IBM United Kingdom Ltd

IBM MRO Inventory Optimisation

IBM MRO (Maintenance, Repair and Operations) Inventory Optimisation solutions is a prescriptive analytics tool that recommends the correct level of stock that should be kept on hand dependent on a companies Inventory strategy. It integrates to an ERP or EAM solution to automatically implement the recommendations.

Features

  • Service level analysis
  • Inventory optimisation
  • Criticality analysis
  • Lead time analysis
  • Quick reports
  • Baseline analysis
  • Demand forecasting
  • What if analysis

Benefits

  • Up to 50% reduction in unplanned downtime related to parts
  • Up to 40% reduction in inventory costs
  • Up to 35% savings in maintenance budgets
  • Up to 25% increase in service levels

Pricing

£235000 per unit per year

Service documents

G-Cloud 11

372167662561826

IBM United Kingdom Ltd

Alice Griffin

Please email

gcloud@uk.ibm.com

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to IBM MRO Inventory Optimisation is a standalone SAAS offering but acts as an extension of ERP solutions such as SAP and Oracle and/or EAM systems such as Maximo.
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints None
System requirements
  • Current web browsers versions of Internet Explorer, Chrome, Microsoft Edge
  • MRO inventory data systemised in ERP or EAM solution
  • Current anti-virus software
  • SFTP data file transfer capability

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Please refer to the terms and conditions document for this offering which will detail the support levels.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Please refer to the terms and conditions document for this offering which will detail the support levels.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Client design and criticality workshops followed by onsite UAT and training are part of implementation. User documentation is provided and additional online documentation and support is available via the help tool.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction End of contract data migration activity, at extra cost, would be required. It should be noted that this offering has a 99% customer retention, to date, so this process is not used regularly.
End-of-contract process SAAS contract provides the software and support services, migration and upgrade and maintenance of the system for the duration of the contract.

Data migration to extract data from the system is done at extra cost.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices No
API Yes
What users can and can't do using the API APIs exist for data file transfer and updates, bi-directional. However, the majority of customers utilise data file transfers via batches.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available No

Scaling

Scaling
Independence of resources Cloud service offering ensures scalability and level of performance is guaranteed.

Analytics

Analytics
Service usage metrics Yes
Metrics types Metrics include but not limited to:
User Logins
Timing systems
Data collected, changed and exported
Inventory optimisation and changes
System availability
Audit log tracking
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Data export is typically done through a data file export utilising SFTP. An alternative is to use APIs for export. The majority of our clients choose SFTP data transfer.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks Solution uses 128bites data encryption.
Data protection within supplier network
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network We have different data silos to ensure data is not crossed over with other client's.

Availability and resilience

Availability and resilience
Guaranteed availability Details provided in the T&Cs document
Approach to resilience Available at request.
Outage reporting Outages are reported at this time via email. There is 24/7 monitoring of the application/OS/DB levels. Alerts are sent to our system admin team and incidents are created in our CMDB service desk tool.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
  • Other
Other user authentication Single sign on options is available also.
Access restrictions in management interfaces and support channels IBM maintains individual role-based authorization of privileged accounts that is subject to regular validation. A privileged account is a duly authorized IBM user identity with administrative access to a Cloud Service, including associated infrastructure, networks, systems, applications, databases and file systems.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password
  • Other
Description of management access authentication Single sign on option is also available.

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes IBM has an Information Technology (IT) Security policy that establishes the requirements for the protection of IBM's worldwide IT systems and the information assets they contain, including networks and computing devices such as servers, workstations, host computers, application programs, web services, and telephone systems within the IBM infrastructure. IBM’s IT Security policy is supplemented by standards and guidelines, such as the Security Standards for IBM's Infrastructure, the Security and Use Standards for IBM Employees and the Security Guidelines for Outsourced Business Services. Such are reviewed by a cross-company team led by the IT Risk organization every six months. IBM has a dedicated Vice President of IT Security who leads a team responsible for IBM's own enterprise data security standards and practices. Responsibility and accountability for executing internal security programs is established through formal documented policies. IBM Services teams also have dedicated executives and teams who are responsible for information and physical security in the delivery of our client services.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach IBM maintains policies and procedures to manage risks associated with the application of changes to its Cloud Services. Prior to implementation, all changes to a Cloud Service, including its systems, networks and underlying components, will be documented in a registered change request that includes a description and reason for the change, implementation details and schedule, a risk statement addressing impact to the Cloud Service and its clients, expected outcome, rollback plan, and documented approval by IBM management or its authorized delegate.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach With each Cloud Service, as applicable and commercially reasonable, IBM will a) perform penetration testing and vulnerability assessments before production release and routinely thereafter, b) enlist a qualified and reputable independent third-party to perform penetration testing and ethical hacking at least annually, c) perform automated management and routine verification of underlying components’ compliance with security configuration requirements, and d) remediate any identified vulnerability or noncompliance with its security configuration requirements based on associated risk, exploitability, and impact. IBM takes reasonable care to avoid Cloud Service disruption when performing its tests, assessments, scans, and execution of remediation activities.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach IBM maintains and follows policies requiring administrative access and activity in its Cloud Services’ computing environments to be logged and monitored, and the logs to be archived and retained in compliance with IBM’s worldwide records management plan. IBM monitors privileged account use and maintain security information and event management policies and measures designed to a) identify unauthorized administrative access and activity, b) facilitate a timely and appropriate response, and c) enable internal and independent third party audits of compliance with such policies. IBM systematically monitors the health and availability of production Cloud Service systems and infrastructure at all times.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach IBM: -maintains and follows incident response policies aligned with NIST guidelines for computer security incident handling, and will comply with data breach notification requirements under applicable law. -investigates security incidents, including unauthorised access or use of content or the Cloud Service, of which IBM becomes aware, and, if warranted, define and execute an appropriate response plan. -promptly notifies Client upon determining that a security incident known or reasonably suspected by IBM to affect Client has occurred. -provides Client with reasonably requested information about such security incident and status of applicable remediation and restoration activities performed or directed by IBM.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £235000 per unit per year
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