Hornbill for IT
Hornbill for IT is an ITSM solution offering a modern approach to IT Service Management, which blends ITIL best-practice with collaboration capabilities to increase IT agility. Establish the foundation for your Enterprise Service Management strategy, using Hornbill's SaaS platform to connect your IT, HR, Security, and other service delivery teams.
- Collaborative Service Management: an innovative way to adopt ITSM best-practice
- Powerful business process orchestration and task automation
- Process Tracker displays instant visibility of request status
- Progressive capture improves speed and accuracy of data input
- Fully-featured mobile interface keeps users connected and informed
- Extend best-practice to other business units with Enterprise Service Management
- Capture knowledge and expertise from conversation
- Self-Service and peer-to-peer support drives low-cost issue resolution
- Instant translation removes language barriers in real time
- Powerful analytics for improved decision making
- Free switch-on implementation service and 30-day trial
- Priced for Life - no price increases guaranteed
- No fixed term contract – we don’t lock you in
- Trained for Life – no training costs
- 100% codeless customisation with graphical design tools
- Continuous deployment means the software is always up-to-date
- Software as a Service - Upgrades do not affect customisations
- Deploy additional productivity and business applications with a single click
- Move issue resolution and request fulfilment to lowest cost level
- ITIL compatible processes for rapid adoption of ITSM best-practice
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
The Hornbill platform is kept up to date at all times. Updates are applied transparently and with no disruption to customers. Any maintenance that will impact service to a customer will only be carried out with agreement and a schedule secured from a 30 day advance notice, in order to undertake the work that has been agreed with each customer affected. Maintenance work is normally performed outside of normal working hours to ensure minimal disruption.
Where urgent work, such as emergency fixes, security patches or other
unforeseen maintenance work must be carried out, customers are kept
informed with regular updates.
|System requirements||Supported Web Browser: IE11+, Microsoft Edge, Chrome, Firefox, or Safari|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Service Availability Support: 24x7x365
Application Support: 9am - 5:30pm, Mon - Fri
Priority 1 - 15 mins
Priority 2 - 30 mins
Priority 3 - 4 hours
Priority 4 - 8 hours
Comprehensive support for all types of issues and defined SLA’s are available with the Premier and Concierge Success Plans. https://wiki.hornbill.com/index.php/Premier_Success_Plan
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
Essential – £Free.
The Essential Success Plan is included in your subscription and offers 24x7 assistance via online reporting for critical service availability issues. Up to 3 named contacts can access the Hornbill Community Forum and make use of knowledge resources, open-source integration tools and Hornbill API’s.
Premier – £278 per month.
The Premier Success Plan includes everything in Essential and provides
5 named contacts with access to Hornbill’s Customer Support Teams
for formal application support for non-critical issues. Premier includes
multi-instance support, defined Service Levels and 10 credits of Expert
Services. A dedicated Success Team provides quarterly service delivery
reviews and priority incident reports.
Concierge – from £2,780 per month.
The Concierge Plan includes everything in Premier and provides 10 named contacts with access to a Technical Account Manager, dedicated Product Specialist, weekly service delivery reviews and Development escalation priority. Concierge includes 100 credits of Expert Services and preferential rates on further expert services.
|Support available to third parties||Yes|
Onboarding and offboarding
Hornbill for IT is highly intuitive to use and administer. Hornbill’s free 30-day ‘Switch-On’ service provides customers with access to Hornbill Product Specialists, who transfer knowledge to enable users to become self-sufficient in configuring and integrating the software with other business systems.
Product Specialists offer advice and assistance with:
→ Integration with your corporate e-mail system
→ Integration with your corporate directory service (typically AD or other
LDAP based directory service using SAML 2.0) for Single Sign-On
→ Setting up/importing your users
→ Importing your contacts or other static data
→ Importing IT assets
→ Advice on how to set up WebHooks for real-time integration with other
→ Setting up any aspects of the application(s) you have chosen to deploy on the Hornbill platform
→ Advice on customisations, settings, and what can (or cannot) be achieved according to your requirements.
At the end of the free 30-day Switch-On period, the majority of customers
are already getting value, and have all the proof points they need to simply
subscribe and continue using the software in a live environment, with no fuss, complicated and expensive installs or paid-for consultancy services.
|End-of-contract data extraction||If the Customer terminates the agreement, Hornbill will retain the Customer's Data for a period of 60 Days from the Date of Termination. Upon request, Hornbill will provide the Customer with a copy of this data in an industry standard machine readable format.|
In the event that a customer wishes to terminate their subscription, Hornbill shall use reasonable endeavours to provide a copy of the customer’s data and documents within 20 working days. Such assistance may be subject to Hornbill’s terms and associated day rates for time and materials consultancy services.
