Cognizant Technology Solutions UK Limited

assetSERV Records Management

assetSERV as a Records Management platform enables metadata management, information and other records. We provide the ability to create, maintain and distribute this recorded information. This is done through a central repository, providing metadata and collaboration features, workflows and API layer for publishing to applications like CRM, PIM, ERP, etc.


  • Secure repository as single source of truth
  • Extensive search based on content indexing
  • Role based access
  • Collaboration features including sharing, collections, baskets, versioning, check in-out
  • Configurable workflows
  • Real time notifications for all defined user actions
  • Cloud based application, web application with browser based access
  • Creating collections of records
  • Metadata management


  • Manage metadata, product information, employee information
  • Easy, role based search on all content. Complete content indexing.
  • Easy collaboration on all content, sharing, workflows, comments and annotations
  • Workflows to ensure right reviews and approvals
  • Easy to publish content to multiple devices
  • Digital rights definition and control on the content
  • Access to content from browser based interface. Responsive web design.
  • Share content as emails, collections - time bound, protected links
  • Download content in different formats, as collections, contact sheets
  • Encryption in transport layer and at rest on server


£50 to £330 per user per month

  • Education pricing available

Service documents

G-Cloud 11


Cognizant Technology Solutions UK Limited

Paul Todd

+44 (0) 7711 588 127

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints No specific constraints. Maintenance windows would be fixed after discussion with client. Cognizant provides implementation, application and infrastructure support for assetSERV.
System requirements
  • AssetSERV is a web based application
  • No specific system requirements
  • Compatible with all leading web browsers
  • Optional desktop installation for assetSERV drive

User support

User support
Email or online ticketing support Email or online ticketing
Support response times AssetSERV Standard SLA response and resolution times have been provided below:

Severity 1 (An incident which causes the platform to go down, making it unavailable) - Response within 1 Hour
Severity 2 (An incident with Critical functionality that has no workaround, and stops production work.) - Response within 2 Hours
Severity 3 (An incident with non-Critical functionality that has no workaround) - Response within 4 Hours
Severity 4 (All other non-critical defects, enhancements and feature requests, training and documentation issues) - Response within 24 hours
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Cognizant offers 3 support levels for this service:
L1 - 24X7 phone and email support by team of trained analysts who will be first responders for initial resolution, debugging, minor support and help queries.
L2 - 8X5 or 16X5 support by team of trained developers and testers for debugging/ resolution following build/ deploy cycle for patches and resolution
L3 support addresses infrastructure, product code and other components. Responsible for fixes and deploying them into production in the build cycle.
Onsite, a technical support analyst can be provided for enhanced support
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Onsite training session can be conducted for Client. We will follow a Train the Trainer methodology. Also, these would be supplemented with Workshops during Go-Live Webinars (Over WebEx), Recordings of training sessions, User Manual and Training Guide.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction Using a combination of manual effort and automation scripts, we extract assets/metadata from the current DAM to be transferred/transform to the proposed system. Our approach to handover/migration is described below
1. Get Assets from current system to a shared drive/portable drive
2. Metadata information to be provided as a representation of existing database schema along with all the table relationship information
3. Extract the metadata from the source database
End-of-contract process A contract, ending after running its due course is generally up for renewal. The rules, deliverables and costs can be renegotiated. Depending on the understanding the terms and conditions can be kept same. If there is no renewal, all the client data will be handed over. Software is on License basis, so the instance will be taken down as per prior agreement. assetSERV would need 3 months advance notice before contract termination. This period would be used for the content migration activity to ensure all client content and metadata is migrated back to client systems.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices No
Service interface No
What users can and can't do using the API AssetSERV provides a complete API accessible via HTTP/HTTPS. This API is the best way to integrate portals, workflow engines, ESBs, custom applications, etc. remotely with the assetSERV Platform. The API has the following endpoints.
For doing Create Read Update Delete (CRUD) on resources in a 100% REST style. Multiple resource endpoints are exposed.
eg. You can perform searches by query or page provider, store these searches and reproduce them later. /nx/site/api/v1/search/lang OR /nx/site/api/v1/search/pp OR /nx/site/api/v1/search/saved
Limitations are the same as any RESTful service has.
assetSERV provides for technical resources for any enhancements/ customizations. Users can be provided access to the APIs only on need basis.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation AssetSERV is a configurable Records Management platform that can be customised to meet buyer requirements. Some of the key aspects that can be customised are:
- UI to meet buyer branding guidelines
- Metadata model
- Workflows and business rules for content
- Specific integration use cases
- Notifications based on business rules
- Digital rights and access rights to content
Cognizant provides for implementation services for all the above listed customisations and other enhancements needed on assetSERV.


