SAP Upgrade or Support Pack Services
SAP Upgrade or support pack Services to assist customers with the latest technical and functional features of SAP. Latest versions of SAP ensure the better ROI, security, speed and productivity of the users. ABM provides upgrade services from various SAP versions as well as migrations to HANA landscape.
Features
- Helps to meet business objectives
- Long-term costs of ERP systems can be controlled
- It can perform periodic updates
- Reap the benefits of integration instantly
- Expose business opportunities
Benefits
- Helps to meet business objectives
- Long-term costs of ERP systems can be controlled
- It can perform periodic updates
- Reap the benefits of integration instantly
- Expose business opportunities
Pricing
£250 a person a day
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at prane@abmindia.com.
Tell them what format you need. It will help if you say what assistive technology you use.
Framework
G-Cloud 11
Service ID
2 5 7 7 5 8 2 4 1 5 5 1 0 9 7
Contact
ABM Knowledgeware Ltd.
PRAKASH B RANE
Telephone: 9324647685
Email: prane@abmindia.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- No Constraints
- System requirements
- Software Licenses
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Support time responses are as follows:
Critical fault response within 1 hour,
Material Fault (Significant Impact) response within 2 hours,
Cosmetic Fault (Low Priority) response within 1 day.
Standard hours of Support are Monday to Friday, excluding national holidays, 9.00-17.30. - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
We have 3 support levels - Silver, Gold and Platinum.
Further details regarding the support plans can be decided based on the project requirements. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Every project has a different need and we can provide onsite, online and user documentation level trainings.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Depending on the services provided and in scope we guide on usage of standard tools for extraction of data if required.
- End-of-contract process
- We extend support for handing over to the new service provider
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 9
- Internet Explorer 10
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Our product allows access and functionality to be provided via mobile devices with via a web browser or mobile application. The solution supports a model that only requires configuration to be carried once regardless of how the solution is accessed.
- Service interface
- Yes
- Description of service interface
- NA
- Accessibility standards
- None or don’t know
- Description of accessibility
- NA
- Accessibility testing
- NA
- API
- Yes
- What users can and can't do using the API
- Users can use the Storage Made Easy secure REST API to interact with the service. The REST API is documented and users can interact with the API based on the permissions they have been given or inherited. Certain API calls require Admin permissions.
- API documentation
- Yes
- API documentation formats
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- The look and feel of browser, desktop and mobile interfaces can be customised to match users branding. This can be performed to a high level of sophistication.
Scaling
- Independence of resources
- We insure through our process that continuous monitoring of applications is done (Wherever applicable). These processes are standardized hence users are not affected by the demand other users are placing on service,
Analytics
- Service usage metrics
- Yes
- Metrics types
-
File Stored
Bandwidth usage
Audit event Logs
GEO Location data
File location data
Reporting types
API access
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Supplier-defined controls
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
- Physical access control, complying with CSA CCM v3.0
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- Solution has in-built provision to export data.
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- HTML
- EXCEL
- Data import formats
-
- CSV
- ODF
- Other
- Other data import formats
-
- HTML
- EXCEL
Data-in-transit protection
- Data protection between buyer and supplier networks
- Legacy SSL and TLS (under version 1.2)
- Data protection within supplier network
- Legacy SSL and TLS (under version 1.2)
Availability and resilience
- Guaranteed availability
- 95% at application level.. It can be customized or modified as per customer requirements
- Approach to resilience
- Available on request
- Outage reporting
- Email alerts.We can provide APIs and public dashboards as well if required"
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Username or password
- Access restrictions in management interfaces and support channels
- Customers must raise a support request vial email or the support portal. User emails must belong to the customer domain and are validated as part of the support engagement process.
- Access restriction testing frequency
- At least once a year
- Management access authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- NA
- ISO/IEC 27001 accreditation date
- NA
- What the ISO/IEC 27001 doesn’t cover
- NA
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
• Interact access is restricted as per the internet access policy
• Blocking of USB Port through Centrally Managed Console and Allowing access only to Selected Group of Users as Permitted to Control Data Pilferage through USB Mass Storages & Drives
• Complexity in the Server/Application Password
• Change of password is mandated at regular intervals
• Optical Drives usage to be Restricted in All the Desktops
• Systems are installed with Update Anti-Virus and Anit-Malware
• Network security through proper UTM device (firewall)
• Policy for Physical access to server rooms is implemented
• Above processes are checked for compliance by regular audits
• IT and Admin Head is reporting authority for any issues and escalations
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
We use a third party application to track service and component changes. The change management workflow has been designed based on standard recommendations. It follows a standardized process to deal with change requests, which in turn reduces follow up incidents and minimizes negative business impact.
The change review process encompasses:
• Web vulnerabilities
• Input/data validation / sanitisation
• Authentication / Authorization data flows
• Exception management
• Variable Analysis
• Unsafe and unmanaged code check
• Configuration check
• Threading analysis
• API validation / Undocumented public interfaces - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Vulnerability management process is defined by creating following :
a. security page: Creation of security page for website (e.g. yoursite.com/security). security page is the first gateway of a website that our security researchers will reach out to report any kind of security bug.
Responsible Disclosure policy: Provide guidelines for the security researchers to be followed for reporting vulnerabilities. We are compliant to top ten OWASP guidelines." - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Our approach for Protective Monitoring include following areas:
• Configuration and Deployment Misconfiguration
• Application or Framework Specific Vulnerabilities
• Business Logic Flaws
• Shopping Cart & Payment Gateway Manipulation
• Known Security Issues (CVEs)
• Weak Identity Management
• Broken Authentication
• Improper Authorization
• Broken Session Management
• Weak Input Validation
• Error Handling
• SQL Injection
• Weak or Broken Cryptography
• Client Side Script Security
• Cross-Site Request Forgery (CSRF)
• Cross-Site Scripting (XSS)
• Clickjacking
• Unrestricted File Upload
• Sensitive Data Exposure
• Insufficient Attack Protection
• Under-protected APIs
• HTTP Security Header Information - Incident management type
- Supplier-defined controls
- Incident management approach
- We have incident management approach which has been perfected over the years of experience. We provide incident management tool to the client for reporting incidents and our teams prvide support/ SLAs based on that
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- No
Pricing
- Price
- £250 a person a day
- Discount for educational organisations
- No
- Free trial available
- No
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at prane@abmindia.com.
Tell them what format you need. It will help if you say what assistive technology you use.