SmartSimple Software

Grants, Research, Case and Awards & Scholarship Management

SmartSimple was designed from the start to help organizations connect with their communities and streamline critical processes. We’re able to do this because our products are almost endlessly configurable. Once a system is implemented, our clients are able to administer their software on their own, with minimal help from us.

Features

  • Workflow Management
  • Pre and Post Award Management
  • Track and report activities
  • Dashboards
  • Business Automation
  • Grants Management
  • Research Management
  • Case Management

Benefits

  • Reduced Administrative Overhead
  • Great Transparency
  • Informed Decision Making
  • Data Consistency
  • Ad-hoc Reporting

Pricing

£495 per unit per month

Service documents

Framework

G-Cloud 11

Service ID

2 9 3 9 0 8 0 5 2 3 8 2 5 8 0

Contact

SmartSimple Software

Christina Ng

1416-591-1668ext.126

cng@smartsimple.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
No constraints.
System requirements
Internet Browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response and resolution times for all support tickets are determined by severity. Please refer to our Service Level Policy in the following link.

https://smart.smartsimple.com/files/113/433052/2_-_SmartSimple_Service_Level_Policy.pdf
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
WCAG 2.1 AAA
Web chat accessibility testing
The SmartSimple platform is tested for accessibility by a 3rd party (a completely blind computer user) and we also test the system internally. Primary testing is done with the JAWS screen reader.
Onsite support
Yes, at extra cost
Support levels
Technical Support is provided by a dedicated team through three support channels (phone, email and in-system community portal). Live support is available Monday to Friday, 24 hours.

24x7x365 support for critical issues is available as detailed through our Service Level Agreement. Critical support (Tier 1 and Tier 2 only) is managed via a dedicated email account. This service is included in the subscription fees with no additional charges.

Classic support is included in the subscription fees which is based on the number of internal and external users.

Premium support is an optional service offered for an additional cost. It includes a named dedicated support representative, scheduled access to Director of Customer Success, on-going configuration services and training. Pricing is as follows per month: Silver Package £600; Silver + Package £1,000; Gold Package £1,700; Platinum Package Custom
Support available to third parties
Yes

Onboarding and offboarding

Getting started
On-site and on-line training is available depending on client requirements. User documentation in the form of training videos is provided to clients in addition to our public wiki.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
The client owns all of their data stored in the platform. SmartSimple acts as the data steward. The platform can provide all client-stored data to National Archives Electronic Records Archives (NARA) standards.  The significance of this functionality is that it provides self-serve access to all data within your system in a format that you can use without the requirement of the SmartSimple application/platform.
End-of-contract process
Contract pricing is based on two components;
1) Initial One Time Fee for System Configuration - this is an implementation fee associated with setting up a system to authentically reflect an organization's business process
2) Subscription Fee - Access to a the configured system and includes all support and maintenance costs. Clients can opt for premium support for an additional cost.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The application is responsive for both mobile or tablet devices.
Service interface
Yes
Description of service interface
Web based service interface.
Accessibility standards
WCAG 2.1 AAA
Accessibility testing
The SmartSimple platform is tested for accessibility by a 3rd party (a completely blind computer user) and we also test the system internally. Primary testing is done with the JAWS screen reader.
API
Yes
What users can and can't do using the API
This API is only available for SmartSimple environments. In order to use the API, you must first define the set of functions you wish to make available within SmartSimple. This is an added layer of security that lets you limit the available functions as well as field sets that you wish to expose through the API. You will need an active SmartSimple user account in order to make any API calls. There are two modes of operation for this API, and if you are planning on making remote calls you will first need to create and activate an API type user.

(a) Active session: Where a user is already logged into SmartSimple with an active session and makes an API call from their web browser, e.g. an AJAX call. The user's existing session is used to authenticate the API call.
(b) Remote call: Where an external system makes an API call. For this method, a user account of type API Access is required to authenticate the API call.

Please refer to our wiki for further information.
https://wiki.smartsimple.com/wiki/SmartConnect_-_RESTful_API
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
SmartSimple’s system is completely based on configuration, not customization. Everything within the system is configurable from the data model through applications, to the workflows and the portals. The configurable nature of the system means that no programming or coding is required to modify or extend the solution. This fact empowers SmartSimple’s clients to engage in activities like implementing new grant programs, modifying existing programs, manage communication templates, and more, without vendor involvement.

Scaling

Independence of resources
The system was designed for infinite horizontal scalability to meet user demands through the operation of a load balanced environment through multiple application servers.

Analytics

Service usage metrics
Yes
Metrics types
Clients can access their service metrics through the system.
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
The platform can provide all client-stored data to National Archives Electronic Records Archives (NARA) standards.  The significance of this functionality is that it provides self-serve access to all data within your system in a format that you can use without the requirement of the SmartSimple application/platform.
Data export formats
  • CSV
  • Other
Other data export formats
  • JSON
  • XML
  • KML
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • JSON
  • XML
  • KML

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
Hard drives encrypted - AES 256-bit key
Data protection within supplier network
Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
99.98% for uptime availability. SLA penalities are on a per client basis.
Approach to resilience
Available upon request.
Outage reporting
Email alerts

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Attribute Based Access Control (ABAC) and Role Based Access Control (RBAC) dictates everything from portal access to application access to the ability to view and modify the contents of a field. These controls extend past the user role, and encompasses the context (location, time of day and other attributes) to the field level. The primary mechanism used to manage permissions within the system is the security matrix. This defines how users can interact with each level of data, based on the way they need to interact with the data. Access settings includes deny, view, add, edit, delete, and assign.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
SOC 2

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
SOC 2
Information security policies and processes
SmartSimple has an information security team that monitors and periodically reviews operating effectiveness of key controls to ensure policies are followed. All controls have owners and it is the responsibility of the department to which a control has been assigned, to ensure that the control is operating properly. The reporting structure is detailed in our organization chart and is available upon request.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Components of our services are tracked through notifications.
Changes are assessed through weekly vulnerability scanning service.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Potential threats are assessed through internal and external vulnerability monitoring scans. These are performed on a periodic basis. Management takes appropriate action based on the results of the scans. Patches are applied quarterly as related to upgrades. Patches related to identified vulnerabilities would be applied within a week.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Logging and monitoring software is used to collect data from system infrastructure components and endpoint systems and used to monitor system performance, potential security threats and vulnerabilities, resource utilization and to detect unusual system activity or service requests. This software sends a message to the operations center and security organization and manually opens a problem ticket. Response times to incidents is dependent on severity.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Yes, we have pre-defined processes for common events. Users provide report incidents through the SmartSimple support centre ticketing system. Incident reports are provided through the same support centre ticketing system. With high severity incidents, a root cause analysis is prepared and reviewed by operations management and then communicated to client.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£495 per unit per month
Discount for educational organisations
No
Free trial available
No

Service documents

Return to top ↑