Computacenter (UK) Ltd

Computacenter - Software Asset Management (SAM) Readiness Assessment

Computacenter's SAM Readiness Assessment service is a software asset management ad-hoc review, designed to help organisations cut complexity and cost from acquiring and managing their software assets such as Microsoft, VMWare, IBM, Oracle. The service incorporates best-of-breed technology, expert skills and resources to enable organisations to address those software challenges.

Features

  • High level benchmark of your organisation's current capabilities
  • Analysis of how software is managed across its full lifecycle
  • From request, through deployment and management into disposal and re-harvesting
  • Our preparatory material and expertise creates "measure" of SAM readiness
  • Policy and process used to make informed software spend decisions

Benefits

  • Identification of strengths and weaknesses within current policy and processes
  • Recommendations of keys areas of concern or opportunity
  • An assessment of SAM readiness position

Pricing

£7375 per instance

Service documents

Framework

G-Cloud 11

Service ID

3 2 0 4 7 2 5 8 6 5 3 5 7 5 3

Contact

Computacenter (UK) Ltd

Karen Baldock

+44 (0) 1707 631000

government@computacenter.com

Service scope

Software add-on or extension
No
Cloud deployment model
Hybrid cloud
Service constraints
No
System requirements
N/A

User support

Email or online ticketing support
No
Phone support
No
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
N/A
Support available to third parties
No

Onboarding and offboarding

Getting started
Computacenter provide a one off vendor baseline or a monthly reconciled licence position for selected software vendors deemed as in scope as required by the customer.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
N/A
End-of-contract process
At the end of the contract between Computacenter and the customer where the customer does not wish to renew or extend the existing agreement, then the customer will be returned all data in either XLS or CSV format.  Should the customer wish to migrate the data onto a locally installed software asset management solution, then Computacenter can provide additional project services as a chargeable option.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
No
Service interface
No
API
No
Customisation available
Yes
Description of customisation
This will be defined and agreed in workshops with Customer and Computacenter representatives

Scaling

Independence of resources
N/A

Analytics

Service usage metrics
No

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Snow Software, Flexera, Certero, Aspera

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
N/A
Data export formats
Other
Other data export formats
N/A
Data import formats
Other
Other data import formats
N/A

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
As defined by agreed SLAs
Approach to resilience
As defined by agreed SLAs
Outage reporting
N/A

Identity and authentication

User authentication needed
No
Access restrictions in management interfaces and support channels
When a user is set up, they are assigned a role. You can use system default roles or create bespoke roles. Each role then has a specific set of activities that they can perform. This is controlled by our Administrator of which there are normally 2. A formal approved request is required prior to any changes being implemented.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
No audit information available
Access to supplier activity audit information
No audit information available
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
19/03/2019
What the ISO/IEC 27001 doesn’t cover
Our ISO/IEC 27001 certification covers all our managed service people, processes and IT systems. The areas of our business not covered are those that fall outside the following: The scope of Certificate number IS 516767 is for the Group Information Security Management System in relation to the UK based Information Services Division encompassing data centre, telephony, system development, implementation, operations, administration and maintenance functions for Computacenter Group Systems, UK Corporate IT Systems and Customer Facing IT Systems including the Managed Services – Service Management Tool Suite (SMTS). This is in accordance with the Statement of Applicability v7.0 dated 03/02/2017. The scope of Certificate number IS559935 is for the protection of Computacenter and customer information that is accessed, processed or stored by personnel of the Service Operations Division Operational Support and Data Centre Services teams. This is in accordance with the Statement of Applicability v7.3 dated 04/12/2017. The scope of Certificate number IS 621751 is for protection of information that is accessed, processed or stored by personnel providing Computacenter contracted Desktop Infrastructure Services including Service Management, ITIL Service Lines, Supply Chain Services, Service Operations Engineering Support, Project Support and Operational Security. In accordance with the Statement of Applicability v4.3 dated 12/01/2018.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
GemServ
PCI DSS accreditation date
September 2018
What the PCI DSS doesn’t cover
Only the data centres for the specific controls of Requirements 9 – Restrict physical access to cardholder data and 12 - Maintain a policy that addresses information security for all personnel of PCI DSS v3.2.1, which is not relevant for this service.
Other security certifications
Yes
Any other security certifications
Various which can be discussed

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
The Group ISMS contains a consistent security assurance framework and accompanying baseline set of Information Security Policies that are to be used throughout the Computacenter Group.
Information Security Policies define the minimum security standards for the Computacenter Group. They consist of technical, procedural and staff behavioural rules that work in concert to preserve the security aspects of Computacenter IT Systems and the information that they process.
The Group ISMS Information Security Policy set is divided into categories covering topics such as Information Security Management, End-user responsibilities and Acceptable Usage plus technology specific security requirements.
An 'Acceptable use Policy' (AUP) document is included in the Policy set, as a minimum, which must be read and understood, for ensure employee’s know their obligations and comply with this and any other Security Policies that relate to their role in the organisation.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our Group Change Management service is based on ITIL best practice and has the primary objective of protecting the client production services from outage and disruption resulting from change. Our Group Change Management team acts as the primary interface for the client to control changes to IT Infrastructure. The process is applied and governed to ensure that changes are recorded, evaluated, prioritised, planned, tested, authorised, implemented, documented and reviewed in a controlled manner with minimal or no disruption to the service.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We have in-house vulnerability management processes to cover scheduled and ad-hoc scanning, identification, notification, remediation and reporting. Customer specific programs are also deployed.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Our protective monitoring processes are based and run in accordance with the service and customer requirements.
Incident management type
Supplier-defined controls
Incident management approach
Our incident management processes are based on the requirements of each service and interface with our customer, as required by the contract

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£7375 per instance
Discount for educational organisations
No
Free trial available
No

Service documents

Return to top ↑