Level Cognision Artificial Intelligence Platform & Applications
Powered by our Cognision™ AI Cloud, Level's solutions pair knowledge with data to create digital assistants that work the same way your people do. Level's Cognision™ Cloud gives you a structured, yet flexible way to build and deploy AI-driven solutions, scaling services from Proofs of Value to production-scale systems.
- Self-service access to applications
- Desktop, Tablet and Mobile/Smartphone-enabled
- Easy to use look and feel, providing improved user interfaces
- Real-time reporting in support of transactions
- Secure integration with any application system
- Data encrypted throughout
- Deploy the services without customising the underlying business systems
- Links organisation policies to transactional business systems
- Ensure compliance with organisation policies
- Automate business policies by linking them to transactional systems
- Capture human knowledge and thinking process on the system
- Allows self-service and 24x7 access to business systems via smartphones
- Enable shared service centre to support clients with unique requirements
- Get more out of existing applications
- Pre-populates forms with data relevant to the user and transaction
- Replace existing customisations with personalisation
£3000 to £4000 per licence per month
- Free trial available
Level Global Ltd
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||Any application that creates or manages transactions and data. For example, back office applications (HR or Payroll system) or an application that supports/performs specific business function.|
|Cloud deployment model||Private cloud|
|Service constraints||The software will need access to Data from the buyers application(s), the buyer will have to provide access to data either real time or as per a pre-agreed schedule depending on the application and buyers need.|
|System requirements||Valid browser (when using IE, IE9 or above)|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Dependent on priority, response times range from 1 hour for P1s (Urgent) to 16 hours for P4s (low)|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Incident Level Priority 1; Incident Response = 1 working hour or less, Incident Update = Hourly
Incident Level Priority 2; Incident Response = 2 working hours or less, Incident Update = Every 4 Hours
Incident Level Priority 3: Incident Response = 1 working day or less, Incident Update = Every 24 Hours
Incident Level Priority 4: Incident Response = 2 working days or less, Incident Update = Every 120 Hours
Support charges are included in the monthly subscription fee. Support staff can be dispatched to site if changes that have impacted the service have been made to the client's own applications by the client. In this case, charges will be levied as described in the rate card attached with our pricing.
Each client has a nominated Account Manager who is responsible for all client engagement activities including support liaison.
|Support available to third parties||No|
Onboarding and offboarding
|Getting started||Onsite implementation and training provided. Documentation provided includes user stories, process flows, product guide and validation scripts.|
|End-of-contract data extraction||Clients can raise a request for the data and access to download the data from a secure FTP site will be provided.|
The client has the option to extend the services under GCloud terms. We would de-commission and discontinue the service.
Access to download data held on our platform will be provide at the end of the contract if requested.
Decommissioning costs are included in the contract price.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||The look and feel of the application is automatically re-purposed to suit the device that the application is being accessed from (desktop, tablet and smart phone). Where features that are unique to specific devices are being used, for example where calendar is used to select dates for annual leave, the application will use Android calendar for devices using the Android operating system or IoS calendar for iPhone.|
|Description of customisation||There are configurable components of the service, including decision and service modellers. We provide different levels of admin permissions to exposed different levels of configuration|
|Independence of resources||The Level Cognitive Intelligence platform uses Amazon Web Services (AWS), which is configured for high availability, fault tolerance, and adaptive load. This configuration allows the service to scale on demand with no noticeable effect on user experience.|
|Service usage metrics||Yes|
|Metrics types||We have some analytic metrics and page visit metrics that can be produced via reporting|
|Reporting types||Reports on request|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||
Using a secure FTP option. Some data will be one-off and other as per schedule.
Where service is integrated with users application, there is no need to export data.
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
System level guarantee: 99.5%.
System availability = 99.5% - 100% Service Credit = 0%.
System availability = 99.49 – 99.2% Service Credit = 5%.
System availability = 99.19% - 99.0% Service Credit = 10%.
