Capgemini UK plc

Capgemini Enterprise iPaaS

Capgemini Enterprise iPaaS is a cloud agnostic API and hybrid integration Platform-as-a-Service. Any combination of cloud-based and on premises applications can be integrated as part of an evolving hybrid cloud environment enabling enterprises to unlock their data, foster innovation, accelerate speed to market and build sustainable competitive advantage.


  • Cloud agnostic, portable across any public and private cloud vendors
  • Included with API management and hybrid integration capability
  • Included with Continuous Integration Continuous Delivery and user accelerators
  • Can provide dedicated instance with data isolation and service levels
  • Comprised of open-source products leveraging the talented open-source community
  • Can be available 24 hours after signed Ts and Cs
  • Bought easily on a pay-per-use model with monthly subscription pricing
  • Flexibility to avoid commercial lock-in
  • Can provide platform instances provisioned and scaled on-demand
  • Can provide 24/7/365 proactive support with API analytics/integration monitoring


  • Can unlock data via APIs enabling innovation of new services
  • Can create composite applications by integrating cloud-services with existing IT
  • Can take advantage of pay-as-you-go service models
  • Flexibility to swap SaaS services avoiding vendor lock-in
  • Can enable continuous/rapid delivery of APIs and integration flows
  • Key enabler for mobile-first, cloud-first, IoT strategies and digital transformations
  • Can support evolving hybrid IT landscapes/journey to the cloud
  • Can open up data to comply with existing/emerging regulations
  • Can allow independent platform ownership via Capgemini`s unique exit option
  • Can promote education of workforce and increases their productivity


£2300 per unit per month

Service documents

G-Cloud 9


Capgemini UK plc

Giovanna Borgia

+44(0)370 904 4858

Service scope

Service scope
Service constraints Black-box, fixed technology stack service; Currently supports AWS; Azure and OpenStack support from Q3 2017
System requirements
  • AWS, Azure or OpenStack cloud hosting
  • On-premises/hybrid requires private cloud with sufficient compute and networking capacity.
  • Cloud/on-premises deployment requires network connectivity to client data centre.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We aim to acknowledge receipt of questions within one Working Day. Resolution times will be according to the service level agreement for the service.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support No
Web chat support No
Onsite support Yes, at extra cost
Support levels Individual service levels are described in the Service Definition. Should you have requirements for other service levels, please contact Capgemini directly to discuss.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We help users make use of our services through training and documentation as appropriate. The Capgemini Enterprise iPaaS includes a user portal containing how-to guides, principles and demo applications. Add-on consultancy services are also available to accelerate delivery using the service.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Arrangements for Buyer data to be extracted can be agreed at the start of each contract, and the execution of such arrangements can be completed as part of the contract close down procedures
End-of-contract process At the end of the contract, Capgemini can review with the Buyer: That contractual obligations have been met; That invoices have been raised and paid; That no outstanding, documented issues remain (unless agreed otherwise); That access rights have been terminated and user IDs deleted; That data had been backed up and recovered as appropriate

Using the service

Using the service
Web browser interface Yes
Using the web interface Design, prototype, publish and govern APIs
Support API development
Control API access and security
View API documentation and subscribe to APIs
Manage and scale API traffic
Deploy integration flows
Monitor API and integration traffic.
Web interface accessibility standard None or don’t know
How the web interface is accessible Open Source products utilised.
Web interface accessibility testing No additional accessibility testing performed for off the shelf Open Source products
Command line interface No


Scaling available No
Independence of resources Each deployment is a dedicated instance of the Capgemini Enterprise iPaaS Platform with encrypted data at rest, giving assurance of data isolation, service levels and performance.
Usage notifications Yes
Usage reporting Email


Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
  • Other
Other metrics Contact Capgemini for any other infrastructure or application metrics
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold AWS

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Hardware containing data is completely destroyed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Internal system configuration
  • User stores
  • CI pipelines
Backup controls Backups are internal system configuration only and controlled by the support team.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users contact the support team to schedule backups
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability The Capgemini Enterprise iPaaS resilient implementation approach allows for an increased service availability, mitigating against many failure scenarios. The guaranteed Service Level for Availability is 99.95%.
Approach to resilience Please contact Capgemini directly for this information.
Outage reporting System alerts and outages are reported centrally through the Capgemini Enterprise iPaaS Online Helpdesk. Optionally, the Buyer can integrate their existing Service Management systems and ITIL processes using our Connect add-on service.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Authentication and authorisation controlled via membership of LDAP groups. Sections of the platform that do not need to be public are secured with a VPN solution with multi-factor authentication. APIs are secured through the API Manager by leveraging the OAuth API access standard, and supports common OAuth grant profiles.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Devices users manage the service through
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 DNV GL Business Assurance UK Limited
ISO/IEC 27001 accreditation date 28/11/2016
What the ISO/IEC 27001 doesn’t cover Contact Capgemini directly for further information
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations HMG Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
Other security governance standards Please contact Capgemini directly, if other security governance standards are required
Information security policies and processes Capgemini follows its own information security policy, which is referenced against ISO27001:2013 - Information Technology - Security Techniques - Information Security Management Systems - Requirements, ISO 27002:2013 - Information Technology - Security Techniques - Code of Practice for Information Security Controls, and the Information Security Forum - Standard of Good Practice (2014).

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Capgemini 's configuration and change management processes are set out in its ‘Unified Project Method’ (UPM), but can be adapted to comply with specific requirements by agreement with individual Buyers (tailored services may attract additional charges)
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach The CESG IS1/2-derived process is used as a basis - it is a living document rather than a one-time statement of risk. This is used to inform the impact of any identified vulnerability and an appropriate response.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Anti-virus and Intrusion detection is provided as standard on the platform to identify potential compromises – providing the appropriate alerting. Alerts are reported via dashboards. Response times are determined by the severity of the incidents raised.
Incident management type Supplier-defined controls
Incident management approach Capgemini 's incident management processes are set out in its ‘Unified Service Method’ (USM), but can be adapted to comply with specific requirements by agreement with individual Buyers (tailored services may attract additional charges)

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Third-party
Third-party virtualisation provider AWS, Azure, Openstack-enabled cloud providers.
How shared infrastructure is kept separate Please contact Capgemini directly for detailed information.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £2300 per unit per month
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