IT Financial Management Services by ComSci
ComSci helps organizations manage and communicate the cost, quality and value of services they deliver (IT Services, Shared Services, or both), driving business alignment and IT transparency. ComSci also provides a managed service offering to streamline monthly data production to enable clients to focus on delivering value, not chasing data.
- IT Financial Management (ITFM)
- Technology Business Management (TBM)
- Service Cost Modelling
- Bill of IT
- Bill of Shared Services
- Managed Service Offering supporting data production cycle
- Telecoms Expense Management
- Cloud provider cost modelling and control
- Call Accounting
- Optimise IT spend/investments
- Decrease IT spend as percentage of revenue
- Automate/streamline monthly data production
- Focus time and resources on demonstrating IT value to enterprise
- Model service impacts, both costs and volumes
- Demonstrate value of IT investments to all parts of enterprise
- Facilitate showback/chargeback of IT services to enterprise
- Centralise, analyse, and optimise telephone investments (VOIP/mobile/landline)
- Centralise, analyse, and optimise cloud provider investments (AWS, Azure, Google)
- Call accounting and telecom expense management
£5 per person per month
- Education pricing available
- Free trial available
+44 (0) 800-048-8575
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Priority 1 queries: 1 hour
Priority 2 queries: 4 hours
Priority 3 queries: 24 hours
|User can manage status and priority of support tickets||No|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Standard, Gold, and Platinum support.
Gold = 20% ARR, Platinum = 30% ARR
Upland provides complete end to end support including a customer success manager, 24x7 support, and the option for an assigned platinum experience manager.
Please see the Premium support brochure for full details.
|Support available to third parties||Yes|
Onboarding and offboarding
Upland Software provides complete implementation, training, ongoing support, upgrades, maintenance, and consulting services. There is a range of local and remote post-implementation support and consulting services available to you.
Upland Professional Services will complete the implementation process so the customer is enabled and trained to support future configuration effort themselves. This is configuration of the tool’s inherent functionality through the GUI menus and options – and not customising source code. The initial implementation workshops will focus on the business architecture and analysis that must proceed any ‘configuration clicking’ in the user interface.
Upland Software offers a comprehensive range of training options tailored to fit each customer's specific needs and for each of our solutions offerings. Choose from instructor-led classes, simulations and train-the-trainer programmes — delivered in-person, remotely, or via computer-based training. Training will take place during the implementation for system admins and then formal sessions will be held for specific roles once the configuration is fully defined. Train the trainer is the preferred approach for end users – this ensures that you the customer is the ultimate owner of your tool.
|End-of-contract data extraction||Users are always able to extract data at any time. There are a number of ways to extract data, through API, CSV, templates and reports. On contract end Upland will provide a number of data options including a database copy.|
|End-of-contract process||Data extract that requires no statement of work is included. Additional work will require a statement of work.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||None (full, responsive HTML5 supported).|
|Description of customisation||
Customers select power users to be trained as administrators. These administrators have access to an administrative panel within ComSci. All administration and configuration is achieved through the same browser interface that is used by end users. All screens, forms, reports, views are configured through the browser interface. No coding knowledge or skill is needed to perform configurations within ComSci.
Some customers have asked for custom/additional processes which go through our Customer Success Management group and are specific to that customer. Most features requested are implemented in such a way that are configurable and allow the customer to opt-out or in.
|Independence of resources||
ComSci is a standard 3-tier application with Web, Application and Database tiers. Each tier can be scaled horizontally and vertically. Customer data is segregated in individual database instances; fronted by a multi-tenant application layer.
ComSci utilizes Amazon Web Services (AWS) for hosting (Infrastructure-as-a-Service) to ensure the high-level application performance needs of our global customer base are fulfilled.
|Service usage metrics||Yes|
|Metrics types||Uptime, full support ticket information, development information.|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Physical access control, complying with SSAE-16 / ISAE 3402|
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||Many areas of ComSci that provide summations of data (e.g., dashboard, charts/graphs, and reports) can be exported in a variety of common formats (e.g., PDF, Word, HTML, Excel, etc.). ComSci can also provide bulk extracts of data to feed into analytical tools (e.g., SPSS, Tableau, etc.).|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||
|Data protection within supplier network||IPsec or TLS VPN gateway|
Availability and resilience
The periods of time that the Application is Available for use by the Customer not including scheduled downtime. “Availability” or “Available” means that an Authorized User can log in and access the Application.
Available in all material respects 99.5% average over a month (calculated on a 24 x 7 x 365 basis, other than Scheduled Downtime and other than any period of downtime that lasts 5 continuous minutes or less).
|Approach to resilience||Available on request|
|Outage reporting||Customer Portal. E-mail.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||ComSci will create either an encrypted LDAP connection to SAML 2.0 compliant identity federation solution (e.g., Active Directory). Once we have a connection, ComSci will send an on-demand request with the required authenticating information from our application server. If the end users credentials are valid, they will then be granted access. If the credentials are not valid we deny access. This request is in real time, therefore if an employee is disabled at 11:30, at 11:31 if they attempt to access, they will be denied.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||Other|
|Other security governance standards||
Upland Software’s product lines are accredited or follow best practices as defined by various bodies in relation to their standards and procedures. These include, but are not limited to:
++ SSAE-16 / ISAE 3402
++ SOC 2
++ Privacy Shield
|Information security policies and processes||Upland’s security framework is based on the ISO 27001 framework. On an annual basis, Upland ComSci is SSAE16 SOC1 Type II / ISAE 3402 audited, and as of 2016, SOC 2 audited as well. Upland has a VP of Security and Compliance who has remit and resources to ensure all information security policies are maintained.|
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||ComSci has a formal change and patch management process for dissemination into production environments. The process involves the development of features/enhancements, unit testing, building and hardening, and then full regression testing in a QA environment prior to production deployment. Controls are in place to ensure that our production environment is only accessible by certain key employees as part of the production roll-out process or for troubleshooting. We schedule change and patch deployments to occur off business hours/days and include checks on build procedures and validations to ensure successful deployments.|
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
Upland participates in the following security forums and professional associations: SANS, insecure.org, w3.org, cert.org, and securityfocus.com. Additionally, alerts are sent to us from Microsoft and Adobe security departments, and we receive alerts from the 3rd party organization conducting our quarterly vulnerability scans and 24x7 monitoring services.
We receive alerts via Microsoft on software and OS updates/patches. We use Microsoft Server Update Service (WSUS) to deploy and manage security patch updates.
Patches are tested prior to installation. We make every attempt to install critical security patches as soon as possible while ensuring compatibility and testing requirements are met.
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||Upland’s Security Organization performs monitoring activities in order to continuously assess the quality of internal control over time. These activities are used to initiate corrective action through department meetings, client conference calls, and informal notifications. Management performs monitoring activities on a continuous basis, taking necessary actions as required to correct deviations from company policy and procedures.|
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
Upland Software manages incidents by identifying and responding to them quickly, notifying key support and management personnel in a timely manner, restoring service as soon as possible, determining the cause of the incident, and taking appropriate steps to prevent future incidents. Our incident management process also allows us to quickly notify external organizations that may have been affected by an incident, including customers and partners. We employ internal and external
monitoring systems that periodically verify the state of each Upland cloud-based software product.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£5 per person per month|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||Full software access for up to 1 month|