Execview Service and Operations Governance
Execview Service and Operations Governance brings visual performance management for service delivery managers. Execview is multi-organisational. It incorporates powerful integration to any data source (e.g., Databases, help desk, CRM, ERP, PPM) for performance reporting. Execview provides workflows for managing actions, risks, change requests, innovation, assurance. Easy to use, low cost.
- Service and operations reporting
- Online SLA and service definitions
- CSF and KPI definitions
- Data integration with any service, ERP and operations systems
- Customisable reporting
- Intrvention, task and action management
- Operational risk and issue management
- Mobile app for productivity
- Workflows fro change requests, innovation, RFPs,
- Audit and assurance review functions
- powerful visibility and control of processes
- Easy to use processes and reports
- Rapid and easy deployment
- Strong buy-in from users and management
- Easy integration (model external sources to 3-5 days to integrate)
- Self sufficient in most organisations
- Faster/lower cost to deploy than most solutions
- Rapid prototyping of governance solutions
£1000 to £1000 per licence per month
- Free trial available
4 5 9 2 4 0 7 4 8 4 7 6 7 2 6
+44 (0)207 754 3737
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||Execview will act as an add-on for reporting and governance to provide exec reporting and visibility. Most data file types can be integrated in a few days (mostly secure FTP, but also Web Services, Manual file loads). Multi-organisational, Execview will integrate many organisational inputs into a single governance view|
|Cloud deployment model||Private cloud|
|Service constraints||No specific constraints. For government-sensitive secure applications, there are options to install Execview on private government networks or connect via secure networks. A number of existing government outsourcers can also supply Execview directly.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
The Issue Prioritisation definitions are as follows:
• P0/Critical – “Site Down” or >50% customer users cannot use the platform in any way
• P1 – Major Functionality Unavailable, e.g. lack of reporting, >20% users unable to access, data corruption
• P2 – Minor Functional Problem, but workaround available
• P3 – Enhancement Request, “How To” Question or Minor Bug
The target Response Times (within the Support hours) are as follows:
• P0 – 30 mins
• P1 – 1 hour
• P2 – 4 hours
• P3 – 8 hours
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
These support services re included in the service cost:-
1.First Line support, including bug logging, technical advice, liaison with clients for operational issues.
2. Software support including reaction to system outage, downtime or high importance issues, technical expert, bug resolution.
3. Account management, escalation for operational, and performance issues.
4. Account management and Service Delivery Manager are escalation points.
5. Nominate Solution Consultant(s) will be allocated to each service to provide client support on major accounts with 100+users.
6. Each government service has a nominated Contact Director with accountability of service assurance.
7. Most clients are pretty self-sufficient. Where needed, On-site Support is normally chargeable for training, solution set-up and bespoke integration with other systems.
|Support available to third parties||Yes|
Onboarding and offboarding
Execview provide a set-up service of typically 5-30 days initial support depending on the client needs.
Most users can expect to learn to access and use Execview in an hour of training for project and service reporting (90% of users say this is sufficient!). The training is either on-site or via a WebEx session.
Either Execview of Client Administrator(s) are responsible for Execview set-up, data integration, and mapping, user and
security management, resource and cost management, etc. This set-up capability requires more formal training and
support (3 - 5 days). it is normally done as a by-product of the Execview Set-up whilst working alongside our solution consultants. Alternatively, they can take a formal Admin course – see details later in this section.
We run a range of training and courses – for larger roll-outs, we would ‘Train the Trainer’.
Execview typically provide on-site early life support services for larger implementations, and email/phone support thereafter.
|End-of-contract data extraction||Execview commits to provide an open and fast way of customer data extraction. A core part of the Execview technology will provide an import /export facility that customers can use at any time. For all other data items Execview will provide data extracts in Microsoft Excel, Microsoft SQL or comma separated file formats, as preferred by the customer. There will be no charge for these type of extracts – other requested formats may, however, have a charge. Execview commits to purge all such customer’s data at the termination point. Execview may charge for bespoke data extraction services at our normal daily rates if needed.|
|End-of-contract process||Execview commits to provide an open and fast way of customer data extraction. A core part of the Execview technology provide an import/export facility that customers can use at any time. For all other data items Execview will provide data extracts in Microsoft Excel, Microsoft SQL or comma separated file formats, as preferred by the customer. There will be no charge for these type of extracts – other requested formats may however have a charge. Execview commits to purge all such customer’s data at termination point. Execview will not expect to help with the migration to other systems, but if requested may charge for this service at our normal daily rate|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Execview is available through any modern desktop browser. It works well on mobile devices as well, and even the more complex reports render well. Additionally, a new mobile app (HTML based - no download) works on mobile browsers and provide productivity tools, task management and reporting for users.|
|What users can and can't do using the API||
Execview connects to any system, including ERP (SAP, Oracle etc), MS Project Server, Business Objects, Jira, ticketing systems, CRM).
