Fincore Limited

Finworks Low Code Platform for Digital Transformation

Finworks Low-Code Platform for Digital Transformation allows organisations to rapidly create complete applications which require complex time critical workflows, have to integrate many with complex data sources/systems/external workflows and provide all the enterprise class attributes like auditability, fine grain role based access control, integration into corporate authentication systems etc.

Features

  • Intelligent data discovery for quick and easy setup and operation
  • Inbuilt connectors for many sources of structured and unstructured data
  • Smart, automated, quality assurance on data intake
  • Powered by Spark/Hadoop for performance
  • Supports accelerated SQL querying with SQL on Hadoop capability
  • User defined reports, views and dashboards
  • Easy data distribution to other systems, secured to government standards
  • Granular role and individual data field security permissions
  • Comprehensive audit logging
  • Open APIs for easy integration to other systems

Benefits

  • Fast and simple to deploy and configure “virtual appliance”
  • Public, private or hybrid cloud – yours or ours
  • Smart, automated data compliance and data cleaning
  • Easy search and report creation
  • Massive query performance improvement over traditional SQL databases
  • Easy integration to other systems including legacy data silos
  • Easy interfacing to industry standard analytics and business intelligence tools
  • No need for specialist Spark/Hadoop/Big Data skills
  • Secure to government standards

Pricing

£3400 per instance per month

  • Education pricing available

Service documents

G-Cloud 10

277157554372843

Fincore Limited

Marcelle von Wendland

+44 (0)207 397 0620

mvw@fincore.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Please see our Service Definition document for details of the service. This includes a section on customer technical requirements and also details support and maintenance arrangements
System requirements
  • Browser as per our browser specifications
  • Reasonably modern PC/mobile device
  • Sufficient bandwidth to access the service
  • Sufficient bandwidth to process data if in separate data centre

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response times will depend on the priority of the issue and support arrangement agreed. We have a reputation for highly responsive support and references can be provided on request. We can also provide custom support arrangements that meet your specific requirements
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We customise our support arrangements according to your individual needs. Support can be provided on either an SLA or capped effort basis, with support hours and SLA terms agreed according to your specific requirements. Support is provided by an expert team, and we have a reputation for building systems that in any case are easy to use and require little support. Please see our Service Definition document and Pricing for further details of our support arrangements
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Our service is designed to be extremely easy to use, to the extent that some customers do not feel any need to train their staff to use it. We can however provide training, train-the-trainer support for in-house training, and relevant documentation as needed. We can also provide a full range of onboarding, configuration and other implementation services. Please see our Service Definition and Pricing documents for details
Service documentation Yes
Documentation formats
  • ODF
  • PDF
End-of-contract data extraction Finworks can provide an extract of the database in XML, CSV or ODF format and any stored files in their provided document format. Alternatively, users can directly extract all customer data and files using the service's API
End-of-contract process Please see the Exit Plan section of our Service Definition document

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Our mobile service is provided through responsive design. All core features can be used on mobile devices that meet the browser requirements, but certain functions (e.g. where large amounts of data need to be viewed on screen) are best undertaken on a PC or tablet with a suitable screen size
Accessibility standards None or don’t know
Description of accessibility Our service meets substantial parts of the WCAG and EN 301 549 standards but has not been tested fully against these standards. We aim to upgrade accessibility further over the G-Cloud 9 contract period, and we would in any case address any specific issues raised in respect of individual users experiencing difficulties
Accessibility testing No specific testing undertaken
API Yes
What users can and can't do using the API The service provides a RESTful Application Programming Interface (API) which allows programmatic control of any user and service management function. This includes creating, updating and extracting data (all customer data can be extracted or input using the APIs); (ii) creating and modifying queries, process flows, triggers, transformations, layouts and other objects important to system and user experience; and (iii) programmatic control of system and user management including operational monitoring. All the API calls are documented in a repository with HTML views and pdf print capabilities, with relevant sample calls and example code to aid comprehension . A test suite, or 'sandbox', can be made available as needed
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The service provides broad data management capabilities that can be very extensively configured and customised by users

