APPLICATION READINESS

Application Assurance

Readiness is the world’s first entirely web-based, dynamic, on-demand system for automatic application assessment, remediation and conversion of an enterprise’s entire portfolio of applications. Readiness provides not just application compatibility, but application “readiness”, which means all apps are installable, run as expected, update and then uninstall cleanly, and commercially compliant.

Features

  • application assessment
  • application packaging
  • patch impact assessment
  • application conversion
  • application remediation
  • application package virus scanning
  • application installation anti-malware scanning

Benefits

  • automatically assess application security risks
  • automatically convert applications
  • assess patch impact
  • automatically fix compatibility issues

Pricing

£6 to £10 a unit a month

Service documents

Framework

G-Cloud 12

Service ID

5 0 2 7 2 0 6 4 4 5 9 2 2 1 2

Contact

APPLICATION READINESS Greg Lambert
Telephone: +1 778 677 4033
Email: greg.lambert@applicationreadiness.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Application Readiness can be used as a stand-alone service or integrated into an existing application life cycle management system
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
No constraints, no hardware or software limitations
System requirements
  • No requirements - no hardware required
  • No requirements - no software required

User support

Email or online ticketing support
Email or online ticketing
Support response times
24-hour support, with same day response
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AAA
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
We have been audited and are compliant with section 508 (https://www.section508.gov/)
Onsite support
No
Support levels
All support is provided through online chat, calls or screen sharing. Support includes engineering, development and manager level escalations.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
To start the process, the client needs to upload their application packages to our secure, cloud-based storage area. Nothing more is required.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
The client owns all of the data, which can be extracted and downloaded in spreadsheet and package file format at anytime.
End-of-contract process
At contract end, all data held on the the Application Readiness servers are federally cleansed unless otherwise required by the client. No further action from the client is required.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
There is no difference between our mobile and our desktop service experience.
Service interface
Yes
Description of service interface
Our service interface is based REST API and can be accessed via web pages and local scripts (PowerShell)
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
We have been audited and comply with section 308 (https://www.section508.gov/)
API
Yes
What users can and can't do using the API
All services and functionality offered by Application Readiness is available through an API. There are no known limitations at the present time.
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The service can fully tuned for the client desktop and server environment, including all checks, reports and conversion technologies. In addition all documentation can be branded according to client requirements.

Scaling

Independence of resources
If requested, each client "instance" can be allocated on a separate storage area, servers and required virtual machine pools. This ensures that each client area is secure and scalable.

Analytics

Service usage metrics
Yes
Metrics types
We provide an analysis on all usage, assessments, conversions and mitigations. Daily, weekly and on-demand reports are available through our web interface.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
All data can be exported via our web application or API's onto CSV spreadsheet files or data-dumps.
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • Other
Other data import formats
  • Application installations (EXE's and MSI Instsaller files)
  • Raw application directories

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
We guarantee next-day support ticketing, 24/7 service availability with 99.95% uptime.
Approach to resilience
This is information is available on request.
Outage reporting
We provide email updates, API broadcasts and a dashboard for any service outages or limitations.

Identity and authentication

User authentication needed
Yes
User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
Access is restricted using two-factor authentication and could be restricted by location, machine or terminal type.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
CSA CCM version 3.0
Information security policies and processes
Following a rigorous policy of continual assessment, external auditing and globally recognized best practices, Readiness has ensure for the past three years that we have not experienced a single breach or security event. Working with Microsoft, we ensure that our people, processes and polices will deliver secure, compliant and robust services to all our clients including:

Confidentiality disclosure agreement,
Staff Clearance,
IT Policy and Procedure,
Network & Servers Security plus Monitoring,
Secure configuration & Removable Media control,
Data Security, Data Disposal, Backup and Business Continuity,

User Access Rights,
Malware prevention,
User education and awareness,
Incident management,
Patch management,

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Change management is performed through an Agile model, with all changes tracked, version controlled and backed up automatically. Testing is completed on daily builds and before deployment to client environments.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Using our internal security team, we have modelled a number of threats and have created automated tests for each permutation. Patches can be deployed with a few hours if required. Threat information is provided by Microsoft and our clients.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Given our real-time performance monitoring and security models, we expect a very rapid response to any system level compromises or security incidents.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Incident or trouble-shooting tickets are pre-defined and agreed for each client and are available through our web-based interface and reporting system.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£6 to £10 a unit a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Application Readiness a time limited, 25 package application assessment service that demonstrates the ease of use, simplicity of operation and compelling results.
Link to free trial
https://applicationreadiness.com/try-readiness/

Service documents