Derive Logic Limited

IT Asset Management Tooling as a Service

Cloud ITAM and SAM tools (included Snow and Aspera) provide organisations with visibility of their IT assets, enabling effective management of related entitlements, consumption and renewals. Tooling provides users with the intelligence (dashboards and reporting) that help them to optimise and transform estates, remaining compliant, optimised, agile and secure.


  • IT Asset Management (ITAM) for cloud
  • Software Asset Management (SAM) for cloud
  • Hardware Asset Management (HAM) integrating with cloud (e.g. IoT)
  • Entitlement & inventory data management
  • Asset and consumption/usage dashboards & reporting
  • Cost avoidance & cost savings
  • Licence compliance reporting and management - audit support
  • Hardware & software lifecycle management
  • Renewals management
  • Cloud Snow & Aspera (SaaS)


  • Supports compliance and optimisation of physical and cloud assets
  • Consolidated visibility of hardware and software assets across an estate
  • Manages licensing and service renewals for assets in an estate
  • IT cost optimisation and avoidance, reduces overspend via reharvesting licenses
  • Entitlement & inventory management - SAM & ITAM
  • Improves IT governance - on-premise, cloud, outsourced & IoT
  • Software licensing utilisation and consumption of subscription based software
  • Reduces IT and business risks from non-compliant usage
  • Management information/intelligence (MI) enables effective budgeting
  • Supports effective IT governance through process and policy enforcement


£1.16 to £3.51 per device per month

  • Education pricing available

Service documents

G-Cloud 10


Derive Logic Limited

Christopher Lewis

01285 719 820

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints Depending on the technology platform chosen, some platforms have technology constraints on functionality that is based on system integration.

Any compliance or optimisation analysis of the existing software estate is outside of the scope of this service.

Our Support Desk operates in office hours 9-5.30pm Monday to Friday, excluding Bank Holidays.
System requirements
  • Tooling clients/applications may need downloading and installing
  • Port 443 accessible
  • Firewall/proxy configured to allow data communication with chosen platform
  • Proxy details supplied (if required in agent configuration)
  • Credentials for 3rd party data sources (e.g. AD, vCenter)
  • Users need to have internet access

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Our standard first response or acknowledgement is one working day. In this response we provide ticket details and priorities based on the clients SLAs, these can be defined within our Statement of Works (SoW) and/or in Call-Off Contract. Our support deck operates 9am to 5.30pm (UK time), Monday to Friday excluding bank holidays.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels Our Service Desk Analysts act as a single point of contact and aim to resolve issues and queries on the first call. Should that not be possible we have a clear escalation path to Level 2 and 3 resources to ensure rapid resolution, via escalation to the appropriate Consultant or Architect as required.

Level1: Service Desk – Single Point of Contact (SPoC), call/ticket logging and reporting, support and advice with goal of first call resolution.

Level2: Licensing & Tooling Consultant – skilled in cloud licensing and compliance, covering specified vendors or software publishers and ITAM Tooling.

Level3: Senior Consultant or Architect - extensive experience and skills in SAM & ITAM transformation including cloud licensing, optimisation & data architecture.

If the client issue cannot be resolved remotely via telephone or web conference, we can provide on-site user support provided by our technical experts and consultants as defined by individual client contracts agreed with buyers on the framework. Pricing for on-site support will be dependant upon SLA and defined number and frequency of visits, to be defined and agreed with buyer at time of order.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started During onboarding a plan is generated to cover the scope of the service, data requirements and service milestones, as well as a RACI (responsible, accountable, consulted and informed) matrix for key service stakeholders. The service will also be allocated a Derive Logic Engagement Manager, who will coordinate and manage the service onboarding and delivery.

