Level Global Ltd

Level Cognitive Artificial Intelligence Platform

Level Intelligent Applications allow the automation of human decision making and task fulfilment processes. We take your knowledge, from subject matter experts and policy documents, and convert it into business rules enabling our ‘Intelligent Applications’ to make decisions and process transactions in your Enterprise Systems with no human intervention.


  • Self-service access to applications
  • Desktop, Tablet and Mobile/Smartphone-enabled
  • Easy to use look and feel, providing improved user interfaces
  • Real-time reporting in support of transactions
  • Secure integration with any application system
  • Data encrypted throughout
  • Deploy the services without customising the underlying business systems
  • Links organisation policies to transactional business systems


  • Ensure compliance with organisation policies
  • Automate business policies by linking them to transactional systems
  • Capture human knowledge and thinking process on the system
  • Allows self-service and 24x7 access to business systems via smartphones
  • Enable shared service centre to support clients with unique requirements
  • Get more out of existing applications
  • Pre-populates forms with data relevant to the user and transaction
  • Replace existing customisations with personalisation


£699 per licence per month

  • Free trial available

Service documents

G-Cloud 10


Level Global Ltd

Barrie Graham

07526 026090


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Any application that creates or manages transactions and data. For example, back office applications (HR or Payroll system) or an application that supports/performs specific business function.
Cloud deployment model Public cloud
Service constraints The software will need access to Data from the buyers application(s), the buyer will have to provide access to data either real time or as per a pre-agreed schedule depending on the application and buyers need.
System requirements Valid browser (when using IE, IE9 or above)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 1 hour
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Incident Level Incident Response Incident Update
Priority 1 1 working hour or less Hourly
Priority 2 2 working hours or less Every 4 Hours
Priority 3 1 working day or less Every 24 Hours
Priority 4 2 working day or less Every 120 Hours

Support charges are included in the monthly subscription fee. Support staff can be despatched to site if changes that have impacted the service have been made to the client's own applications by the client. In this case, charges will be levied as described in the SFIA rate card.

Each client has an account manager who is responsible for all client engagement activities including support liaison.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Onsite implementation and training provided. Documentation provided includes user stories, process flows, product guide and validation scripts.
Service documentation Yes
Documentation formats
  • ODF
  • PDF
  • Other
Other documentation formats As required
End-of-contract data extraction They can raise a request for the data and access to download the data from a secure FTP site will be provided
End-of-contract process The client has the option to extend the services under GCloud terms. We would de-commission and discontinue the service.

Access to download data held on our platform will be provide at the end of the contract if requested.

Decommissioning costs are included in the contract price.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The look and feel of the application is automatically re-purposed to suit the device that the application is being accessed from (desktop, tablet and smart phone). Where features that are unique to specific devices are being used, for example where calendar is used to select dates for annual leave, the application will use Android calendar for devices using the Android operating system or IoS calendar for iPhone.
Accessibility standards WCAG 2.0 AAA
Accessibility testing The Level Platform uses industry standard technology including angular.js that includes testing.
Customisation available No


Independence of resources The Level Cognitive Intelligence platform uses Amazon Web Services (AWS), which is configured for high availability, fault tolerance, and adaptive load. This configuration allows the service to scale on demand with no noticeable effect on user experience


Service usage metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Using a secure FTP option. Some data will be one-off and other as per schedule.
Where service is integrated with users application, there is no need to export data.
Data export formats
  • CSV
  • Other
Other data export formats XML
Data import formats
  • CSV
  • Other
Other data import formats XML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability System level guarantee: 99.5%

System availability Service Credit
99.5% - 100%. 0%
99.49 – 99.2% 5%
99.19% - 99.0% 10%
Below 99% 15%
Approach to resilience Level provide a clustered application solution with automatic failover as well as the ability to launch additional servers instantly to replace failed components. The solution's storage, memory and compute capacity can be increased without impact to the service to meet increases in demand.
Outage reporting Email alert

