GDPR compliant on-boarding for business support programmes. Better understand the insights of supported industries through live data.
Xpand Access provides businesses with the information needed to get to market faster. Connect to the relevant organisations, on-board onto support services and start to understand how each business relates to other markets.
- GDPR Compliant Support Programme On-Boarding
- Signposting tool for Services, Funding and Events
- Customisable Business Evaluation Tools
- Self-Service Application
- Generate Market Analysis Reports in Minutes
- Tools and eLearning to help businesses expand
- Market and Export Opportunity Sizing Tools
- International Business Development and Collaboration Connection
- Market Research Tool to help support businesses
- Simplified Cloud hosted mobile friendly platform
- Facilitates strong data control processes quickly
- Supports businesses to connect to relevant growth services
- Tracks the effectiveness of programmes and required support services
- Delivers value and support to all businesses seeking support
- Supports Economic and Business Development Strategy
- Provides data needed to help businesses and economies grow
- Platform to host Self-Service eLearning support materials
- Encourages International development through export and FDI
- Simplified market analysis information to support business growth
- Highly available cost effective solution requiring no training
£0 to £0 per licence per year
- Education pricing available
Xpand Group Ltd.
+44(0)20 323 97263
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||
Xpand Insights (www.xpandinsights.com)
Xpand Insights provides visualisations and analysis for the data captured through Xpand Access.
Xpand Ability (www.xpandability.com)
Xpand Ability uses the evaluation data from Xpand Access to provide custom eLearning path / content as it becomes available.
|Cloud deployment model||Public cloud|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
For free customers there is a 48 hour window for tickets.
This is between Monday - Friday
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.1 AAA|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||Web chat|
|Web chat support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support accessibility standard||WCAG 2.1 AAA|
|Web chat accessibility testing||Slack is used for web chat and has been extensively tested with assistive technology users.|
|Onsite support||Yes, at extra cost|
Organisations who are on the free version of Xpand applications can submit calls via the community GitLab / Jira Service account,
No dedicated manager provided.
Basic Support - £4,000 p/a
No dedicated manager - access to call raising and change request functionality. Ability to request and track support issues against SLA.
Standard Support - £10,000 p/a
Calls can be raised through the Jira Service desk and responded to between Monday - Friday (9am - 5pm)
Dedicated account manager provided.
Premium Support - £25,000 p/a
Customers can raise calls on a 24 / 7 basis with out of hours support available. Calls raised will receive expedited support targeted against SLA's.
Dedicated account manager provided.
On-Site Support & Training £1,000 / £1,500 per visit
Optional on-boarding, training and induction packages start from £1,000 per visit with in-person training and on-site support provided.
|Support available to third parties||Yes|
Onboarding and offboarding
Onsite on-boarding services are available.
Documentation is available as to how to use the application.
Walkthrough Videos are also available to guide users how to use Xpand Access.
A support messaging platform is available.
Webinars are scheduled once a month to answer questions on request.
On-Site Training is available at £1,000 - £1,500 per day to train as many users as wished with as many sessions as requested throughout that day.
|End-of-contract data extraction||
Xpand Access business users can extract their data by : -
1) Logging onto the Xpand Access website
2) Visit My Profile Page
3) Click Download My Data
4) CSV with data will download
Organisations can request an extract of the data of their users and team through the Self-Service Xpand Insights application on the My Profile Page.
The designated data controller for the organisation will receive a link to download the file via secure transfer on the email address when it's available.
The data controller will need to re-enter their password or have 2 factor authentication setup to confirm that they will be able to download the file.
Where annual pricing has been agreed : 60 / 30 days before the end of the contract customers will receive a notification of automatic renewal in order to ensure continuation of service (Quotations will be automatically issued).
Where monthly pricing has been selected : Notification of automatic monthly payment will be provided. Payments must be paid up to the end of the agreed monthly period.
60 days notice is required for requests for cancellation of service.
If the contract is renewed the information will be retained on the Application.
If the contract is discontinued - access to existing data will remain for 60 days with all access to additional data requests suspended until the contract resumes.
All buyer reports and custom data will be made available to extract according to individual data licensing.
Included in Cost: -
Access to current data
Analysis and usage statistics
Additional cost : -
Additional Support / Hosting of data
Additional analysis and reporting
On-Site SLA / Contract Meetings outside of Support Package
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
The mobile application is optional and the application will work as a web based application via the website through mentioned browsers.
All functionality is available via the mobile application
|Description of customisation||
GDPR related content, messaging and questions can be customised using Xpand Insights application to set up the customisation.