Independence of resources AssetSERV is a Records Management system with a robust architecture supporting dynamic scaling. It consists of multiple server components with particular responsibilities. This gives the ability to scale each component independently to adhere to the customer’s requirements. The 4 major components of the system are:
1. Web Application Server
2. Search Server
3. Storage Server
4. Conversion Server


Service usage metrics Yes
Metrics types AssetSERV provides statistics for all asset and user centric related actions. You can view statistics for uploads, downloads, logins and drill down statistics on individual asset and user level. Asset usage is tracked for channels that are directly connected.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
Other data at rest protection approach AssetSERV provides a 256-bit encryption of the data at rest by leveraging AWS security services. This can be provided based on client requirement. Encryption in flight if via TLS.
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach For administrative users, the Platform allows download of log files/data or allows administrators to export them via API.
Regular users can use various means like:
- Downloading CSV cantainting asset details/Metadata
- Use assetSERV Drive
- Download collections/Lightboxes
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks IPsec or TLS VPN gateway
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability We shall make commercially reasonable efforts to provide at least 99.5% Platform Availability, measured on a per calendar-month basis.
Approach to resilience With cloud infrastructure we provide high failure resiliency. Server auto light, auto scaling and modularized design of assetSERV ensures compartmentalized operations and seamless failure recovery.
Outage reporting Outages will be ascertained based on severity of issues that need to be fixed and communicated via the appropriate channels.
Usual channels include email alerts to designated users. Also, notifications/pop-ups/banners on the log-in and landing pages are put up to let users know the status.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication 2-factor authentication
Access restrictions in management interfaces and support channels AssetSERV has a strict access monitoring and management system.
assetSERV supports integration with an existing Identity System (IDP) via Federated Identity. IDP’s are governed by their own privacy policies and can control what information they share with an Service Provider (SP). With Federation, we can set up a Circle of Trust (CoT), where a remote IDP can send a message to the SP, with appropriate information on authentication and authorization. The SP then decides whether to let the user access its service.
Access restriction testing frequency At least every 6 months
Management access authentication 2-factor authentication

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 EY CertifyPoint
ISO/IEC 27001 accreditation date 11/12/2013
What the ISO/IEC 27001 doesn’t cover All Amazon Web Services components and relevant locations for assetSERV are covered in the certification.
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date 31/01/2016
CSA STAR certification level Level 2: CSA STAR Attestation
What the CSA STAR doesn’t cover LEVEL THREE: CSA STAR Continuous Monitoring

Currently under development, CSA STAR Continuous Monitoring enables automation of the current security practices of cloud providers. Providers publish their security practices according to CSA formatting and specifications, and customers and tool vendors can retrieve and present this information in a variety of contexts.
PCI certification Yes
Who accredited the PCI DSS certification Coalfire Systems Inc.
PCI DSS accreditation date 11/07/2016
What the PCI DSS doesn’t cover AWS is PCI Level 1 Service Provider. Hence it covers all the requirements;
1. Service Provider Criteria for VISA
2. Validation Requirements for VISA
3. Service Provider Criteria for MasterCard
4. Validation Requirements for MasterCard
Other security certifications Yes
Any other security certifications
  • C5 [Germany]
  • Cyber Essentials Plus [UK]
  • DoD SRG
  • FedRAMP
  • FIPS
  • IRAP [Australia]
  • ISO 9001, ISO 27001, ISO 27017, ISO 27018
  • MLPS Level 3 [China]
  • MTCS [Singapore]
  • SOC 1, SOC 2, SOC 3

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Compliance mandates such as PCI DSS, HIPAA, ISO 270001, GLBA and SOX require businesses to protect, track and control access to sensitive information.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Cognizant will work with the Client to assess change management requirements and will design and implement a Change Management Plan tailored to your needs and culture.
With extensive industry domain expertise and next-generation RIM 2.0 services, which include Cognizant's industry-leading OnTarget™ ITIL-based platform and unique Operations Maturity Model, Cognizant IT IS helps clients reduce infrastructure management costs, mitigate risk, and improve business performance.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach AssetSERV is hosted on AWS cloud which complies with SAS70 Type II. We also use Qualys Web Scan to test for the latest vulnerabilities including the OWASP Top 10 and any vulnerabilities found are rectified.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Performance monitoring and optimization tools used are Brocade for Traffic Management, AlertLogic for security and vulnerability assessment and AWS Monitoring tools.

assetSERV uses AWS CLoudWatch, CloudTrail and custom SQL scripts to manage database intrusion attempts or unusual activity and SIEM log monitoring and WebApplication Firewall to detect network intrusion attempts or unusual activity.

We provide complete audit log for all user activities on the system along with timestamp of activity. In addition to the above, we can provide IP address of all users connected to assetSERV system. We manage forensic investigations in alignment with DSS requirement A 1.4.
Incident management type Supplier-defined controls
Incident management approach System has an automated monitoring for network, platform availability & Security incidents. Error handling has been built into the application to handle scenarios such as - upload failure, save failure, download failure, workflow triggering etc. Any additional failure scenarios would be added based on platform's configuration during the course of the engagement. If the users come across any other problems they can raise a ticket for resolution. Any additional analysis in order to prevent issues can be availed as additional services that are offered based on the support level agreement signed with assetSERV.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £50 to £330 per user per month
Discount for educational organisations Yes
Free trial available No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