An initial kick-off workshop will then take place with key stakeholders and users, our team will produce and follow a detailed project plan covering system set-up, configuration and integration. Once the system is implemented we will on-board in-scope vendors and test this data, as well as system dashboards and reports for completeness and accuracy. At every stage our Engagement Manager will regularly up-date project owners and stakeholders on project progress, milestones and requirements.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Derive Logic will provide encrypted data extracts within 60 days as part of the decommissioning process, users will have a limited capability to extract data depending on the platform chosen and the users permissions.
End-of-contract process At the end of the contracted period the client's users of the system will delete any software clients off their devices. Derive Logic will then extract all asset related data (as requested) from the system in question and return an encrypted copy of the data to the buyer or an appointed owner. Once this has been actioned successfully Derive logic will ensure that the system and related data held is deleted/destroyed within 60 days of contract termination date or a date to be agreed with the buyer.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install Yes
Compatible operating systems
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility These services are accessible through the internet browsers as stated above.
Accessibility testing None.
What users can and can't do using the API This will depend on the technology platform chosen (e.g. APIs can be used to enable integration/connection to third party applications that connectors have been built for).
API documentation Yes
API documentation formats PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation User can customise dashboards and reports as required, advanced customisation of the system may required Derive Logic support.


Independence of resources Rackspace our data centre partner provides us with monitoring alerts and autoScale of resources.


Service usage metrics Yes
Metrics types Clients can request service metrics by raising a ticket with our support desk, this will be dependant upon tool chosen and can be defined and agreed during scoping.
Reporting types Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Snow and Aspera

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Users with permissions can run reports in the web interface and export limited datasets, wider ranging exports of data can be requested by raising a ticket with our support desk if required.
Data export formats
  • CSV
  • Other
Other data export formats XML
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability As a cloud service it is available continuously, unless agreed out of hours maintenance or up-grade work has scheduled, in which case the client will have been notified in advance by email. Our service is hosted in the UK in a RackSpace data centre, RackSpace quote 100% service availability on their website (as at time of writing this submission). Our hours of operation are Monday to Friday 9.00am to 5.30pm, should an issue occur clients can contact our Support Desk during this time. No service credits will be issued for scheduled downtime, or any service interruption in business hours less than 2 hours.
Approach to resilience Available upon request.
Outage reporting Derive Logic will provide users/administrators with email alerts on outages or issues should they occur as quickly as possible. These will also be issued for any scheduled maintenance and up-grade work in advance.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels No client access to management interfaces in our standard service.
Access restriction testing frequency Less than once a year
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Derive Logic take security extremely seriously when providing its services to both the private and public sectors. We maintain an active and documented information security programme which is owned at board level, our security is regularly audited and tested by a 3rd party that inspects physical and data security. Buyers can request details of our security governance and policies.
Information security policies and processes Our security policies and processes are defined and documented, these are regularly audited and reviewed to ensure they are up to date and robust. Details upon request.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All requests for change (RFCs) are assessed for security and commercial impact prior to initiating. Once the change has been agreed and delivered, the schedule agreement is up-dated accordingly and it is logged within the workbook specific to the service. This workbook is maintained throughout the life of the service.
Vulnerability management type Undisclosed
Vulnerability management approach The main objective of derive logic’s vulnerability management process is to detect and remediate vulnerabilities in a proactive and timely fashion. There are three ways Derive Logic manage vulnerabilities:

1. Periodic vulnerability scans.
2. Hosting partner notifications of infrastructure vulnerabilities.
3. Vulnerability alerts based on solution software components received from various security update services.
4.We are also a member of the Cyber Security Information Sharing Partnership (CiSP

Where vulnerabilities are detected where there could be any customer impact, the customer is notified as quickly as possible with the service potentially suspended until the vulnerability has been patched or remediated.
Protective monitoring type Undisclosed
Protective monitoring approach Available to buyers on request.
Incident management type Undisclosed
Incident management approach Our incident management processes for common events are defined in our IT policies master document, the purpose of this policy is to minimise the impact caused by information security incidents and malfunctions on information systems operated by or on behalf of Derive Logic. Our Policy Master document is regularly reviewed as part of our governance procedures. Users report incidents relating to our services via our support desk which is open 9am to 5.30pm Monday to Friday.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £1.16 to £3.51 per device per month
Discount for educational organisations Yes
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