Marval MSM Integrated ITSM Software Support, Training & Consultancy
Innovative IT Service Management software (MSM) empowers service delivery teams to provide a world class service to its customers. MSM is a secure & scalable, ITIL compliant, ISO/IEC20000, ISO27001 certified & cyber compatible deployed via SaaS or on-premise, enabling organisations to deliver flexible and cost-effective customer, service centric business solutions.
Features
- Integrated, codeless & configurable service management software solution
- 100% web-based
- Intelligent business rules engine, classification and routing
- Powerful business intelligence tool for dashboards and reporting
- Customer and service centric service portfolio & service level management
- Powerful searching 'Google' like searching tool
- Integrated web self-service portal and mobile capability
- Extensive security, access controls, audit and views
- Drag and drop graphical workflows for ease of use
- Staff usage and resource accounting
Benefits
- Improved customer experience and communication
- Improved control, accountability, governance & compliance
- Improved service quality & business value of ICT supplier
- No request or activity lost forgotten or ignored
- Standardise the way you deliver services to the business
- Increased control & auditability of the service infrastructure
- Customer web self-service portal available 7x24x365 days of the year
- Rapid deployment, easy to maintain & configure
- Increased Service infrastructure reliability
- Used in any part of the enterprise requiring service/support
Pricing
£12 to £72 a licence a month
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 11
Service ID
4 0 8 5 7 4 0 5 2 4 5 8 1 1 8
Contact
Marval Software Limited
Vincent Iweka
Telephone: 01536 711999
Email: sales@marval.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
- None
- System requirements
-
- Windows platform
- SQL Server
- Either named, concurrent or a mixture of Marval software licences
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
For a P1 our standard response is 2 hours.
For a P2 our standard response is 4 hours.
For a P3 our standard response is 8 hours.
For a P4 our standard response is 1 day.
Our standard business support hours are 0800-1800 Monday-Friday (excluding UK bank holidays).
24 x 5 or 24 x 7 phone support is available at additional cost. - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- Web chat is accessible via the self-service portal available to all customers.
- Web chat accessibility testing
- None
- Onsite support
- Yes, at extra cost
- Support levels
-
Our standard UK Support is available to all customers Monday to Friday 0800 - 1800 UK time, excluding UK Bank holidays. 24x5x365 and 24x7x365 support are available as chargeable extras outside of the standard support hours.
Customers have access to the Marval self-service portal 24x7x365.
Each customer is provided with a technical account manager who is available during normal business hours. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Discussions with the customer will determine the specific training needs. All customers receive Operational Training: this is either directly from the Marval Product Trainer to the staff involved or, in the case of large numbers of trainees, to a trainer at a customer site who will then relay the knowledge down to their colleagues. In addition, all customers receive System Configuration Training, Service Reporting Training and Web Self-Service Administration Training.
Additional training courses on offer include Service Asset and Configuration Management Training, Technical Administration Training, Surveys Training, and bespoke training relating to specific processes such as Change Management, Knowledge Management and many others.
Every customer will be provided with documentation for all courses in hard and soft copy (PDF) format. - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Data is sent upon request via SQL Back up files.
- End-of-contract process
-
Once a contract has finished, upon request Marval will send a copy of the data via SQL Back up files back to the customer. All data will then be deleted from our servers as part of the contract. There is no charge for this.
A customer can choose to keep a copy of the data on our servers purely as a storage copy. There is a minimal charge for this on a monthly basis.
As part of GDPR an approved signatory is required to release any data.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9
- Internet Explorer 10
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
-
The MSM core application will work as normal on any mobile device via a web browser although not all pages have been optimised to fit the screen size of a mobile device.
To ensure ease of use for mobile users such as engineers who need to raise, update, approve (if required) and close Requests, easily create CIs using the barcode scanner and many other tasks, Marval have developed native iOS and Android mobile applications, enabling users to complete work on the move, over mobile and Wi-Fi connections. - Service interface
- No
- API
- Yes
- What users can and can't do using the API
- Our SOAP web service can create, read, update and delete entities in Marval MSM. All the major entities are covered (inc. requests, configuration items and organisational units) and we can provide a WSDL file if required. The new RESTful web API that is currently in progress is being used to provide data for our new mobile application and is being updated frequently to provide more functionality.
- API documentation
- Yes
- API documentation formats
-
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
Users are able to configure and classify the delivery.
Users can configure the look and feel including colours, layout including widgets.
The ability to configure is defined in the individual's assigned role.
All configuration changes are maintained between updates and fully audited.
Scaling
- Independence of resources
- Each customer gets their own set of web servers; there is no overlap with other users. Other components that are shared are carefully monitored with automatic alerting when performance starts to degrade before it impacts any user or service.
Analytics
- Service usage metrics
- Yes
- Metrics types
- All standard ITSM reports as required by ITIL, ISO/IEC20000, ISO27001 and the Service Desk Institute (SDI). Users can modify existing standard reports or can create their own.
- Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
-
Data can be downloaded in .csv format at any time.
Analytics can be exported further into DOC, DOCX, XLS, XLSX, PDF, HTML and PPT. - Data export formats
-
- CSV
- Other
- Other data export formats
-
- DOC
- DOCX
- XLS
- XLSX
- PPT
- HTML
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
Marval standard SLA for all customers regarding availability is 99.95%.
Any refunds are as per contract. - Approach to resilience
- Resiliency within iland (our hosting provider) is managed through the use of ITIL v3 frameworks and validated through third party auditory reviews and incorporated within the SOC2, CSA STAR and ISO 27001 certifications and attestations. iland’s approach to resilience includes but is not limited to support for distributed processing, storage and communications with the use of extensive redundancy and multi-carriers.
- Outage reporting
- If Marval's software suffers any form of outage then we will inform our customers via telephone or email alerts.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
- Roles can be assigned to each user in the system giving them permissions to potentially view, create, update and delete entities in MSM. In addition, some resources can be further restricted by their groups within the organizational structure, access groups and access levels.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- You control when users can access audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- DNV GL
- ISO/IEC 27001 accreditation date
- 06/02/2019
- What the ISO/IEC 27001 doesn’t cover
-
Annex 14.2.7 Outsourced Development.
This control was not included in our ISO 27001 scope as it is not applicable. No outsourced development takes place. - ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
Since being certified with ISO 27001 a lot of changes have been made to existing security policies; new policies have been introduced to ensure the confidentiality, integrity and availability of our data is kept. We have a specific policy document for each of the ISO 27001 controls (Organisation of Information Security, Human Resources, Asset Management, Access Control, Cryptography, Physical and Environmental, Operations, Communications, System Acquisition Development and Maintenance, Supplier Relationships, Information Security Incident Management, Information Security aspects of Business Continuity, and Compliance.), and these policies are enforced by our Information Security Officer. This is backed up further by quarterly internal audits of processes and training courses provided to staff.
Information security risks and weaknesses, internal audits and recurring tasks are all recorded using our own service management software. This can then be easily reported on and data used to facilitate more thorough risk assessment and management of future projects and changes.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Marval’s Configuration Process controls and audits the changes in the service/ infrastructure. All assets and configurations are recorded in the CMDB. Scheduled internal audits ensure all records are upto date. Change requests are recorded and approved as required. The impact and risk assessment of Changes is done in conjunction of the Configuration and Release Manager and any stakeholders. The Configuration Management system is used to identify relationships, dependencies and risks between items within the infrastructure. When the change is completed the outcome is recorded, reportable and required persons automatically notified.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Vulnerability management is handled in several stages of the software development lifecycle. At the planning stages of new features or bug fixes, security implications are assessed and a framework of best practice is followed. Due to our agile development process, security patches can be implemented and tested in a matter of weeks if required. Internal and external penetration testing and vulnerability assessments are carried out on all major release builds. Information about potential threats come from several security forums and known frameworks.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Iland (our hosting provider) maintains adherence to DPA, ISO27001, PCI DSS , CSA STAR as well as BS 10012:2017 standards for monitoring which includes the use of SOC and NOC operations to ensure real-time staffed oversight.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
In addition to standard incident, Marval supports security incidents and associated workflow and classifications. Marval is certified against ISO/IEC 20000 and ISO27001 for all service management processes and functions.
Users can report incidents through multiple channels, including self-service portal, telephone, e-mail, live chat, API's and a range of systems management and automation tools. All incidents are treated with the same level of expertise no matter which channel they originated from.
Reports can be automatically scheduled to be dispatched to a customer or are provided upon request via their assigned account manager.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Pricing
- Price
- £12 to £72 a licence a month
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
-
Full user functionality based on a temporary licence key on either a named or concurrent licence basis. User guides are included as no training is offered during the trial period.
Time period for the trial is usually limited to one month.