Scaling

Scaling
Independence of resources Customers have a dedicated instance of our service and a dedicated virtual machine(s), network and storage resources which can be adjusted as needed by the customer. Monitoring and planning services are available to assist with adapting to changing resource requirements. All transactions are queued to allow the system to regulate service quality. Individual transactions can also be limited to a maximum resource requirements usage. Users and user groups can also be limited to resource quotas

Analytics

Analytics
Service usage metrics Yes
Metrics types We usually define a custom set of metrics with our customers as we can extract a very broad range of data from: (i) our application; (ii) our hosting environments; and (iii) our support systems. N.B. Our workflow system provides visualisation of process cycle times and bottlenecks
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach We apply a defence in depth approach to the hosting environments we provide
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Our application has extensive data export capabilities that can be used to export all customer data and files. There is also an extensive API suite that provides similar capabilities
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • XML
  • PDF
  • JSON
  • SPARK PARQUET FILES
  • TXT
  • DOC
  • DOCX
  • XLS
  • XLSX
  • JPG & PNG
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • XML
  • TXT
  • PDF
  • JPG
  • PNG
  • DOC
  • DOCX
  • XLS
  • XLSX

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks IP address whitelisting can be applied to customers. Where applicable, highly sensitive data could also be shipped in an encrypted format (in addition to transmission using TLS)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network We apply a defence in depth approach within the hosting environments we provide

Availability and resilience

Availability and resilience
Guaranteed availability Depending on the hosting and support arrangements in place, we can offer SLA-governed availability levels of up to 99.9% (excluding scheduled downtime) with associated service credits
Approach to resilience We offer a range of resilience options. Please see our Service Definition document
Outage reporting We agree outage reporting arrangements flexibly with individual customers to fit in with their own processes

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication Access over government networks could also easily be provided; all the necessary security provisions are already in place. Likewise, identity federation would be easy to provide and is on our roadmap for delivery over the G-Cloud 9 framework period
Access restrictions in management interfaces and support channels For our standard service, the Microsoft Azure Management Portal is used to manage the Azure accounts and requires 2 factor authentication. Support access to the Azure infrastructure and servers is via 2-factor authentication across a VPN connection. This VPN is established using public key authentication. Username and password are required for access into the active directory domain. Where hosting with an alternative cloud provider or on premise is requested, access arrangements will be agreed with the customer
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
  • Other

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 UKAS
ISO/IEC 27001 accreditation date 21/9/16
What the ISO/IEC 27001 doesn’t cover All Fincore's activities are covered
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards Cyber Essentials scheme
Information security policies and processes Fincore is accredited to the ISO27001 ISMS standard, with a regular programme of internal and external (independent) audit to monitor and maintain compliance. Fincore is also accredited to the ISO9001 quality management standard, and is registered with the Information Commissioner's Office for data protection

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Every customer fully controls the configuration of their service-instances. When Finworks makes changes behalf of customers: a business analyst will capture requirements to be implemented by trained specialists; a solution architect and our QA team review requirements prior to design, then review and test proposed detail configuration changes prior to deployment ensuring functional, SLA, and information security quality criteria are met. Change management processes for configuration changes are agreed with customers. For software development, our assured SaaS development process follows best practice standards for robust, secure trusted cloud software. Customers are key in every step of our innovation process
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach We undertake threat reviews when we make changes to our software or infrastructure and when new threats are made public. We carry out regular penetration testing and our CSO monitors security information sources. Our VP Engineering is responsible for addressing any vulnerabilities identified. The speed of patching is proportionate to the level of threat identified
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach We have an IDS/IPS in place and anti-malware software on all Windows servers. We collate log files centrally from all relevant system components, and these are reviewed daily by the devops team. When unusual activity is identified, it is escalated to our VP Engineering who, in consultation with our CSO, will determine the appropriate course of action. Uptrends and Microsoft's Azure's Operations Management System and Security Centre are also used for monitoring
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach When incidents occur, they are triaged by a Service Manager who co-ordinates the response in accordance with our ISO27001 policies and procedures. Our team and customers may report incidents by phone or email, or enter them directly into our helpdesk system. Major incidents will be escalated immediately to Director level. The Service Manager provides regular updates and an incident report on resolution

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £3400 per instance per month
Discount for educational organisations Yes
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