Hornbill will delete the customer specific data, backups and keys used to
encrypt data for archiving purposes within 30-60 days of the termination date. Data may be retained up to 12 months for archival purposes for a one-off administrative fee.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Standard service management functionality is available on both the mobile and desktop interfaces. However, a browser interface is required to access the administration interface and configure the solution.|
|Description of service interface||Hornbill's service interface operates on any supported browser. Intuitive features, such as progressive capture, provide a consumer-like experience, so users require little or no training. Most aspects of the service experience can be customised, without the need for technical expertise or coding abilities. Hornbill for IT includes numerous pre-packaged business processes with workflows that are ready to adapt to meet specific business needs.|
|Accessibility standards||WCAG 2.1 A|
|Accessibility testing||Hornbill has not tested the application with specific assistive technologies. However, Hornbill's Development teams work with individuals within the user community who need to take advantage of accessibility options provided by the application and the browser. Feedback from users of assistive technology is prioritised and improved incrementally through Hornbill's continuous delivery approach.|
|What users can and can't do using the API||
Web Hooks, the opposite to an API call, is a call from Hornbill to a web endpoint of your choosing. Most application actions on a Hornbill instance can trigger an action-specific event when an action is performed. Hornbill can be configured to call to a web end point passing the action-specific data to the web service. This is a very powerful mechanism that enables near real-time integration with other business systems.
|API documentation formats||HTML|
|API sandbox or test environment||Yes|
|Description of customisation||
Hornbill’s unique business process engine and workflow orchestration drives manual and automated tasks to streamline the process of getting work done. The easy-to-use graphical interface enables 100% codeless customisation, allowing the complex operational processes to be configured without technical or specialist skills.
Progressive Capture enables configuration of a series of logical workflow stages and activities, to shield users from complexity, and ensure that processes are followed reliably every time.
Only users with adequate permissions can access the customisation domain and Hornbill guarantees that all customisations will continue to work when the service and software is updated.
|Independence of resources||Hornbill for IT is designed to accommodate enterprise-scale needs. The application scales horizontally though the addition of extra hypervisors and rack space. Hornbill can also quickly create an instance or a complete replica of the Hornbill infrastructure in Amazon Web Services (AWS), which means that capacity and scalability is never an issue.|
|Service usage metrics||Yes|
Hornbill provides live service availability metrics online via - https://status.hornbill.com/
In addition, Hornbill tracks service usage information, such as Number of Subscribed Users, Basic Users, Mailboxes. Storage Usage is also available, including Total Usage, Disk Usage, Database Usage, and Last Audit Date/Time.
Application Subscription Information is available reporting Applications Installed, Version Numbers, Installation Date, Number of Subscribed Users and Number of Subscriptions Available.
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a CHECK service provider|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||Hornbill will provide an export within 14 days of receipt of the Customer's request and can provide further copies, once every 90 days, at no additional cost. The data is archived, compressed, encrypted and placed on Hornbill servers. The Customer is notified by email and has 7 days to download the data. If more frequent downloads are required, Hornbill can provide a scheduled push of Customer data through an optional chargeable subscription add-on service called Hornbill Data Assurity. This service delivers a complete copy of the data to a cloud service controlled by the Customer e.g. Amazon S3.|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||
Availability and resilience
Hornbill is committed to delivering the best level of service possible. We are open and transparent about our service level performance, and honest when things go wrong. While our standard terms of service contractually commit to service availability of no less than 99.5% we always measure ourselves against an operational target which is set at 99.95% – significantly more stringent than our contractual SLA.
Availability Service Credits are calculated on a monthly basis as a percentage of the Subscription Fee where the SaaS Service Availability falls below a certain threshold as shown below:
- Between 99.49% and 98.50% - 2.5% Service Credit
- Between 98.49% and 97.50% - 5% Service Credit
- Between 97.49% and 96.50% - 10% Service Credit
- Less than 96.50% - 20% Service Credit
|Approach to resilience||
Customer instances run on industrial strength fully redundant hypervisor
based infrastructure.Emergency restore and recovery within 2 hours.
