Ninth Wave Ltd.


SmartCore provides immediate, practical, business benefits by delivering scalable, integrated, low risk and rapid-payback applications in less time than it normally takes to document requirements. SmartCore meets all your project and programme management software needs whether you are looking for “off the shelf” management tools or bespoke management software.


  • Investment planning, benefits mapping, portfolio construction and what-if scenarios
  • Supply and demand management across the organisation with built-in collaboration
  • Benefit delivery and KPI tracking linked to strategic plans
  • Forecast resource demand, impacts and budgets
  • Planning and execution of programmes, projects and work packages
  • Time recording, financials, risk, document management and status reporting
  • Fully configurable structures, audiences, screens, security, help, wikis and workflow
  • Complete visibility of data through user defined dashboards and reporting
  • Flexible interfacing through SOAP, REST and SQL
  • Integrates with Microsoft Project, Word, Excel and PowerPoint


  • A single solution for all your PPM needs
  • Clear responsibilities, full audit and a single source for data
  • Programmatically determine, highlight and escalate issues and exceptions
  • Automatic aggregation of data, including powerful summarisers and metrics
  • A shared environment supporting thousands of users across the internet
  • Single view of the portfolio for visibility and informed decision-making
  • Roll out best practice, governance and process across the portfolio
  • Align strategy, cost benefit, financials and resources
  • Allows top down and bottom up planning of the portfolio
  • A scalable, zero impact solution that can be deployed rapidly


£4.50 to £150.00 a user a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

2 3 3 4 8 8 3 7 5 2 1 0 5 7 1


Ninth Wave Ltd. Jon Lewis
Telephone: 0207 403 4433

Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
System requirements
A compatible web-browser and internet connection

User support

Email or online ticketing support
Email or online ticketing
Support response times
We respond to issues raised by customers within one working hour.
Our working hours are from 09:00 to 17:30 UK time, from Monday to Friday excluding bank holidays in England.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Telephone and email support is provided from 09:00 to 17:30 UK time, from Monday to Friday excluding public holidays in England. Out of hours voice messages are emailed to our support team. Ninth Wave will register and allocate a priority within one working hour of the customer’s call or email. For critical problems Ninth Wave will attempt to generate a fix as soon as possible. For non-critical problems Ninth Wave will attempt to generate a fix for incorporation in the next release of the software.
Support available to third parties

Onboarding and offboarding

Getting started
Ninth Wave provides implementation support to our SmartCore customers. This includes reviewing requirements, configuring SmartCore to meet those requirements and assistance with data loading, training and documentation if required.
Our SmartCore implementation approach involves stakeholders reviewing the application in very short iterative cycles. We have found that our customers find it easier to review a working model than it is to discuss a paper specification. Feedback from the frequent reviews can be immediately incorporated into the application, which builds confidence in the user community as they feel involved in the process with their inputs having a concrete effect on the application.
The nature of our implementation process mitigates the risks inherent with traditional software development as users are involved early and frequently in the configuration process. Evolving requirements can be prototyped, implemented and changed as required and rolled out in such a way that suits the customer.
Service documentation
End-of-contract data extraction
Prior to their access to SmartCore being disabled at the end of the contract, customer users can export their data from SmartCore to PDF and/or MS-Excel formats.
End-of-contract process
At the end of the contract access to the customer's SmartCore system will be disabled and all customer data erased from Ninth Wave's systems.
Should additional support be needed from Ninth Wave with offboarding this should be agreed before the end of the contract and will be charged for at our implementation day rate.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Dashboards may be accessed via the web browser. More complex functions will need a PC or laptop with a larger screen.
Service interface
Description of service interface
Authorised customer and Ninth Wave staff have administrator access to customer SmartCore systems.

