Cognizant Technology Solutions UK Limited

assetSERV Records Management

assetSERV as a Records Management platform enables metadata management, information and other records. We provide the ability to create, maintain and distribute this recorded information. This is done through a central repository, providing metadata and collaboration features, workflows and API layer for publishing to applications like CRM, PIM, ERP, etc.


  • Secure repository as single source of truth
  • Extensive search based on content indexing
  • Role based access
  • Collaboration features including sharing, collections, baskets, versioning, check in-out
  • Configurable workflows
  • Real time notifications for all defined user actions
  • Cloud based application, web application with browser based access
  • Creating collections of records
  • Metadata management


  • Manage metadata, product information, employee information
  • Easy, role based search on all content. Complete content indexing.
  • Easy collaboration on all content, sharing, workflows, comments and annotations
  • Workflows to ensure right reviews and approvals
  • Easy to publish content to multiple devices
  • Digital rights definition and control on the content
  • Access to content from browser based interface. Responsive web design.
  • Share content as emails, collections - time bound, protected links
  • Download content in different formats, as collections, contact sheets
  • Encryption in transport layer and at rest on server


£50 to £330 per user per month

  • Education pricing available

Service documents


G-Cloud 11

Service ID

1 8 5 0 4 8 7 4 7 2 8 8 3 3 4


Cognizant Technology Solutions UK Limited

Paul Todd

+44 (0) 7711 588 127

Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
No specific constraints. Maintenance windows would be fixed after discussion with client. Cognizant provides implementation, application and infrastructure support for assetSERV.
System requirements
  • AssetSERV is a web based application
  • No specific system requirements
  • Compatible with all leading web browsers
  • Optional desktop installation for assetSERV drive

User support

Email or online ticketing support
Email or online ticketing
Support response times
AssetSERV Standard SLA response and resolution times have been provided below:

Severity 1 (An incident which causes the platform to go down, making it unavailable) - Response within 1 Hour
Severity 2 (An incident with Critical functionality that has no workaround, and stops production work.) - Response within 2 Hours
Severity 3 (An incident with non-Critical functionality that has no workaround) - Response within 4 Hours
Severity 4 (All other non-critical defects, enhancements and feature requests, training and documentation issues) - Response within 24 hours
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
Cognizant offers 3 support levels for this service:
L1 - 24X7 phone and email support by team of trained analysts who will be first responders for initial resolution, debugging, minor support and help queries.
L2 - 8X5 or 16X5 support by team of trained developers and testers for debugging/ resolution following build/ deploy cycle for patches and resolution
L3 support addresses infrastructure, product code and other components. Responsible for fixes and deploying them into production in the build cycle.
Onsite, a technical support analyst can be provided for enhanced support
Support available to third parties

Onboarding and offboarding

Getting started
Onsite training session can be conducted for Client. We will follow a Train the Trainer methodology. Also, these would be supplemented with Workshops during Go-Live Webinars (Over WebEx), Recordings of training sessions, User Manual and Training Guide.
Service documentation
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
Using a combination of manual effort and automation scripts, we extract assets/metadata from the current DAM to be transferred/transform to the proposed system. Our approach to handover/migration is described below
1. Get Assets from current system to a shared drive/portable drive
2. Metadata information to be provided as a representation of existing database schema along with all the table relationship information
3. Extract the metadata from the source database
End-of-contract process
A contract, ending after running its due course is generally up for renewal. The rules, deliverables and costs can be renegotiated. Depending on the understanding the terms and conditions can be kept same. If there is no renewal, all the client data will be handed over. Software is on License basis, so the instance will be taken down as per prior agreement. assetSERV would need 3 months advance notice before contract termination. This period would be used for the content migration activity to ensure all client content and metadata is migrated back to client systems.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Service interface
What users can and can't do using the API
AssetSERV provides a complete API accessible via HTTP/HTTPS. This API is the best way to integrate portals, workflow engines, ESBs, custom applications, etc. remotely with the assetSERV Platform. The API has the following endpoints.
For doing Create Read Update Delete (CRUD) on resources in a 100% REST style. Multiple resource endpoints are exposed.
eg. You can perform searches by query or page provider, store these searches and reproduce them later. /nx/site/api/v1/search/lang OR /nx/site/api/v1/search/pp OR /nx/site/api/v1/search/saved
Limitations are the same as any RESTful service has.
assetSERV provides for technical resources for any enhancements/ customizations. Users can be provided access to the APIs only on need basis.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
AssetSERV is a configurable Records Management platform that can be customised to meet buyer requirements. Some of the key aspects that can be customised are:
- UI to meet buyer branding guidelines
- Metadata model
- Workflows and business rules for content
- Specific integration use cases
- Notifications based on business rules
- Digital rights and access rights to content
Cognizant provides for implementation services for all the above listed customisations and other enhancements needed on assetSERV.


