using support and management interfaces authenticated by Xpand Support team or 2 Factor Authentication.

Support data is only available to allocated, identified and trained members of the Xpand Group teams. Users must have Xpand domain level email address to access support data.

Data Controllers and those requiring access to additional user data are requested to have 2-factor authentication set up in order to access or export any user data.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Xpand works with external security governance advisors.

Xpand are working with continuous security testing tools as part of the ongoing Live governance checks surrounding coding.

Security details are documented and recurring checks are in place with each code release.
Information security policies and processes Security and governance policies are in place; .

Recurring internal and external audits are conducted.

Training surrounding security policies are part of the induction process.

Procedures surrounding release are agreed by directors ensuring that adequate security processes are in place.

Policies are reviewed on a quarterly basis.

Documents are available via intranet and each member of staff who must sign their agreement to the latest procedures to continue contract / employment with the company.

Incident Management policies are in place surrounding information breaches.

ICO registration has been completed and complies with all relevant data control measures.

Privacy By Design has been implemented on this solution.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Each detail of the service solution is documented through a central repository - including changes per release. Change logs are tracked and each release has associated documentation and checks.

All major changes require an information security sign off - upcoming change requests are impact assessed.
Vulnerability management type Supplier-defined controls
Vulnerability management approach As part of an ongoing monthly review Xpand has a sprint planning session including governance, vulnerability and security,

Critical patches are implemented within 7 days

Change logs are reviewed as well as upcoming activities to identify required activities to resolve vulnerabilities.

Threat information comes from supplier forums and are handled as a SEV 2 service calls.

Incident management processes are followed where there is a confirmed impact to users.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Access logging has been implemented into the AWS application and API services, meaning all access is tracked.

Potential compromises can be raised by staff at any time and will be handled through service desk SLA's (Acknowledge / Response / Resolve times)

Incident response policy follows industry standards.

Daily scripts check for unusual activity.
Where unusual activity is tied to a specific account - a notification will be sent to affected users and data controllers to recommend actions.

Where unusual activity has been detected on an application level, further investigation will be conducted.
Incident management type Supplier-defined controls
Incident management approach Incident Management process documents have been generated and are stored on our local intranet and securely stored in physical format.

These documents form part of the induction programme and must be signed by each team member.

Users can report serious incidents through support@xpandaccess.com, +44(0)20 3239 7263 or SMS to dedicated account manager.

Incidents are logged via support channels and summary reports of each incident are provided via email, and meetings upon request for premium support customers.

Processes have been established to allow for out of hours response to serious incidents.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £0 to £0 per licence per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Free version provides a high level view of market evaluation data, supporting events, funds and support.

Not included for free is the ability for an organisation to evaluate applicant requirements or provide custom content this requires Xpand Insights.

The free version of this application is available to the public.
Link to free trial Www.xpandaccess.com/trial

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