Changes and issues with Ninth Wave systems are logged and tracked by authorised customer staff using our online Work Management System (WMS).
Accessibility standards
None or don’t know
Description of accessibility
The core SmartCore functionality is W3C accessibility compliant. Some complex view types, such as the Gantt chart, will not be compliant, but SmartCore dialogs can be used if required to facilitate access using screen readers.
Accessibility testing
We have tested the solution and have customer users accessing the solution using assistive technology.
What users can and can't do using the API
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
SmartCore is a highly configurable solution. It provides fully configurable audiences, data structures, help, reports, screens, security, reports, wikis and workflows.


Independence of resources
Each customer SmartCore system is hosted in a separate Virtual Machine accessing a separate database. Sufficient server and network capacity is provided to meet peaks in customer demand.


Service usage metrics
Metrics types
SmartCore maintains an audit trail of all user access to the system and of all updates by end users. This audit trail is accessible online by system admin users. Specific service usage metrics and reporting can be configured on request.
Reporting types
Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Data can be exported from SmartCore in MS-Excel, XML, csv, plain text, PDF and MS-Project formats.
Reports can be configured in MS-Excel, XML, PDF, MS-Word and MS-PowerPoint formats.
Interfaces can be configured to any SQL Data Source (for which a JDBC driver exists), using http request/response and email.
Data export formats
  • CSV
  • Other
Other data export formats
  • MS-Excel
  • PDF
  • MS-Word
  • MS-PowerPoint
  • MS-Project
  • XML
Data import formats
Other data import formats
  • MS-Excel
  • MS-Project
  • XML

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Ninth Wave uses all reasonable endeavours to ensure that access to the customer’s SmartCore system is available at an uptime level of 99% during UK working hours and 95% overall, monitored at the hosting site.

In more than 19 years of providing software services Ninth Wave has never failed to meet the service levels we’ve committed to.
Approach to resilience
Two independently owned and geographically separate data centres with each data centre providing the backup and disaster recovery site for the other. Each data centre has redundancy in power supplies and network connections, firewalls, web and application servers and disk arrays. The server infrastructure is covered by a 4-hour ‘repair or replace’ support agreement.
Outage reporting
In the event of an outage, this would be reported to customers by email.

Identity and authentication

User authentication needed
User authentication
  • Username or password
  • Other
Other user authentication
Users access SmartCore using their unique username and password. IP restrictions can be applied to limit the IP ranges from which a customer's SmartCore system can be accessed.
Access restrictions in management interfaces and support channels
We use a number of methods, including 2-Factor authentication, VPN links, and unique usernames and passwords.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
  • Colocation (data centre) providers are certified to ISO 27001
  • Ninth Wave is accredited for Cyber Essentials

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Ninth Wave holds the Cyber Essentials certfication.
Our colocation data centre providers are certified to ISO 27001.
Information security policies and processes
Ninth Wave's Information Security Policy was initiated by and is supported by its directors. This Information Security Policy covers all computers and systems owned by or administered by Ninth Wave.

All suspected policy violations, system intrusions, virus infestations and other conditions that might jeopardise Ninth Wave's or our customers' information or information systems must be immediately reported to the Directors.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Ninth Wave procedures and systems provide for the controlled release of new functionality (both core and customer specific configuration) from development to test and on to production environments.
Ninth Wave’s own Work Management System (WMS), configured in SmartCore, provides us and our customers with a repository of configuration and release management information.
Operational and application change management controls include the identification and recording of changes, an impact assessment for changes (including potential security impacts), comprehensive testing of changes, a formal approval/acceptance process and roll-back plans.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Ninth Wave has a standard build for our servers with changes controlled by our WMS build management system. Non-standard software may not be installed. Critical vulnerabilities are rectified / patched as a priority.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Potential compromises and critical vulnerabilities are rectified as a priority. We monitor access to our systems and have a tested process for incident communication and management.
Incident management type
Supplier-defined controls
Incident management approach
Incidents can be reported by customers by telephone and email or logged directly on our WMS incident management system. The WMS system provides real-time reporting of incident status to customers and the Ninth Wave team.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£4.50 to £150.00 a user a month
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.