Version 1 Solutions Limited

Hubble Performance Management Platform

Hubble is the only performance management platform for Oracle e-Business Suite and JD Edwards that brings all your critical organisation’s systems together. A complete performance platform for reporting, planning, analytics, data visualization and data integration that’s designed for and fully integrated with your Oracle or JD Edwards ERP solution

Features

  • KPIs & Scorecards
  • Flexible, user-driven dashboards
  • Collaboration tools
  • Alerts – Monitoring critical information
  • Approvals workflow
  • Mobile Support
  • Real-time ERP Integration
  • Breathtaking performance for big data challenges
  • Drill down
  • Continuous Integration

Benefits

  • Rapid implementation
  • Low Total Cost of Ownership
  • Ease of use
  • Support Decision Making
  • Flexible, Configurable Reporting
  • End-user enablement
  • Self-service

Pricing

£80.00 a user a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tendernotices@version1.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

3 6 2 7 5 3 3 7 6 6 7 2 6 9 4

Contact

Version 1 Solutions Limited Matt Gorman
Telephone: +44 203 859 4790
Email: tendernotices@version1.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
N/A.
System requirements
  • Currently supported web browser
  • Communications link with sufficient capacity for the service

User support

Email or online ticketing support
Email or online ticketing
Support response times
Standard SLA covers Office Hours:
1 hour priority calls
4 hour response standard
Can be tailored to customer requirement including weekend cover
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 A
Web chat accessibility testing
Version 1 uses Skype for our web chat support. The following is a list of devices with supported accessibility features available for Skype on Windows 8 desktop:

• Narrator screen reader enables blind people to use their computer or other device as its purpose is to read text on the screen aloud. Skype for Windows desktop and Skype for Windows 8 may also work well with third-party screen readers such as NVDA (free download) and JAWS.
• High-contrast settings benefit low vision users and users with little or no color perception as it makes text easier to read.
• Magnifier is a feature intended for low vision users as it enlarges the screen and makes text easier to read and images easier to see
Onsite support
Yes, at extra cost
Support levels
The Managed Service provided by Version 1 is based on our ISO 20000 processes and procedures. The ISO 20000 standard held by Version 1 since July 2011, is aligned to the ITIL service framework and covers standard service processes such as Incident Management, Change Management and Release Management . During on-boarding we can tailor these processes and agree the detail of their implementation, in particular how they integrate with the client’s own internal processes. There is an additional charge for this tailoring which can be incorporated in the on-boarding costs. Version 1 has an ITIL based Service Governance structure in place for each client to ensure SLAs are met and the overall support service is managed in a responsive, customer-focused manner. The focus of the service governance will be a regular Service Management Board or Service Review Meeting attended by key stakeholders. Each managed service client is assigned a service manager to co-ordinate their service provision and ensure customer satisfaction levels are maintained. At Version 1, Continuous Service Improvement as a core element of our Managed Service offering and we incorporate it into the client's Managed Service at the outset of our engagement
Support available to third parties
Yes

Onboarding and offboarding

Getting started
A critical aspect of any project is the need to conduct comprehensive training for the users in the use of the application. Version 1 is committed to conducting professional training to ensure that users of the system can gain maximum benefit from using it.
Version 1 normally propose a ‘train the trainer’ approach to user training be adopted, integrated with the testing and overall acceptance phase of the project. This requires a difference in approach from standard training courses, as users need to be trained in both the application and in how to pass this on to their colleagues.
A number of “super users” for the system should be nominated by the client and could also be identified through a Training Needs Analysis process
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Version 1 will assist with service migration and can provide a data extract in an agreed format.
End-of-contract process
The migration work at end-of-contract will be chargeable based on the standard G-Cloud rate card.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The service is optimised for mobile, desktop and tablet use and there are differences. Core functionality is available across all platforms.
Service interface
No
API
No
Customisation available
Yes
Description of customisation
Report formats

Scaling

Independence of resources
Customer environments are logically segregated to prevent users and customers from accessing resources not assigned to them. Services which provide virtualized operational environments to customers (i.e. EC2) ensure that customers are segregated via security management processes/controls at the network and hypervisor level. AWS continuously monitors service usage to project infrastructure needs to support availability commitments/requirements. AWS maintains a capacity planning model to assess infrastructure usage and demands at least monthly, and usually more frequently. In addition, the AWS capacity planning model supports the planning of future demands to acquire and implement additional resources based upon current resources and forecasted requirements

Analytics

Service usage metrics
Yes
Metrics types
System Users
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Microsoft, Hubble

