Marval Software Limited

Marval MSM Integrated ITSM Software Support, Training & Consultancy

Innovative IT Service Management software (MSM) empowers service delivery teams to provide a world class service to its customers. MSM is a secure & scalable, ITIL compliant, ISO/IEC20000, ISO27001 certified & cyber compatible deployed via SaaS or on-premise, enabling organisations to deliver flexible and cost-effective customer, service centric business solutions.


  • Integrated, codeless & configurable service management software solution
  • 100% web-based
  • Intelligent business rules engine, classification and routing
  • Powerful business intelligence tool for dashboards and reporting
  • Customer and service centric service portfolio & service level management
  • Powerful searching 'Google' like searching tool
  • Integrated web self-service portal and mobile capability
  • Extensive security, access controls, audit and views
  • Drag and drop graphical workflows for ease of use
  • Staff usage and resource accounting


  • Improved customer experience and communication
  • Improved control, accountability, governance & compliance
  • Improved service quality & business value of ICT supplier
  • No request or activity lost forgotten or ignored
  • Standardise the way you deliver services to the business
  • Increased control & auditability of the service infrastructure
  • Customer web self-service portal available 7x24x365 days of the year
  • Rapid deployment, easy to maintain & configure
  • Increased Service infrastructure reliability
  • Used in any part of the enterprise requiring service/support


£12 to £72 per licence per month

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 11

Service ID

4 0 8 5 7 4 0 5 2 4 5 8 1 1 8


Marval Software Limited

Vincent Iweka

01536 711999

Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
System requirements
  • Windows platform
  • SQL Server
  • Either named, concurrent or a mixture of Marval software licences

User support

Email or online ticketing support
Email or online ticketing
Support response times
For a P1 our standard response is 2 hours.
For a P2 our standard response is 4 hours.
For a P3 our standard response is 8 hours.
For a P4 our standard response is 1 day.

Our standard business support hours are 0800-1800 Monday-Friday (excluding UK bank holidays).
24 x 5 or 24 x 7 phone support is available at additional cost.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Web chat is accessible via the self-service portal available to all customers.
Web chat accessibility testing
Onsite support
Yes, at extra cost
Support levels
Our standard UK Support is available to all customers Monday to Friday 0800 - 1800 UK time, excluding UK Bank holidays. 24x5x365 and 24x7x365 support are available as chargeable extras outside of the standard support hours.
Customers have access to the Marval self-service portal 24x7x365.
Each customer is provided with a technical account manager who is available during normal business hours.
Support available to third parties

Onboarding and offboarding

Getting started
Discussions with the customer will determine the specific training needs. All customers receive Operational Training: this is either directly from the Marval Product Trainer to the staff involved or, in the case of large numbers of trainees, to a trainer at a customer site who will then relay the knowledge down to their colleagues. In addition, all customers receive System Configuration Training, Service Reporting Training and Web Self-Service Administration Training.

Additional training courses on offer include Service Asset and Configuration Management Training, Technical Administration Training, Surveys Training, and bespoke training relating to specific processes such as Change Management, Knowledge Management and many others.

Every customer will be provided with documentation for all courses in hard and soft copy (PDF) format.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Data is sent upon request via SQL Back up files.
End-of-contract process
Once a contract has finished, upon request Marval will send a copy of the data via SQL Back up files back to the customer. All data will then be deleted from our servers as part of the contract. There is no charge for this.
A customer can choose to keep a copy of the data on our servers purely as a storage copy. There is a minimal charge for this on a monthly basis.
As part of GDPR an approved signatory is required to release any data.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The MSM core application will work as normal on any mobile device via a web browser although not all pages have been optimised to fit the screen size of a mobile device.
To ensure ease of use for mobile users such as engineers who need to raise, update, approve (if required) and close Requests, easily create CIs using the barcode scanner and many other tasks, Marval have developed native iOS and Android mobile applications, enabling users to complete work on the move, over mobile and Wi-Fi connections.
Service interface
What users can and can't do using the API
Our SOAP web service can create, read, update and delete entities in Marval MSM. All the major entities are covered (inc. requests, configuration items and organisational units) and we can provide a WSDL file if required. The new RESTful web API that is currently in progress is being used to provide data for our new mobile application and is being updated frequently to provide more functionality.
API documentation
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
Users are able to configure and classify the delivery.
Users can configure the look and feel including colours, layout including widgets.
The ability to configure is defined in the individual's assigned role.
All configuration changes are maintained between updates and fully audited.