Key messaging and signposting content can also be customised through the Xpand Insights partner application.
Buyers can set who within their organisation can carry out the customisations.
|Independence of resources||The application has been designed on a scalable infrastructure incorporating containerisation to support independent resource management for each customer.|
|Service usage metrics||Yes|
Usage Report : User Activity reports
Credit Reports : Usage of Credits
Client Usage Reports : How many clients have used the service and how they have used the service
Organisations can request full historic metrics via the Xpand Insights control panel and service requests via Service desk.
These will be provided in CSV / Dashboard
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Supplier-defined controls|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Physical access control, complying with another standard|
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||
Xpand Access users can individually export their data via the following steps.
1) Log onto application
2) Visit My Profile page
3) Select 'Download my details'
Xpand Access organisation users can make a request through the following options.
1) Log onto Xpand Insights
2) Visit My Profile Page
3) Select request data download file as CSV file
4) When available the data-controller will receive an email with a link to download organisation file which will require 2 factor authentication to be set up in order to download
1) Raise service call via the provided support panel
|Data export formats||
|Other data export formats||JSON|
|Data import formats||
|Other data import formats||JSON|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
95% service availability SLA between 9am - 5pm Monday - Friday excluding bank holidays and agreed service notifications.
Users will receive a credit note for the next year to the value of 1% of their contract for each additional 1% of service unavailability.
|Approach to resilience||
Full Information available upon request - firstname.lastname@example.org
Multi data centre setup with manual failover procedures
Outage details are visible on the Xpand Access website via a publicly accessible dashboard. (www.xpandaccess.com/servicestatus)
Outage alerts are sent to organisations when a significant outage is predicted or has occurred for longer than 3 hours.
Information on outages are available via the Xpand Service twitter handle.
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||
Username and Password for each person using support and management interfaces authenticated by Xpand Support team or 2 Factor Authentication.
Support data is only available to allocated, identified and trained members of the Xpand Group teams. Users must have Xpand domain level email address to access support data.
Data Controllers and those requiring access to additional user data are requested to have 2-factor authentication set up in order to access or export any user data.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||
Xpand works with external security governance advisors.
Xpand are working with continuous security testing tools as part of the ongoing Live governance checks surrounding coding.
Security details are documented and recurring checks are in place with each code release.
|Information security policies and processes||
Security and governance policies are in place; .
Recurring internal and external audits are conducted.
Training surrounding security policies are part of the induction process.
Procedures surrounding release are agreed by directors ensuring that adequate security processes are in place.
Policies are reviewed on a quarterly basis.
Documents are available via intranet and each member of staff who must sign their agreement to the latest procedures to continue contract / employment with the company.
Incident Management policies are in place surrounding information breaches.
ICO registration has been completed and complies with all relevant data control measures.
Privacy By Design has been implemented on this solution.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Each detail of the service solution is documented through a central repository - including changes per release. Change logs are tracked and each release has associated documentation and checks.
All major changes require an information security sign off - upcoming change requests are impact assessed.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
As part of an ongoing monthly review Xpand has a sprint planning session including governance, vulnerability and security,
Critical patches are implemented within 7 days
Change logs are reviewed as well as upcoming activities to identify required activities to resolve vulnerabilities.
Threat information comes from supplier forums and are handled as a SEV 2 service calls.
Incident management processes are followed where there is a confirmed impact to users.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Access logging has been implemented into the AWS application and API services, meaning all access is tracked.
Potential compromises can be raised by staff at any time and will be handled through service desk SLA's (Acknowledge / Response / Resolve times)
Incident response policy follows industry standards.
Daily scripts check for unusual activity.
Where unusual activity is tied to a specific account - a notification will be sent to affected users and data controllers to recommend actions.
Where unusual activity has been detected on an application level, further investigation will be conducted.
|Incident management type||Supplier-defined controls|
|Incident management approach||
Incident Management process documents have been generated and are stored on our local intranet and securely stored in physical format.
These documents form part of the induction programme and must be signed by each team member.
Users can report serious incidents through email@example.com, +44(0)20 3239 7263 or SMS to dedicated account manager.
Incidents are logged via support channels and summary reports of each incident are provided via email, and meetings upon request for premium support customers.
Processes have been established to allow for out of hours response to serious incidents.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£0 to £0 per licence per year|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||
Free version provides a high level view of market evaluation data, supporting events, funds and support.
Not included for free is the ability for an organisation to evaluate applicant requirements or provide custom content this requires Xpand Insights.
The free version of this application is available to the public.
|Link to free trial||Www.xpandaccess.com/trial|