QualiWare Ltd.

QualiWare X Architecture & Collaboration Platform

QualiWareX enables architects and quality teams to manage risk and compliance whilst delivering both incremental improvements and large scale transformations. It provides capabilities to save time and costs by identifying areas for improvement, analysing impacts of change; quantify returns of change initiatives; and present this information coherently to different audiences.


  • Collaborative architecture design, and stakeholder management
  • Business Process Management (BPM) and process modelling
  • Dashboards - role-based with individualized reports/analytics
  • Application portfolio management
  • Risk and control management
  • Data architecture, modelling, and metadata management
  • Technology and infrastructure asset management and visualisation
  • GDPR, ISO compliance management
  • Support for standards inc. BPMN, ArchiMate, UML, TOGAF, DMN,
  • Governance workflows for change management, ideas, approvals, non-conformances


  • Identify weaknesses and inefficiencies in operations
  • Save time collecting data for change projects
  • Analyse impacts of changes with costings and timelines
  • Reuse assets and data
  • Manage multiple variations of data
  • Design future states, and compare different scenarios
  • Present designs and analysis in views that suit different audiences


£0.50 to £200 a licence a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at henrik.ellenhard@qualiware.com. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

2 1 9 6 7 5 8 5 7 2 2 8 2 4 1


QualiWare Ltd. Henrik Ellenhard
Telephone: +45 5374 2850
Email: henrik.ellenhard@qualiware.com

Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
For Private cloud option, the infrastructure needs to adhere to the guidelines in the QualiWare System Requirements documentation in order to be eligible for support.
Planned maintenance and upgrades will be scheduled outside of office hours and QualiWare will provide at least 1 month notice. Downtime would be max. 2 hours.
System requirements
  • Web browsers: IE 11, Chrome, Firefox, Safari
  • Windows 10 and above (OS)
  • SQL Server Licenses are required (for private cloud)
  • Mobile app: iOS, Android (latest versions)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Standard support: Within 24 hours (excluding weekends).
Weekend support and faster response times are available for additional costs.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Bronze level support is part of the service. It includes:
Incident management;
Monthly Service Improvement Report;
Bug Fixes and Workarounds;
Access to QualiWare Center of Excellence e-learning courses
Best practices guides and instructions for enterprise architecture, BPM, Quality Management, ISO compliance (9001, 27001 etc.), GDPR compliance.

Silver and Gold Level Support are available for additional investment. Silver includes faster response and resolution times.
Gold includes 24/7/365 access to support team and hotline, with faster SLAs for response and resolution times.
Support available to third parties

Onboarding and offboarding

Getting started
Online training videos, and access to courses, are available on QualiWare Centre of Excellence site. Users can access all documentation needed to handle the solution for free.
Additionally, QualiWare provides a "Fast Start" program designed to teach and train users in the solution, and make any required configurations within 4 weeks of starting. The Fast Start program includes best practices, workshops, and training exercises with online support and guidance during the ramp up period.
Service documentation
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Word
  • PowerPoint
  • Video
End-of-contract data extraction
Users can export data from the system into various file formats including CSV, XML, XMI, RTF, HTML, PDF etc. If integrations with other systems have been setup then data can be exported directly.
End-of-contract process
Customer will have the option to renew or cancel.

If cancellation is requested: Users will export data from the solution prior to end of contract. Data will exported in commonly used file types (CSV, XLSX, PDF etc.) QualiWare will turn off the software and the environment at midnight on last day of contract. All data in the system will then be permanently deleted within 30 days (unless otherwise agreed). All existing data will be returned to customer.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Web portal component is designed for both mobile and desktop devices, and built on HTML5 with responsive design therefore no difference.

Mobile application provides limited functionality for handling tasks and updating information.
Service interface
Description of service interface
Open APIs based on RESTful webservices are available. These enable QualiWare X to integrate with third party systems both for read and write. Available APIs are published for customers. Additionally, QualiWare provides a Generic Table interface for basic connections and import/export of CSV/Excel or table based data. OLEDB and ODBC connectors allow QualiWare X to interrogate and integrate data from external databases. WSDL, XML, XMI connectors allow further interfaces with other technologies.
Accessibility standards
None or don’t know
Description of accessibility
All repository content is interactive and can be accessed via web browser including documents. Documents can be viewed in HTML or PDF or Word/Excel/PPT. Editing and updating information can be done using intuitive web modeller, web forms, web-based spreadsheets. Mobile app is used for handling governance, quality, auditing, and change request tasks. Modelling tool is required for complex models, configurations, and delivering complex reports and analysis. Descriptions and other text information is accessible by clicking the interactive objects to display relevant context/data.
Accessibility testing
Basic testing on ergonomic usability for all types of users is routinely completed. Service is role-based, and for each role the interface has been designed to promote relevant information and provide easy navigation to additional info.
What users can and can't do using the API
QualiWare offers open APIs which are REST-FUL Webservices. QualiWare product is built on Microsoft technology stack according to best practice. An implication of this is that QualiWare product has a number of built-in API’s. Access to the API is given via an integration gateway.
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment
Customisation available
Description of customisation
QualiWareX is highly configurable and most changes do not require customisation. Configurations include: metamodel alterations, symbols changes, dashboard changes, governance workflow changes, set up of roles and access to content. QualiWare teaches users how to do configurations in training sessions or via the online help on Centre of Excellence site (coe.qualiware.com).