Independence of resources
AssetSERV is a Records Management system with a robust architecture supporting dynamic scaling. It consists of multiple server components with particular responsibilities. This gives the ability to scale each component independently to adhere to the customer’s requirements. The 4 major components of the system are:
1. Web Application Server
2. Search Server
3. Storage Server
4. Conversion Server


Service usage metrics
Metrics types
AssetSERV provides statistics for all asset and user centric related actions. You can view statistics for uploads, downloads, logins and drill down statistics on individual asset and user level. Asset usage is tracked for channels that are directly connected.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
Other data at rest protection approach
AssetSERV provides a 256-bit encryption of the data at rest by leveraging AWS security services. This can be provided based on client requirement. Encryption in flight if via TLS.
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
For administrative users, the Platform allows download of log files/data or allows administrators to export them via API.
Regular users can use various means like:
- Downloading CSV cantainting asset details/Metadata
- Use assetSERV Drive
- Download collections/Lightboxes
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data protection between buyer and supplier networks
IPsec or TLS VPN gateway
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We shall make commercially reasonable efforts to provide at least 99.5% Platform Availability, measured on a per calendar-month basis.
Approach to resilience
With cloud infrastructure we provide high failure resiliency. Server auto light, auto scaling and modularized design of assetSERV ensures compartmentalized operations and seamless failure recovery.
Outage reporting
Outages will be ascertained based on severity of issues that need to be fixed and communicated via the appropriate channels.
Usual channels include email alerts to designated users. Also, notifications/pop-ups/banners on the log-in and landing pages are put up to let users know the status.

Identity and authentication

User authentication needed
User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
AssetSERV has a strict access monitoring and management system.
assetSERV supports integration with an existing Identity System (IDP) via Federated Identity. IDP’s are governed by their own privacy policies and can control what information they share with an Service Provider (SP). With Federation, we can set up a Circle of Trust (CoT), where a remote IDP can send a message to the SP, with appropriate information on authentication and authorization. The SP then decides whether to let the user access its service.
Access restriction testing frequency
At least every 6 months
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
EY CertifyPoint
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
All Amazon Web Services components and relevant locations for assetSERV are covered in the certification.
ISO 28000:2007 certification
CSA STAR certification
CSA STAR accreditation date
CSA STAR certification level
Level 2: CSA STAR Attestation
What the CSA STAR doesn’t cover
LEVEL THREE: CSA STAR Continuous Monitoring

Currently under development, CSA STAR Continuous Monitoring enables automation of the current security practices of cloud providers. Providers publish their security practices according to CSA formatting and specifications, and customers and tool vendors can retrieve and present this information in a variety of contexts.
PCI certification
Who accredited the PCI DSS certification
Coalfire Systems Inc.
PCI DSS accreditation date
What the PCI DSS doesn’t cover
AWS is PCI Level 1 Service Provider. Hence it covers all the requirements;
1. Service Provider Criteria for VISA
2. Validation Requirements for VISA
3. Service Provider Criteria for MasterCard
4. Validation Requirements for MasterCard
Other security certifications
Any other security certifications
  • C5 [Germany]
  • Cyber Essentials Plus [UK]
  • DoD SRG
  • FedRAMP
  • FIPS
  • IRAP [Australia]
  • ISO 9001, ISO 27001, ISO 27017, ISO 27018
  • MLPS Level 3 [China]
  • MTCS [Singapore]
  • SOC 1, SOC 2, SOC 3

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Compliance mandates such as PCI DSS, HIPAA, ISO 270001, GLBA and SOX require businesses to protect, track and control access to sensitive information.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Cognizant will work with the Client to assess change management requirements and will design and implement a Change Management Plan tailored to your needs and culture.
With extensive industry domain expertise and next-generation RIM 2.0 services, which include Cognizant's industry-leading OnTarget™ ITIL-based platform and unique Operations Maturity Model, Cognizant IT IS helps clients reduce infrastructure management costs, mitigate risk, and improve business performance.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
AssetSERV is hosted on AWS cloud which complies with SAS70 Type II. We also use Qualys Web Scan to test for the latest vulnerabilities including the OWASP Top 10 and any vulnerabilities found are rectified.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Performance monitoring and optimization tools used are Brocade for Traffic Management, AlertLogic for security and vulnerability assessment and AWS Monitoring tools.

assetSERV uses AWS CLoudWatch, CloudTrail and custom SQL scripts to manage database intrusion attempts or unusual activity and SIEM log monitoring and WebApplication Firewall to detect network intrusion attempts or unusual activity.

We provide complete audit log for all user activities on the system along with timestamp of activity. In addition to the above, we can provide IP address of all users connected to assetSERV system. We manage forensic investigations in alignment with DSS requirement A 1.4.
Incident management type
Supplier-defined controls
Incident management approach
System has an automated monitoring for network, platform availability & Security incidents. Error handling has been built into the application to handle scenarios such as - upload failure, save failure, download failure, workflow triggering etc. Any additional failure scenarios would be added based on platform's configuration during the course of the engagement. If the users come across any other problems they can raise a ticket for resolution. Any additional analysis in order to prevent issues can be availed as additional services that are offered based on the support level agreement signed with assetSERV.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£50 to £330 per user per month
Discount for educational organisations
Free trial available

Service documents

Return to top ↑