System availability = Below 99% Service Credit = 15%.
|Approach to resilience||Level provide a clustered application solution with automatic failover as well as the ability to launch additional servers instantly to replace failed components. The solution's storage, memory and compute capacity can be increased without impact to the service to meet increases in demand.|
|Outage reporting||Email alert.|
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||User authentication and authorisation follow the application’s security model, e.g. when a user logs in, a session cookie can be sent from the by the application and stored by the browser. This is sent back to the application on each interaction, identifying the user and allowing them to interact without needing to pass their username and password every time. When the user logs out, this cookie is invalidated and can no longer be used to gain access to the system. This, combined with TLS and specific network access, ensures a safe and secure model.|
|Access restrictions in management interfaces and support channels||All internal (Level) access is via VPN and encryption keys on a case by case basis.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||2-factor authentication|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||The British Assessment Bureau.|
|ISO/IEC 27001 accreditation date||22/06/2016.|
|What the ISO/IEC 27001 doesn’t cover||All areas of the ISO/IEC 27001 Statement of Applicability have been addressed.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||AWS.|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
Level platform is based on Amazon Web Services whose Compliance enables customers to understand the robust controls in place at AWS to maintain security and data protection in the cloud. As systems are built on top of AWS cloud infrastructure, compliance responsibilities will be shared. By tying together governance-focused, audit-friendly service features with applicable compliance or audit standards, AWS Compliance enablers build on traditional programs; helping customers to establish and operate in an AWS security control environment. The IT infrastructure that AWS provides to its customers is designed and managed in alignment with security best practices and a variety of IT security standards, including:
• SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70) • SOC 2 • SOC 3 • FISMA, DIACAP, and FedRAMP • DOD CSM Levels 1-5 • PCI DSS Level 1 • ISO 9001 / ISO 27001 • ITAR • FIPS 140-2 • MTCS Level 3 .
In addition, the flexibility and control that the AWS platform provides allows customers to deploy solutions that meet several industry-specific standards.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Project Driven Changes
Clear milestones are set and acceptance criteria are quantified and measured before moving to the next phase. All project phases are controlled via a series of sprints which are carefully managed to ensure that the agreed delivery timescales are met.
Incident Driven Changes
Internal incidents should be logged only once a client incident reference has been attained. This ensures that the client’s incident management system is synchronised with our own, and that a clear communication channel is open between the client and Level to facilitate collaboration, coordination and the implementation of any changes.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Our platform is hosted on AWS whose Security team performs vulnerability scans on the host operating system, web applications, and databases. Approved 3rd party vendors conduct external assessments (minimum frequency: quarterly). Identified vulnerabilities are monitored and evaluated. Countermeasures are designed and implemented to neutralise known/newly identified vulnerabilities.
AWS Security monitors newsfeeds/vendor sites for patches and receives customer intelligence.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Our platform is hosted on AWS which deploys (pan-environmental) monitoring devices to collect information on unauthorised intrusion attempts, usage abuse, and network/application bandwidth usage. Devices monitor:
• Port scanning attacks
• Usage (CPU, processes, disk utilisation, swap rates, software-error generated losses)
• Application metrics
• Unauthorised connection attempts
Near real-time alerts flag potential compromise incidents, based on AWS Service/Security Team-set thresholds.
Requests to AWS KMS are logged and visible via the account’s AWS CloudTrail Amazon S3 bucket. Logs provide request information, under which CMK, and identify the AWS resource protected through the CMK use.
|Incident management type||Supplier-defined controls|
|Incident management approach||
Our platform is hosted on AWS which adopts a three-phased approach to manage incidents:
1. Activation and Notification Phase
2. Recovery Phase
3. Reconstitution Phase
To ensure the effectiveness of the AWS Incident Management plan, AWS conducts incident response testing, providing excellent coverage for the discovery of defects and failure modes as well as testing the systems for potential customer impact.
The Incident Response Test Plan is executed annually, in conjunction with the Incident Response plan. It includes multiple scenarios, potential vectors of attack, the inclusion of the systems integrator in reporting and coordination and varying reporting/detection avenues.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£3000 to £4000 per licence per month|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||Level's projects typically start with a requirements analysis against a specific business issue. We then undertake a Proof of Value (PoV) service (no licence fee is payable). This PoV typically runs for 8 weeks, allowing you to prove the value of the solution before deploying it in a live environment.|