D-RisQ Ltd.


Modelworks® uniquely applies Formal Methods mathematics to systems requirements to assess the stability of systems, show whether redundant functionality exists and ensure that systems will never deadlock. The technique will show where the actual behaviour of the design is not reflected in the requirements and also provide repeatable, objective evidence.


  • Automatic tool which is integrated with existing development tools
  • Little additional specialist knowledge required for systems designers
  • Provides objective evidence of meeting design requirements for regulators
  • Comprehensive analysis output showing areas of design/requirements conflict
  • Can be used to assess systems resilience against security requirements


  • Massively reduces development cost by reducing the need for test
  • Automatically provides design compliance evidence for regulators
  • Speeds up redesign following requirements changes or design failures
  • Can ensure elimination of unwanted system behaviour
  • Can identify security requirements breaches in all modes of operation


£15000 to £20000 per licence per year

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 9


D-RisQ Ltd.

David Sheppard



Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Simulink
Cloud deployment model Private cloud
Service constraints Buyer needs to have a clear understanding of the importance of a robust set of systems requirements and personnel capable of developing systems and software design from these requirements. D-RisQ Ltd. has the personnel to help with obtaining this knowledge if currently not available.
System requirements
  • High end commercially available desktop computers
  • If needed for system requirements, licences for Simulink, Stateflow, Sysml

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 1 business day, weekdays only.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels 1st, 2nd and 3rd level support directly from D-RisQ Ltd. Cost is T&M from the SFIA rate card, other than general advice and assistance which is included in the licence fee. Given sufficient volume of business a technical account manager would be allocated.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started If fully capable, then the buyer can start operation on day 1.
D-RisQ offers T&M contracts (against the SFIA rate card) to cover less capable users through the process of;
Requirements setting and capture
Tool set up and operation
Analysis of results
The T&M will be dependent on each buyer's existing capability but will provide knowledge transfer from D-RisQ to the buyer in order to ensure the buyer becomes self sufficient.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction The tool provides the data output for analysis as part of its function.
End-of-contract process The licence fee for Modelworks includes the provision of the tool plus 1st, 2nd and 3rd level support for one year. Support consultancy covering the structuring of requirements and design and training staff to an appropriate capability level is charged separately on a T&M basis against the SFIA rate card.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Firefox
  • Chrome
Application to install Yes
Compatible operating systems Windows
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility Design has taken into consideration accessibility issues concerning colour vision. The use of a GUI interface has some inherent limitations, but further accessibility requests can be considered.
Accessibility testing None to date.
Customisation available No


Independence of resources Application is downloaded directly on to local computer hardware.


Service usage metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process No
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Data is output on the computer screen or via paper copy for analysis.
Data export formats Other
Other data export formats
  • Plain text reports
  • MATLAB scripts and data files
Data import formats Other
Other data import formats
  • Plain text requirement descriptions
  • MATLAB model files

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Other
Other protection between networks Initial download is secured using SFTP; once installed, no data leaves the buyer's network.
Data protection within supplier network Other
Other protection within supplier network No customer data is present on our network. Internal traffic relating to the initial download is secured using SSH.

Availability and resilience

Availability and resilience
Guaranteed availability Once application is downloaded the availability is under the buyers control.
Approach to resilience Download server is Cyber essentials accredited, and ISO9001 certified. Once downloaded, resilience is down to the buyer to control.
Outage reporting None required

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Username or password
  • Other
Other user authentication To access the download area, users are supplied with a username and password that are disabled after they complete the download. After the download, users install Modelworks onto their internal systems, and are responsible for providing their own access controls.
Access restrictions in management interfaces and support channels We do not provide management interfaces. Support is provided via e-mail from a recognised e-mail address.
Access restriction testing frequency At least every 6 months
Management access authentication Other

Audit information for users

Audit information for users
Access to user activity audit information No audit information available
Access to supplier activity audit information No audit information available
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations
  • Cyber Essentials
  • ISO9001

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards Other
Other security governance standards Cyber Essentials
Information security policies and processes Security Officer is a member of the D-RisQ Ltd. Board and monitors compliance with certified standards and the updating of the company's written security policy

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Modelworks software is developed and tested according to D-RisQ internal software development processes, which include requirements gathering, testing, review, and quality assurance steps and records all material in a source-control system.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Potential threats are identified by in-house analysis. Modelworks is used entirely internally by the customer once downloaded, so the attack surface is minimal and consists of only the download server. Patches to the download area are applied on the same working day.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Potential compromises are identified by manual review of the logs for the download server. No customer material is present on the download server, so our initial response would be to take the server offline, then analyse the compromise. Responses to incidents would happen on the same working day.
Incident management type Supplier-defined controls
Incident management approach We have an internal ticketing system that is used to track incidents. Customers can report incidents to us by e-mail, and reports would be provided on a case-by-case basis.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £15000 to £20000 per licence per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Included is a demonstration of the use of the tool on a generic systems model.
Not included is a proof of concept demonstration on a buyer's own model, this would be subject to a consultancy support contract.


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