Ninth Wave Ltd.


SmartCore provides immediate, practical, business benefits by delivering scalable, integrated, low risk and rapid-payback applications in less time than it normally takes to document requirements. SmartCore meets all your project and programme management software needs whether you are looking for “off the shelf” management tools or bespoke management software.


  • Investment planning, benefits mapping, portfolio construction and what-if scenarios
  • Supply and demand management across the organisation with built-in collaboration
  • Benefit delivery and KPI tracking linked to strategic plans
  • Forecast resource demand, impacts and budgets
  • Planning and execution of programmes, projects and work packages
  • Time recording, financials, risk, document management and status reporting
  • Fully configurable structures, audiences, screens, security, help, wikis and workflow
  • Complete visibility of data through user defined dashboards and reporting
  • Flexible interfacing through SOAP, REST and SQL
  • Integrates with Microsoft Project, Word, Excel and PowerPoint


  • A single solution for all your PPM needs
  • Clear responsibilities, full audit and a single source for data
  • Programmatically determine, highlight and escalate issues and exceptions
  • Automatic aggregation of data, including powerful summarisers and metrics
  • A shared environment supporting thousands of users across the internet
  • Single view of the portfolio for visibility and informed decision-making
  • Roll out best practice, governance and process across the portfolio
  • Align strategy, cost benefit, financials and resources
  • Allows top down and bottom up planning of the portfolio
  • A scalable, zero impact solution that can be deployed rapidly


£4.50 to £150.00 per user per month

Service documents

G-Cloud 11


Ninth Wave Ltd.

Jon Lewis

0207 403 4433

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints None
System requirements A compatible web-browser and internet connection

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We respond to issues raised by customers within one working hour.
Our working hours are from 09:00 to 17:30 UK time, from Monday to Friday excluding bank holidays in England.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Telephone and email support is provided from 09:00 to 17:30 UK time, from Monday to Friday excluding public holidays in England. Out of hours voice messages are emailed to our support team. Ninth Wave will register and allocate a priority within one working hour of the customer’s call or email. For critical problems Ninth Wave will attempt to generate a fix as soon as possible. For non-critical problems Ninth Wave will attempt to generate a fix for incorporation in the next release of the software.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Ninth Wave provides implementation support to our SmartCore customers. This includes reviewing requirements, configuring SmartCore to meet those requirements and assistance with data loading, training and documentation if required.
Our SmartCore implementation approach involves stakeholders reviewing the application in very short iterative cycles. We have found that our customers find it easier to review a working model than it is to discuss a paper specification. Feedback from the frequent reviews can be immediately incorporated into the application, which builds confidence in the user community as they feel involved in the process with their inputs having a concrete effect on the application.
The nature of our implementation process mitigates the risks inherent with traditional software development as users are involved early and frequently in the configuration process. Evolving requirements can be prototyped, implemented and changed as required and rolled out in such a way that suits the customer.
Service documentation No
End-of-contract data extraction Prior to their access to SmartCore being disabled at the end of the contract, customer users can export their data from SmartCore to PDF and/or MS-Excel formats.
End-of-contract process At the end of the contract access to the customer's SmartCore system will be disabled and all customer data erased from Ninth Wave's systems.
Should additional support be needed from Ninth Wave with offboarding this should be agreed before the end of the contract and will be charged for at our implementation day rate.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Dashboards may be accessed via the web browser. More complex functions will need a PC or laptop with a larger screen.
Service interface Yes
Description of service interface Authorised customer and Ninth Wave staff have administrator access to customer SmartCore systems.

Changes and issues with Ninth Wave systems are logged and tracked by authorised customer staff using our online Work Management System (WMS).
Accessibility standards None or don’t know
Description of accessibility The core SmartCore functionality is W3C accessibility compliant. Some complex view types, such as the Gantt chart, will not be compliant, but SmartCore dialogs can be used if required to facilitate access using screen readers.
Accessibility testing We have tested the solution and have customer users accessing the solution using assistive technology.
What users can and can't do using the API RESTful, SOAP
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation SmartCore is a highly configurable solution. It provides fully configurable audiences, data structures, help, reports, screens, security, reports, wikis and workflows.


Independence of resources Each customer SmartCore system is hosted in a separate Virtual Machine accessing a separate database instance. Sufficient server and network capacity is provided to meet peaks in customer demand.


Service usage metrics Yes
Metrics types SmartCore maintains an audit trail of all user access to the system and of all updates by end users. This audit trail is accessible online by system admin users. Specific service usage metrics and reporting can be configured on request.
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Data can be exported from SmartCore in MS-Excel, XML, csv, plain text, PDF and MS-Project formats.
Reports can be configured in MS-Excel, XML, PDF, MS-Word and MS-PowerPoint formats.
Interfaces can be configured to any SQL Data Source (for which a JDBC driver exists), using http request/response and email.
Data export formats
  • CSV
  • Other
Other data export formats
  • MS-Excel
  • PDF
  • MS-Word
  • MS-PowerPoint
  • MS-Project
  • XML
Data import formats Other
Other data import formats
  • MS-Excel
  • MS-Project
  • XML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Ninth Wave uses all reasonable endeavours to ensure that access to the customer’s SmartCore system is available at an uptime level of 99% during UK working hours and 95% overall, monitored at the hosting site.

In more than 17 years of providing software services Ninth Wave has never failed to meet the service levels we’ve committed to.
Approach to resilience Two independently owned and geographically separate data centres with each data centre providing the backup and disaster recovery site for the other. Each data centre has redundancy in power supplies and network connections, firewalls, web and application servers and disk arrays. The server infrastructure is covered by a 4-hour ‘repair or replace’ support agreement.
Outage reporting In the event of an outage, this would be reported to customers by email.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Username or password
  • Other
Other user authentication Users access SmartCore using their unique username and password. IP restrictions can be applied to limit the IP ranges from which a customer's SmartCore system can be accessed.
Access restrictions in management interfaces and support channels We use a number of methods, including 2-Factor authentication, VPN links, and unique usernames and passwords.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Colocation (data centre) providers are certified to ISO 27001
  • Ninth Wave is accredited for Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards Ninth Wave holds the Cyber Essentials certfication.
Our colocation data centre providers are certified to ISO 27001.
Information security policies and processes Ninth Wave's Information Security Policy was initiated by and is supported by its directors. This Information Security Policy covers all computers and systems owned by or administered by Ninth Wave.

All suspected policy violations, system intrusions, virus infestations and other conditions that might jeopardise Ninth Wave's or our customers' information or information systems must be immediately reported to the Directors.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Ninth Wave procedures and systems provide for the controlled release of new functionality (both core and customer specific configuration) from development to test and on to production environments.
Ninth Wave’s own Work Management System (WMS), configured in SmartCore, provides us and our customers with a repository of configuration and release management information.
Operational and application change management controls include the identification and recording of changes, an impact assessment for changes (including potential security impacts), comprehensive testing of changes, a formal approval/acceptance process and roll-back plans.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Ninth Wave has a standard build for our servers with changes controlled by our WMS build management system. Non-standard software may not be installed. Critical vulnerabilities are rectified / patched as a priority.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Potential compromises and critical vulnerabilities are rectified as a priority. We monitor access to our systems and have a tested process for incident communication and management.
Incident management type Supplier-defined controls
Incident management approach Incidents can be reported by customers by telephone and email or logged directly on our WMS incident management system. The WMS system provides real-time reporting of incident status to customers and the Ninth Wave team.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £4.50 to £150.00 per user per month
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