Execview will connect to ANY data source, and receive most data file formats. Any CSV, Excel or XML file can be uploaded to Execview via the API. This can be used for connecting external systems for reporting integration. And extract transform and load (ETL) program allows data to be selected and imported using user-defined processing rule sets. Web services interfaces can be created on request
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||
1. User reports and templates are customisable
2. Many screens, field names, drop downs, can be customised on forms according to the requirement.
3. Workflow stages, gateways, reports, all customisable.
4. Administrator users can assign custom access levels for users through the use of role based permissions
5. Data can be restricted or suppressed for specific users or user types through functionality within the application
6. Execview can custom-develop functionality based on the client needs to replace manual processes, spreadsheets and disparate applications.
7. Any data, from any source, can be imported to Execview.
8. Fully customisable bespoke reports can be produced by users and administrators.
|Independence of resources||We use tools to constantly monitor the performance (New Relic) of the servers, ensuring they do not pass certain thresholds, that would affect performance / user experience|
|Service usage metrics||Yes|
1. Client Administrators can access a log of user activities.
2. Scorecards detailing numbers of project/service activities, with many metrics on risks, cost, delivery are either standard or can be quickly configured
3. A range of usage metrics are captures for use in bespoke reports
4. Execview will write additional reports on usage if required by a customer (at cost).
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Physical access control, complying with another standard|
|Data sanitisation process||No|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||A export facility built into the product - allows users to export (in Excel format)|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||Excel|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||
Availability and resilience
|Guaranteed availability||Application availability is designed to be 99.5% within the operating hours above. There are two UK-based data centres, with 15 minute updates between mirrored systems. Our data centre hosting provider, RackSpace, provides data storage, all physical and logical security and all backup and restore operations. Increments backups are taken nightly, with full backups weekly. Backups are stored off-site in the back-up datacentre. Execview test restores on a regular basis to assure that backups will provide valid recovery.|
|Approach to resilience||
Our data centre hosting provider, RackSpace, provides data storage, all physical and logical security and all backup and restore operations.
Backups are taken nightly, with full backups weekly. Backups are stored off-site. Execview test restores on a regular basis to assure that backups will provide valid recovery.
RackSpace provide business continuity and disaster recovery measures which, in the unlikely event of them being needed, would see an alternative hosted service restored within a maximum of 5 days. In practice, the mirrored servers should allow recovery within a day.
|Outage reporting||Email alerts - our service desk provides email notification to client Execview Administrators in the even of an outage or major service problem.|
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||Users currently authenticate using ID (not email address) and strong password. Authentication Server validation and single sign-on is also available (with a set-up cost). Execview can optionally be implemented on government servers if required, limited access to government networks. Note that 2-factor authentication is being added in 2Q17.|
|Access restrictions in management interfaces and support channels||A secure VPN is used for support interfaces to the application from the support team. Access is from nominated secure computers and other devices with encryption All IDs and strong passwords are centrally managed.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||British Assessment Bureau|
|ISO/IEC 27001 accreditation date||23rd February 2017|
|What the ISO/IEC 27001 doesn’t cover||None: ISO27001 covers all critical areas of our service, including hosting, applications management, security management.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
Execview security and controls policy standards are validated and accredited to ISO27001. These security documents are available on request where appropriate to government services. All Execview staff are validated to BPSS standards and a number of key staff are vetted to SC level.
Security is owned at Board level and managed by the Execview Security and Controls Manager.
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
Formal CM processes are used for all changes to production systems. A full range of dev/test/UAT/Beta/Production environments are used, and each client has its own 'Beta' copy of their production system for UAT of changes (if required - a subset of clients choose to do this). Execview operates quality processes to ISO9001 standard with accreditation.
Changes are prioritised and agreed by a weekly review process.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Regular risk assessment processes.
Server hardware and security updates applied directly by RackSpace in line with their processes. All user hardware is Windows 10 based and updated as patches become available .
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||
Images for both Windows and Linux deployments to serve as a baseline for hosted systems. However these images should not be considered to be 'hardened,' as customer requirements differ. When a server is set-up, hardening is done by assigning strong default passwords, non-essential services turned off by default, FTP access being disabled, and default accounts disabled by default.
All internal and external vulnerability assessments of the customer solution are the responsibility of the customer, and should be performed according to the 'Logical Security Testing Consent Agreement' form.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||Execview will respond to incidents as we become aware of them, and advise customers by email notification. Incidents affecting a single solution will be managed by the relevant Service Delivery Manager, incidents affecting multiple customers will be managed by the Global Incident Management team.|
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£1000 to £1000 per licence per month|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||We offer the ability for prospective clients to explore Execview (EV) via a limited POC where we give access to a contracted Service that allows clients to explore EV over an agreed time. There is often a configuration / training / service provided with this, charged at standard day rates.|