For customisation: new object templates, scripts for complex functions and calculations; some custom reports can be delivered. Users can learn QualiWare Command Language to do this or engage QualiWare consultants to help.


Independence of resources
The QualiCloud Azure environment is completely scalable, and the service will scale vertically as load increases. Testing on load is completed periodically. QualiWare offers single tenancy environments to ensure consistency of performance.


Service usage metrics
Metrics types
Example metrics include: Availability, Server loads, incident requests, response and resolution times. These metrics are available with Gold Support Level.
Monthly service improvement report is provided with included supported option. This includes incident status updates, requests, SLA breaches (if any).
Reporting types
  • API access
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users can utilise the easy export functions in the web and modelling tool to export data. All data, sub-sections of data, or individual reports/models/objects can be exported as necessary. Export function is very self-explanatory within the tool (and guidance is available on Center of Excellence, if needed).
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • Word
  • RTF
  • PDF
  • XLSX
  • XMI
  • XML
  • Archimate
  • HTML
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • PNG
  • Visio
  • .archimate
  • XMI
  • JPG or JPEG
  • TXT
  • RTF
  • ARIS
  • SparxEA

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
99.99% availability. SLAs for availability are documented in the Support Agreements (Gold, Silver, or Bronze). Additional details are available on request.

For incidents classified “Emergency” if the rating is “Target breached”, a penalty may be applied upon the Supplier, unless demonstrated the fault lies on the side of another party. The penalty can also be waived if both parties reach an agreement to do so. If applied, Penalty will be:
P$ = V$ x (<committed target>% - P); where
P$: Penalty;
V$: Payment to receive for the period;
P: Percent of Incidents resolution meeting target.
Approach to resilience
The service is designed to have no single point of failure, and follows Micorosft Azure best practices. Further information is available on request.
Outage reporting
Outages are reported by email alerts. Additionally, a standard report is delivered every 3 months that will include any details of outages.
Customers have an option for connection via API which can be facilitated at customer's expense.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Access is restricted to assigned support team members, and approved service delivery consultants. Persons with assigned access have to enter credentials, and use defined pathways to access customer environments. Changes and activities performed by support on customer environments are recorded in the Activity history.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
QualiWare information security policies and processes follow ISO 27001 and are fully compliant. QualiWare is also fully compliant with GDPR.

Security breaches are reportable in the Quality Management System which is accessible to all employees. Breach report will be automatically routed to persons responsible for immediate handling.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Use QualiWare Management System as ISMS. Defined risks and added to core capabilities of company. Change control process is defined in the QualiWare Management System which all support and service delivery employees adhere to. Changes are assessed by Service Delivery Manager before approval. All components of the service are tracked through the lifetime, and any deviations from out-of-box setup/configuration are recorded in the Support System, and tracked.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Potential threats are recorded in the Quality Management System and routed to security team. Security assess threat, prioritise and add to development backlog. Patch is developed and released according to severity and release schedule. More details available on request.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Protective monitoring process is described in QualiWare Quality Management System. Viewing can be arranged as required. Short answer: Cloud environment is monitored 24/7, and compromises are identified by cloud team during periodic testing or information from cloud supplier. Response times vary depending on severity.
Incident management type
Supplier-defined controls
Incident management approach
Incident management process is described in QualiWare QMS. Users can report incident using the "report incident" button on front page. This is then handled by associated team. Full details and walkthrough on process is available on request. Incident reports are provided when necessary, and periodically depending on agreed SLA.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£0.50 to £200 a licence a month
Discount for educational organisations
Free trial available
Description of free trial
30 day trial periods are available.
Trial environment set up
Cloud software licenses (5 advanced users and 5 Collaborators), cloud hosting
Online training modules
90 minute guidance session with QualiWare trainer
Review and evaluation session
Presentation of results to stakeholders
Not included:
Additional training and Consultancy services
Solution configuration
Link to free trial
Contact QualiWare for details.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at henrik.ellenhard@qualiware.com. Tell them what format you need. It will help if you say what assistive technology you use.