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
Other data at rest protection approach
AWS adheres to independently validated privacy, data protection, security protections and control processes. (Listed under “certifications”). AWS is responsible for the security of the cloud; customers are responsible for security in the cloud. AWS enables customers to control their content (where it will be stored, how it will be secured in transit or at rest, how access to their AWS environment will be managed). Wherever appropriate, AWS offers customers options to add additional security layers to data at rest, via scalable and efficient encryption features. AWS offers flexible key management options and dedicated hardware-based cryptographic key storage
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Version 1 can provide a data extract in an agreed format
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
AWS currently provides SLAs for several services. Due to the rapidly evolving nature of AWS’s product offerings, SLAs are best reviewed directly on our website via the links below: • Amazon EC2 SLA: http://aws.amazon.com/ec2-sla/ • Amazon S3 SLA: http://aws.amazon.com/s3-sla • Amazon CloudFront SLA: http://aws.amazon.com/cloudfront/sla/ • Amazon Route 53 SLA: http://aws.amazon.com/route53/sla/ • Amazon RDS SLA: http://aws.amazon.com/rds-sla/
Approach to resilience
The AWS Business Continuity plan details the process that AWS follows in the case of an outage, from detection to deactivation. AWS has developed a three-phased approach: Activation and Notification Phase, Recovery Phase, and Reconstitution Phase. This approach ensures that AWS performs system recovery and reconstitution efforts in a methodical sequence, maximizing the effectiveness of the recovery and reconstitution efforts and minimizing system outage time due to errors and omissions. AWS maintains a ubiquitous security control environment across all regions. Each data centre is built to physical, environmental, and security standards in an active-active configuration, employing an n+1 redundancy model, ensuring system availability in the event of component failure. Components (N) have at least one independent backup component. All data centres are online and serving traffic. In case of failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites. Customers are responsible for implementing contingency planning, training and testing for their systems hosted on AWS. AWS provides customers with the capability to implement a robust continuity plan, including the utilization of frequent server instance back-ups, data redundancy replication, and the flexibility to place instances and store data within multiple geographic regions across multiple Availability Zones.
Outage reporting
Public dashboard; personalised dashboard with API and events; configurable alerting (email / SMS / messaging)

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
IAM provides user access control to AWS services, APIs and specific resources. Other controls include time, originating IP address, SSL use, and whether users authenticated via MFA devices. API calls to launch/terminate instances, change firewalls, and perform other functions are signed by customers’ Amazon Secret Access Key (either the root AWS Account’s Secret Access Key or the Secret Access key of a user created with AWS IAM). Amazon EC2 API calls cannot be made on customers’ behalf without access to customers’ Secret Access Ke. API calls can be encrypted with TLS/SSL for confidentiality and customers can use TLS/SSL-protected API endpoints
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Certification Europe
ISO/IEC 27001 accreditation date
29/07/2015
What the ISO/IEC 27001 doesn’t cover
The scope of the certification covers all Version 1 Managed Service activities
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Version 1 recognise that the relationship between information security and IT service management is so close that we implemented an Integrated Management System (IMS) that has been certified to ISO 27001:2013 and ISO 20000-1:2011 with matching scopes.
The Version 1 IMS is based on the guidance provided in the International Standard for the Corporate Governance of IT (ISO/IEC 38500) and the International Standard for Risk Management (ISO 31000).
The Version 1 IMS has a broad scope that supports all of our ICT services.
The Version 1 IMS is audited every 3 months, alternately by internal and external auditors.
An Information Security Officer along with the IT Governance Committee are responsible for maintaining the IMS, as well as providing advice and guidance on policy implementation.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Verison 1 has developed formal standard operating procedures (SOPs) governing the change management process. These SOPs cover both software development and hardware change and release management, and are consistent with established regulatory guidelines including ISO 27001 and ISO 20000
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
AWS Security performs vulnerability scans on the host operating system, web applications, and databases in the AWS environment. Approved 3rd party vendors conduct external assessments (minimum frequency: quarterly). Identified vulnerabilities are monitored and evaluated. Countermeasures are designed and implemented to neutralise known/newly identified vulnerabilities. AWS Security monitors newsfeeds/vendor sites for patches and receives customer intelligence via http://aws.amazon.com/security/vulnerability-reporting/. AWS customers are responsible for all scanning, penetration testing, file integrity monitoring and intrusion detection for their Amazon EC2 and Amazon ECS instances/ applications. Scans should include customer IP addresses (not AWS endpoints). AWS endpoint testing is part of AWS compliance vulnerability scans.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
AWS deploys (pan-environmental) monitoring devices to collect information on unauthorized intrusion attempts, usage abuse, and network/application bandwidth usage. Devices monitor: • Port scanning attacks • Usage (CPU, processes, disk utilization, swap rates, software-error generated losses) • Application metrics • Unauthorized connection attempts Near real-time alerts flag potential compromise incidents, based on AWS Service/Security Team- set thresholds. Requests to AWS KMS are logged and visible via the account’s AWS CloudTrail Amazon S3 bucket. Logs provide request information, under which CMK, and identify AWS resource protected through CMK use. Log events visible to customer after turning on AWS CloudTrail in their account
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
AWS adopts a three-phased approach to manage incidents: 1. Activation and Notification Phase 2. Recovery Phase 3. Reconstitution Phase To ensure the effectiveness of the AWS Incident Management plan, AWS conducts incident response testing, providing excellent coverage for the discovery of defects and failure modes as well as testing the systems for potential customer impact. The Incident Response Test Plan is executed annually, in conjunction with the Incident Response plan. It includes multiple scenarios, potential vectors of attack, the inclusion of the systems integrator in reporting and coordination and varying reporting/detection avenues. .

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • Public Services Network (PSN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Scottish Wide Area Network (SWAN)

Pricing

Price
£80.00 a user a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tendernotices@version1.com. Tell them what format you need. It will help if you say what assistive technology you use.