ITHQ LTD

ITHQ Documention Automation Solution

ITHQ provide a solution which will capture the configuration of your IT assets and feed the results into an automated documentation system, tracking changes, detailing relationships between assets as well as reporting and alerting functionality.

Features

  • Automated polling of IT systems to track configuration changes
  • Historical snapshots of device configurations
  • Relationship mapping between devices and assets
  • Reporting and metrics on managed devices
  • Detect and alert on changes to critical infrastructure
  • Pre-Built integrations with all common enterprise software solutions
  • Enterprise-grade security with SOC2 compliance
  • DNS Domain & SSL Certificate tracking
  • Immutable audit trail

Benefits

  • Reduce risk with automated documentation and change tracking
  • Single source of truth for enterprise configuration tracking
  • Ensure availability of system configuration data using SaaS solution
  • Actionable alerts if unexpected changes are detected
  • Monitor and report on cloud licensing utilisation
  • Automated system polling removes requirement for manual intervention
  • Self-Service functionality to remove silos of knowledge
  • Automated device discovery ensuring compliance with policies

Pricing

£400 a unit a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at transform@ithq.pro. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

3 0 3 0 2 7 1 2 6 5 1 1 2 3 0

Contact

ITHQ LTD Dale Nursten
Telephone: 02039977979
Email: transform@ithq.pro

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Microsoft Active Directory, Office 365, SQL Server, Azure, Windows, Hyper-V
Google G-Suite
Cisco IOS, ASA, Meraki, Umbrella
VMware ESXi
Fortinet security devices
Sonicwall security devices
Watchguard security devices
Palo Alto security devices
Amazon Web Services (AWS)
Linux
Internet Domain Name System (DNS)
Veeam

TLS/SSL Certificates
Networking - Device Discovery,
Cloud deployment model
  • Public cloud
  • Hybrid cloud
Service constraints
Only supported devices / solutions listed on the compatibility guides can be automatically linked to the system.

Details on integrations can be found here: https://www.liongard.com/integrations/
System requirements
All environments can be supported

User support

Email or online ticketing support
Email or online ticketing
Support response times
LionGard 9:00 AM - 5:00 PM US Central Time Monday-Friday
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
The support policies can be viewed at:

https://www.liongard.com/policy-support
Support available to third parties
Yes

Onboarding and offboarding

Getting started
ITHQ will support the on-boarding of the solution with an agreed Scope of Works document customised to meet the customers' requirements.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Data export tools within the platform.
End-of-contract process
At the end of the contract the customer will be offered the option of extending their subscription or ceasing to use the platform.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
N/A
Service interface
No
API
Yes
What users can and can't do using the API
You can use the ITGlue API to access all of our API endpoints, such as the Configurations API, the Passwords API, and the Flexible Assets API.

The IT Glue API is a RESTful API and conforms to the JSON API Spec: jsonapi.org. The API can be used to create, retrieve, update, and delete data in your IT Glue account.

You can use the IT Glue API with any programming language that supports the creation of HTTPS requests and that can parse JSON. Most modern programming languages have tools to parse JSON, which allows you to sync your data with virtually any platform.

Liongard Roar is an API-first product, meaning that ALL functionality of the Roar platform is exposed via our REST API.
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
Customisation will be discussed and agreed as part of a Scope of Works document with ITHQ around the integration with external systems and any customised reporting or alerting required by customers.

Scaling

Independence of resources
To manage the demand for processing capacity and the implementation of additional capacity commitments, we ensure that systematic network and monitoring is in place. Daily and monthly task and
event logging is maintained. Automatic backup systems are utilized to perform scheduled system backups of target data while backup jobs are monitored with notification alerts sent out in the event of backup failure.
IT Glue has a backup schedule in place to automatically initiate production backup jobs. Finally, restore operations from backup media are performed as a component of disaster recovery operations to verify that out system components can be recovered.

Analytics

Service usage metrics
Yes
Metrics types
Details of license capacity consumed.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Liongard & ITGlue

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Using the data export tool available in the platform.
Data export formats
CSV
Data import formats
Other
Other data import formats
N/A

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
As with all SaaS solutions the expectation is that access is unrestricted and built on highly-available public cloud platforms in order to provide high levels of uptime. The system has been available 24x7 and there has been no downtime in the last 90 days for ITGlue.
Approach to resilience
Available on request
Outage reporting
Both SaaS engines which underpin the service have their own status pages available for real-time enquiries as well as e-mail alerts for any preventative maintenance outages that may be required.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Only authorised users / groups will be able to access the management interface or support portals.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
LionGard:
SOC2 Type I
SOC2 Type II - in progress
Information security policies and processes
LionGard: A company with SOC2 Type II certification, in short, has demonstrated that its systems have been designed and verified to keep sensitive data secure. Liongard is currently in the process of earning this certificate, with expected completion in Summer 2020.

IT Glue: We use a variety of security technologies depending on the situation to help protect your information from unauthorized access, use, or disclosure, such as physical access controls, TLS, Internet firewalls, and network monitoring.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
LionGard implement a variety of security measures and processes to protect your personal information. All information you provide is transmitted via Transport Layer Security (TLS) and stored securely by our third-party providers. Only authorized personnel are allowed access to the data and required to keep the information confidential.

For ITGlue all incidents are documented, including steps to contain the issue, root cause analysis, long term solutions, related evidence and communications. High severity incidents require an analyst to determine the root cause and changes are recommended to eliminate the incident from reoccurring.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Vulnerability Scanning - Vulnerability scans are performed internally and at least quarterly. Independent vulnerability scans are performed by a third-party vendor at least quarterly.
• Penetration Testing - External penetration testing is performed by an independent third-party at least annually.
• Internal Reviews - IT Glue reviews the hardening standards and its implementation at least annually. Firewall rules are reviewed at least semi-annually.
• Internal Audit - Independent internal auditing is performed on the controls annually.
• System Monitoring - IT Glue’s Ops team monitors the availability of production systems through automated systems. Logs and events are then centrally managed.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
To manage the demand for processing capacity and to enable the implementation of additional capacity commitments, we ensure that systematic network and monitoring is in place. Daily and monthly task and event logging is maintained. Automatic backup systems are utilized to perform backups of target data while backup jobs are monitored with notification alerts sent out in the event of backup failure.
IT Glue has a backup schedule in place to automatically initiate production backup jobs. Finally, restore operations from backup media are performed as a component of disaster recovery operations to verify that out system components can be recovered.
Incident management type
Supplier-defined controls
Incident management approach
All incidents are documented, including steps to contain the issue, root cause analysis, long term solutions, and related evidence and communications. High severity incidents require an analyst to determine the root cause and changes are recommended to eliminate the incident from reoccurring.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£400 a unit a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at transform@ithq.pro. Tell them what format you need. It will help if you say what assistive technology you use.