IRIS Intelligence Ltd.

IRIS Intelligence Systematic Innovation and Idea Management System (Idea Trigger)

Over Three Million Patents investigated, Doctoral Research conducted and the experience of 50000 Engineers, distilled into Fundamental Inventive Principles (FIP).

The software unleashes creativity within teams by providing inspiration cards based on FIP - scientifically proven to spark more (and better) ideas. Project planning techniques help turn ideas into reality.


  • Idea Management System
  • Incorporates Fundamental Inventive Principles for Systematic Innovation
  • Based on study of 3 million patents and doctoral research
  • Ability to access via any major browser
  • Customisable templates and scoring systems for grading quality of ideas
  • Ability to develop approved ideas into actionable projects
  • Military Grade Encryption and Secure Access Rights when required
  • Automated integration with MS Office Suite
  • Ability for users to add “Custom Data Fields” in seconds


  • Generate better ideas to overcome challenges faced by your organisation
  • Resolve trade-offs for competing priorities
  • Apply the principles from millions of patents to your environment
  • Move beyond a simple suggestion box and unstructured brainstorming
  • Fast track creativity, enhance collaboration and develop an innovative environment
  • Reduce lead time on product development, manufacturing etc.
  • Share data and ideas across teams through a secure database
  • Rate and prioritise ideas and develop a structured innovation program
  • Simple, intuitive, easy to use system, needing only a browser


£10 to £50 per person per month

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 11

Service ID

2 6 0 4 5 6 8 3 0 3 2 7 7 5 9


IRIS Intelligence Ltd.

Anne Marie Go

020 8798 0569

Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints None.
System requirements
  • Recommended OS - Windows Server 2016, 2012 , or 2008R2
  • Recommended DB – SQL Server 2008R2, 2012, 2014 or 2016.
  • Oracle and other Entity Framework supported databases
  • Server RAM – minimum 2 GB free
  • Free Hard Disk space 5GB Minimum
  • CPU – Minimum 2 core , 1.4GHz
  • Can be run on a shared or dedicated server
  • Can be run virtualised if Host Machine has sufficient horsepower.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Security Category 1: 95 per cent resolved within 1 working day.
Security Category 2: 80 per cent resolved within 5 working days. 100 per
cent resolved within 10 working days.
Security Category 3: 80 per cent resolved within 15 working days. 100
per cent resolved within 45 working days.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Support through email and phone is available from 9 to 6, Mondays to Fridays. 24/7 Premium support for customers with larger teams, or upon premium service subscription.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started The initial default settings of the idea management system enable users to begin working on day 1. Users can access a dedicated help site with user documentation, and context sensitive help within the application. Upon purchase of the software, user training, either face-to-face or online, is provided (although often not required).
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction The customer will be provided the underlying SQL databases upon contract completion. Spreadsheet formats of the data can also be produced for client records.
End-of-contract process All data can be extracted via Excel, XML, CSV or SQL Query.
General Assistance with the extraction process is covered within the maintenance helpline.
Import of the data into alternate system may be subject to additional charges

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service System designed for use on mobile browser.
Service interface Yes
Description of service interface Web-based software accessed from any major browser. System is built using the Microsoft stack in ASP.NET using the MVC framework
Accessibility standards WCAG 2.1 AAA
Accessibility testing User groups include visually impaired with specific assistive technology integrated
What users can and can't do using the API All functionalities included.
API documentation Yes
API documentation formats
  • HTML
  • ODF
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Fully customisable using the standard user interface.
Users with administrative permissions can customise the system.
System also allows for local administrator access for lower level users to customise only those areas they are responsible for


Independence of resources Caching is used throughout the system to reduce demand on the database and increase the speed of user access.


Service usage metrics Yes
Metrics types Instantaneous and historical usage of license pools.
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Data can be exported to spreadsheet and presentation formats. Users can upload their own templates for additional custom exports. Data Export API with export to JSON and XML. These files can be read directly by external applications such as R, Python, Tableau, Power BI etc.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • Excel
  • Powerpoint
  • JSON
  • XML
Data import formats
  • ODF
  • Other
Other data import formats Excel

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Multiple options for guaranteeing availability are available, from cold start backup servers to hot mirroring.
Approach to resilience Available on Request.
Outage reporting Email alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Idea Trigger software employs a role-based authorization within the system, where only an identified subset have access to management interfaces.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • US Department of Defence Certificate of Networthiness
  • Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Idea Trigger is fully aligned with ISO 27001 and the CSA CCM standards. We follow the standards set out for the Microsoft Azure platform set out here:
Additional details can be obtained through the audit reports available from the Service Trust Portal at
Information security policies and processes Security is of fundamental importance and is in the direct purview of the IT Director. Staff report directly about security matters and there is a no blame, and a report all, approach to security. This ensures that staff have no disincentives to report actual and potential security threats for further actioning.

In this environment staff feel comfortable checking the previous work of other staff members during regular security audits.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach All changes are tracked using Microsoft's Team Foundation Service (TFS). No change can be made without being logged and as all builds, and tests, are automated, no release can be made without a change being recorded. From initial request to release is all performed, and tracked, within TFS. In the development early stages automated builds and tests act as gateways. A final manual test is run before release.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Staff subscribe to multiple security mailing lists and websites to keep abreast of the latest in security vulnerabilities.
When patches are released we update our own systems first. If there are no regressions we update our production servers. Security patches are typically approved within hours if there are no immediate regressions. If there are we investigate the scale and make a judgement as to the impact of the security vulnerability versus the scale of the patch regression. This typically happens on the day of release.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Intrusion detection software runs on all servers to monitor for suspicious activity. Anti-virus and anti-malware scans run regularly as well. On detection of a compromise resolution is the priority and all relevant staff are re-tasked to the job of resolution. Our preferred solution would be to restore from clean backups where possible onto a clean virtual machine, which leaves the original virtual machine free for forensics (In simulations this would take at most an hour).
Incident management type Supplier-defined controls
Incident management approach The preferred method by which users can report events is through their assigned support contact who will provide up to date incident reports throughout the resolution process.
The staff have a number of predefined processes mostly designed to get the customer back up and running as quick as possible whilst allowing root cause analysis to be performed at a slower pace with no affect on the customer.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £10 to £50 per person per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial 14 day limited demonstration version

Service documents

Return to top ↑