Independence of resources
Each customer gets their own set of web servers; there is no overlap with other users. Other components that are shared are carefully monitored with automatic alerting when performance starts to degrade before it impacts any user or service.


Service usage metrics
Metrics types
All standard ITSM reports as required by ITIL, ISO/IEC20000, ISO27001 and the Service Desk Institute (SDI). Users can modify existing standard reports or can create their own.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data can be downloaded in .csv format at any time.
Analytics can be exported further into DOC, DOCX, XLS, XLSX, PDF, HTML and PPT.
Data export formats
  • CSV
  • Other
Other data export formats
  • DOC
  • DOCX
  • XLS
  • XLSX
  • PDF
  • PPT
  • HTML
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Marval standard SLA for all customers regarding availability is 99.95%.
Any refunds are as per contract.
Approach to resilience
Resiliency within iland (our hosting provider) is managed through the use of ITIL v3 frameworks and validated through third party auditory reviews and incorporated within the SOC2, CSA STAR and ISO 27001 certifications and attestations. iland’s approach to resilience includes but is not limited to support for distributed processing, storage and communications with the use of extensive redundancy and multi-carriers.
Outage reporting
If Marval's software suffers any form of outage then we will inform our customers via telephone or email alerts.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Roles can be assigned to each user in the system giving them permissions to potentially view, create, update and delete entities in MSM. In addition, some resources can be further restricted by their groups within the organizational structure, access groups and access levels.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Annex 14.2.7 Outsourced Development.

This control was not included in our ISO 27001 scope as it is not applicable. No outsourced development takes place.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Since being certified with ISO 27001 a lot of changes have been made to existing security policies; new policies have been introduced to ensure the confidentiality, integrity and availability of our data is kept. We have a specific policy document for each of the ISO 27001 controls (Organisation of Information Security, Human Resources, Asset Management, Access Control, Cryptography, Physical and Environmental, Operations, Communications, System Acquisition Development and Maintenance, Supplier Relationships, Information Security Incident Management, Information Security aspects of Business Continuity, and Compliance.), and these policies are enforced by our Information Security Officer. This is backed up further by quarterly internal audits of processes and training courses provided to staff.

Information security risks and weaknesses, internal audits and recurring tasks are all recorded using our own service management software. This can then be easily reported on and data used to facilitate more thorough risk assessment and management of future projects and changes.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Marval’s Configuration Process controls and audits the changes in the service/ infrastructure. All assets and configurations are recorded in the CMDB. Scheduled internal audits ensure all records are upto date. Change requests are recorded and approved as required. The impact and risk assessment of Changes is done in conjunction of the Configuration and Release Manager and any stakeholders. The Configuration Management system is used to identify relationships, dependencies and risks between items within the infrastructure. When the change is completed the outcome is recorded, reportable and required persons automatically notified.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Vulnerability management is handled in several stages of the software development lifecycle. At the planning stages of new features or bug fixes, security implications are assessed and a framework of best practice is followed. Due to our agile development process, security patches can be implemented and tested in a matter of weeks if required. Internal and external penetration testing and vulnerability assessments are carried out on all major release builds. Information about potential threats come from several security forums and known frameworks.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Iland (our hosting provider) maintains adherence to DPA, ISO27001, PCI DSS , CSA STAR as well as BS 10012:2017 standards for monitoring which includes the use of SOC and NOC operations to ensure real-time staffed oversight.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
In addition to standard incident, Marval supports security incidents and associated workflow and classifications. Marval is certified against ISO/IEC 20000 and ISO27001 for all service management processes and functions.
Users can report incidents through multiple channels, including self-service portal, telephone, e-mail, live chat, API's and a range of systems management and automation tools. All incidents are treated with the same level of expertise no matter which channel they originated from.
Reports can be automatically scheduled to be dispatched to a customer or are provided upon request via their assigned account manager.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£12 to £72 per licence per month
Discount for educational organisations
Free trial available
Description of free trial
Full user functionality based on a temporary licence key on either a named or concurrent licence basis. User guides are included as no training is offered during the trial period.
Time period for the trial is usually limited to one month.

Service documents

Return to top ↑