SyntheSys CloudbaSE DM provides a systems and software engineering solution, using the IBM Rational toolset, that supports the requirements capture, design, implementation, testing and maintenance phases of the development life cycle, helping to create end-to-end collaboration and performance
- Share & manage architecture and designs
- Access design information via web client
- Collaborate for design correctness
£900 per user per month
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||CloudbaSE Requirements Manager, CloudbaSE Project Manager, CloudbaSE Validation Manager|
|Cloud deployment model||Public cloud|
|Service constraints||The Hosting service is subject to planned maintenance to ensure an optimum service. Any planned maintenance will be announced in advance and scheduled for minimum disruption to the service.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Standard business hours Monday - Friday 0900 - 1700|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
SyntheSys provide level 2 support to the hosted applications in the cloud environment in accordance with a Service Level Agreement (SLA).
SyntheSys will deploy the Cloud environment and also the application layer providing support to users along with training if requested in the operation of the solutions.
Day to day operational support is covered by the monthly rental. Additional support, outside the scope of the SLA, can be provided upon request in accordance with the rate card supplied.
Each client will be provided with a technical account manager as their point of contact.
|Support available to third parties||Yes|
Onboarding and offboarding
CloudbaSE Services is our tailored model, which gives you access to our expert consultants and architects in the deployment, maintenance, enhancement, and support stages of your CloudbaSE project.
We understand that value delivery from your CloudbaSE project is your priority. Our training and consultancy services allow you to release this value quickly and seamlessly. We offer a range of different services to support your system integration and process delivery.
We have a proven track record of providing training and consultancy services across technical, financial, and government organisations and we are proud of the quality of these services. We can assist in the following areas:
•Staff training and development.
•Ad hoc support.
|End-of-contract data extraction||The termination element of our service ensures your data is safe, secure and complete. We will provide you with a full copy of your data upon request when the contract ends.|
|End-of-contract process||We aim to leave a positive lasting impression with all of our Clients. The termination element of our service is included in the price and ensures your data is safe, secure and complete and we will back up your full database and give you unrestricted access to your archive or destroy it as you wish.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||No|
|Accessibility standards||None or don’t know|
|Description of accessibility||The web interface is provide by the IBM software installed on the cloud environment. We are not familiar with the details of how the IBM web interface is accessible.|
|Accessibility testing||As the web interface is provided by IBM, SyntheSys has not carried out testing with assistive technology users|
|Independence of resources||Each client is set up in a new virtual machine environment. Performance is scaled on each individual instance to ensure performance is not compromised|
|Service usage metrics||No|
|Supplier type||Reseller providing extra features and support|
|Organisation whose services are being resold||IBM|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||Never|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||SyntheSys will support the client in the export or reporting of data held within the application|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
|Guaranteed availability||The service level agreement is contained within Schedule 1 of the SyntheSys SaaS Terms in conditions. SyntheSys shall use all reasonable endeavours to ensure platform is available 99% during each calendar month, subject to scheduled maintenance.|
|Approach to resilience||This data is available on request. It is managed by IBM as the IaaS provider.|
|Outage reporting||Outages on the environment are provided to SyntheSys by email. These will be passed on to the client.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||The hosted applications are configured by user role providing discrete access restrictions to specific areas of functionality|
|Access restriction testing frequency||Less than once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||No audit information available|
|Access to supplier activity audit information||No audit information available|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Coalfire ISO|
|ISO/IEC 27001 accreditation date||15/04/2016|
|What the ISO/IEC 27001 doesn’t cover||The ISO/IEC 27001 certification is provided by SoftLayer, an IBM company. We are unaware of what, if anything, is not covered by this certification.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||
|Information security policies and processes||SyntheSys has a security officer responsible for the management, isolation and dissemination of data within our business and clients.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Configuration and change management of the IaaS is managed by IBM's processes and provided as standard. We do not have details of these processes.
In addition, SyntheSys are subject to ISO 9001 Quality certification and as such have processes in place for configuration and change management of service components.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||Vulnerability management of the IaaS is controlled by IBM's processes and provided as standard. We do not have details of these processes.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Protective monitoring of the IaaS is managed by IBM's processes and provided as standard. We do not have full details of these processes.
However, intrusion detection is active on the Virtual machine and is monitored by IBM for action.
|Incident management type||Supplier-defined controls|
|Incident management approach||
Incident management of the IaaS is managed by IBM's processes and provided as standard. We do not have details of these processes.
Users report incidents they identify via their technical account manager.
Incidents on the hosting environment will be communicated to any user or client affected as they arise.
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£900 per user per month|
|Discount for educational organisations||No|
|Free trial available||No|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|