Backups taken daily, weekly and monthly for each instance. Backups are cycled, so there is always one daily, weekly and monthly full backup available. Backups are taken without any service downtime. Instances are continuously replicated to backup servers in another data centre for full offsite data redundancy, and locally within the same data centre to facilitate fast recovery.
A public dashboard is available at https://status.hornbill.com/ showing current status information and details of the past twelve months service availability, so customers can see how Hornbill performs
against its' operational targets. Uptime shown for the current month
represents the availability for the current month to date and is updated daily.
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||A valid username and password is required to access management interfaces and support channels. Hornbill operates a Named Support Contact policy and requests for support are accepted from nominated contacts only. A 'Named Account Authority' is responsible for operational changes, such as authorising adjustments to the numbers of subscribers and keeping Named Support Contact information up-to-date.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||Between 6 months and 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||British Standards Institute|
|ISO/IEC 27001 accreditation date||19/10/2018|
|What the ISO/IEC 27001 doesn’t cover||No standard controls are excluded from Hornbill's ISO/IEC 27001 certification.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
Hornbill is committed to preserving the confidentiality, integrity and availability of its physical and information assets. Hornbill’s Information Security Management System (ISMS) is ISO/IEC 27001:2013 certified.
Physical Security includes external and internal HD CCTV cameras tied back to DVR systems, with backup to SAN storage. Proximity access control uses access card and biometric authentication. Mantrap uses ultrasonic technology for single person verification and intruder and door tampering alarms are in place with a secure managed loading dock. Physical access to Hornbill’s network operations centre is controlled by electronic door access and strict policies. All visitors to Hornbill are known entities, and must sign in to the building, and are always escorted when entering secured perimeters. Hornbill instances are security hardened at three levels. Only a subset of the Hornbill Cloud team has locked-down “physical” access to Hornbill instances to enable maintenance and investigation of any issues that arise. All changes to Hornbill instances are logged through a formal Change Request process and require authorisation before any change may be applied. Access to all systems is audited and reviewed on a regular basis to ensure that the strict controls in place are adhered to.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Change requests must provide sufficient information to support assessment. Cloud Service Manager (CSM) reviews changes in accordance with Hornbill’s risk management framework. Standard/minor changes are approved by the CSM. Emergency changes require CAB Executive approval. Significant/major changes are carried out in test environments, must include test plans, business and technical acceptance criteria, and back-out plans enabling rollback of configuration items to a working baseline. Email approvals from the CAB/Chief Technical Officer are attached to change requests for audit purposes. Significant/major changes Releases to production must be authorised by the CSM to ensure minimal impact on service availability and business continuity.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||Hornbill evaluates strategic and operational risks on an ongoing basis. Risk assessments are carried out whenever there is a change to assets, scope of the Information Security System, code, or to the risk environment. The potential impact of each threat-vulnerability is assessed using the risk likelihood scale and risk levels are automatically calculated and recorded against the asset in the risk assessment register. Vulnerabilities are identified from multiple sources (vendor information, CVE/NIST lists and in-house testing) on weekly basis. CVE critical assessments are carried out on daily basis and are either resolved\patched or mitigated by process within 12 hours.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||All instances, services and hardware are monitored from several locations around the world. Over 100 metrics per instance are checked every 5 minutes, covering; performance, load, availability, capacity, sanity checks, security and backups . Any warnings are logged and escalated to Hornbill's Cloud Team, and response times are in accordance with the priority classification assigned to each incident: - Priority 1 (15 mins), Priority 2 (30 mins), Priority 3 (4 business hours), Priority 4 (1 business day). Customers are notified and any potential impact on service availability is published on the Cloud Services Platform Portal - https://status.hornbill.com/|
|Incident management type||Supplier-defined controls|
|Incident management approach||Incidents are raised by customers with enhanced Success Plans though a form on Hornbill's website. The webform performs a high-level health-check on the customer’s instance once the customer details have been provided. The Support team confirms the request priority with the customer and provides a meaningful response to satisfy SLA response targets and subsequently works towards SLA resolution targets. Incident reports are available to customers through the self-service portal. If either the health-check or internal processes identify a critical issue affecting system availability, a major incident process is activated involving senior management personnel who project manage the issue to completion.|
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£47.25 to £71.00 per user per month|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||Hornbill's 30 Day Satisfaction Guarantee removes risk and enables the customer to make an informed decision to either subscribe, or walk away. The 30 Day trial period includes; free implementation in the form of a Switch-On service and free training.|
|Link to free trial||https://www.hornbill.com/solutions/it|