Fujitsu Services Limited

Cloud Financial Management SaaS (Fujitsu Cloud Service PICCO)

PICCO, a Cloud Financial Management solution, allows control of cloud costs, ensuring budget owners are accountable for usage through it's cost allocation engine.
PICCO empowers financial owners to analyse their cloud options and predict their costs.
Financially manage your cloud resources, including AWS, Azure, Fujitsu's K5/S5, Google and more.

Features

  • Allocate your cloud costs to the correct individuals and departments
  • Assist in the identification of Shadow IT
  • Forecast your utility cloud expenditure assisting with financial planning

Benefits

  • Achieve full financial clarity in your cloud economy
  • Monitor and manage costs
  • Set expense limits for units, projects, providers and services
  • Empower a culture change, moving accountability to budget owner
  • Compare cloud providers and identify the best option for you

Pricing

£835 per unit per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 9

465778644040619

Fujitsu Services Limited

Government Frameworks Desk

0843 365 1549

government.frameworks@uk.fujitsu.com

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Fujitsu K5
Fujitsu S5
Amazon Web Services
Microsoft Azure
Google Compute Platform
Many others
Cloud deployment model Public cloud
Service constraints 1. The service is standardised where possible to ensure shared learnings & efficiency.
2. The service is delivered as a SaaS product as standard, but can be deployed on premise if required. This is offered upon request.
System requirements
  • SaaS based as standard
  • Dedicated on-premise version is available upon request

User support

User support
Email or online ticketing support Email or online ticketing
Support response times As defined in the attached service definition
User can manage status and priority of support tickets No
Phone support No
Web chat support Yes, at an extra cost
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible As defined in the attached service definition
Web chat accessibility testing As defined in the attached service definition
Onsite support No
Support levels As described in the attached service definition
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started The service is designed to be intuitive and easy to use, without requiring any training.
However, for users who require training this is available online or onsite or via user documentation.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction Subsequent to the termination of the Agreement, Fujitsu will contact the Customer and ask him if he wants to be provided with the Customer Content. In case the Customer approves, Fujitsu will provide the Customer with the Customer Content in CSV format or another common and suitable electronic format subject to Fujitsu’s sole discretion.
End-of-contract process At the end of the contract the service will still be functional and available to use if the user/customer chooses to extend the contract. For customers/users who wish to end the contract, the system will be made unavailable at a time which is agreed between both parties.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility No official accessibility assessments have been made, however the product is designed to be intuitive and easy to use and is updated to maintain this commitment.
Accessibility testing No official accessibility assessments have been made, however the product is designed to be intuitive and easy to use and is updated to maintain this commitment.
API Yes
What users can and can't do using the API See attached service definition document
API documentation No
API sandbox or test environment No
Customisation available Yes
Description of customisation As per the attached service definition

Scaling

Scaling
Independence of resources In a SaaS service environment scaling is managed by the service provider and therefore not a concern of the user/customer.

Analytics

Analytics
Service usage metrics No

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency Less than once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Users can export stored cost data in pdf, excel or csv file format by self service from within PICCO App.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • JSON
  • Excel
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • JSON
  • Excel

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 99.99%
Approach to resilience Details available upon request
Outage reporting Email alerts if requested

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels UserID & Password
SAML2
API & Token
Access restriction testing frequency At least every 6 months
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Bureau Veritas
ISO/IEC 27001 accreditation date 05/12/2015
What the ISO/IEC 27001 doesn’t cover The service is covered by the accreditation.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes The supplying organisation is complying with ISO/IEC 27001.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Changes are approved prior to implementation.
Development follows agile principles with automated testing embedded within a CICD process.
For secure environments the CICD process can be delayed upon request, however this is not optimum and will involve assessment against any specific requirements.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Service health is monitored on a continual basis & any identified threats are managed and resolved as quickly as possible. Updates to a production environment occur on a hourly or daily basis, depending upon the severity of the update.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Service health is monitored on a continual basis & any identified threats are managed and resolved as quickly as possible. Updates to a production environment occur on a hourly or daily basis, depending upon the severity of the update.
Incident management type Supplier-defined controls
Incident management approach A pre-defined and mature incident process exists, automated where possible with inputs from service monitoring tools.
Users can report incidents via the customer service desk.
Incident reports are available as part of the customer service desk processes.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £835 per unit per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial As defined in the service definition

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