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication User authentication and authorisation follow the application’s security model, e.g. when a user logs in, a session cookie can be sent from the by the application and stored by the browser.  This is sent back to the application on each interaction, identifying the user and allowing them to interact without needing to pass their username and password every time.  When the user logs out, this cookie is invalidated and can no longer be used to gain access to the system. This, combined with TLS and specific network access, ensures a safe and secure model.
Access restrictions in management interfaces and support channels All internal (Level) access is via VPN and encryption keys on a case by case basis.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
  • Other

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 The British Assessment Bureau
ISO/IEC 27001 accreditation date 22/06/2016
What the ISO/IEC 27001 doesn’t cover All areas of the ISO/IEC 27001 Statement of Applicability have been addressed.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications AWS

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Level platform is based on Amazon Web Services whose Compliance enables customers to understand the robust controls in place at AWS to maintain security and data protection in the cloud. As systems are built on top of AWS cloud infrastructure, compliance responsibilities will be shared. By tying together governance-focused, audit-friendly service features with applicable compliance or audit standards, AWS Compliance enablers build on traditional programs; helping customers to establish and operate in an AWS security control environment. The IT infrastructure that AWS provides to its customers is designed and managed in alignment with security best practices and a variety of IT security standards, including:
• SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70) • SOC 2 • SOC 3 • FISMA, DIACAP, and FedRAMP • DOD CSM Levels 1-5 • PCI DSS Level 1 • ISO 9001 / ISO 27001 • ITAR • FIPS 140-2 • MTCS Level 3 .
In addition, the flexibility and control that the AWS platform provides allows customers to deploy solutions that meet several industry-specific standards.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Project Driven Changes
Clear milestones are set and acceptance criteria are quantified and measured before moving to the next phase. All project phases are controlled via a series of sprints which are carefully managed to ensure that the agreed delivery timescales are met.

Incident Driven Changes
Internal incidents should be logged only once a client incident reference has been attained. This ensures that the client’s incident management system is synchronised with our own, and that a clear communication channel is open between the client and Level to facilitate collaboration, coordination and the implementation of any changes.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our platform is hosted on AWS whose Security team performs vulnerability scans on the host operating system, web applications, and databases. Approved 3rd party vendors conduct external assessments (minimum frequency: quarterly). Identified vulnerabilities are monitored and evaluated. Countermeasures are designed and implemented to neutralise known/newly identified vulnerabilities.

AWS Security monitors newsfeeds/vendor sites for patches and receives customer intelligence.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Our platform is hosted on AWS which deploys (pan-environmental) monitoring devices to collect information on unauthorised intrusion attempts, usage abuse, and network/application bandwidth usage. Devices monitor:

• Port scanning attacks
• Usage (CPU, processes, disk utilisation, swap rates, software-error generated losses)
• Application metrics
• Unauthorised connection attempts

Near real-time alerts flag potential compromise incidents, based on AWS Service/Security Team-set thresholds.

Requests to AWS KMS are logged and visible via the account’s AWS CloudTrail Amazon S3 bucket. Logs provide request information, under which CMK, and identify the AWS resource protected through the CMK use.
Incident management type Supplier-defined controls
Incident management approach Our platform is hosted on AWS which adopts a three-phased approach to manage incidents:

1. Activation and Notification Phase
2. Recovery Phase
3. Reconstitution Phase

To ensure the effectiveness of the AWS Incident Management plan, AWS conducts incident response testing, providing excellent coverage for the discovery of defects and failure modes as well as testing the systems for potential customer impact.

The Incident Response Test Plan is executed annually, in conjunction with the Incident Response plan. It includes multiple scenarios, potential vectors of attack, the inclusion of the systems integrator in reporting and coordination and varying reporting/detection avenues.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £699 per licence per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Level will provide a prototype service for demonstration purposes. This will be made available to the client for an agreed period of time.


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