Level Global Ltd

Level Cognision Artificial Intelligence Platform & Applications

Powered by our Cognision™ AI Cloud, Level's solutions pair knowledge with data to create digital assistants that work the same way your people do. Level's Cognision™ Cloud gives you a structured, yet flexible way to build and deploy AI-driven solutions, scaling services from Proofs of Value to production-scale systems.


  • Self-service access to applications
  • Desktop, Tablet and Mobile/Smartphone-enabled
  • Easy to use look and feel, providing improved user interfaces
  • Real-time reporting in support of transactions
  • Secure integration with any application system
  • Data encrypted throughout
  • Deploy the services without customising the underlying business systems
  • Links organisation policies to transactional business systems


  • Ensure compliance with organisation policies
  • Automate business policies by linking them to transactional systems
  • Capture human knowledge and thinking process on the system
  • Allows self-service and 24x7 access to business systems via smartphones
  • Enable shared service centre to support clients with unique requirements
  • Get more out of existing applications
  • Pre-populates forms with data relevant to the user and transaction
  • Replace existing customisations with personalisation


£3000 to £4000 per licence per month

  • Free trial available

Service documents


G-Cloud 11

Service ID

5 6 9 4 5 7 5 2 1 6 4 6 0 1 5


Level Global Ltd

Barrie Graham

07526 026090


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Any application that creates or manages transactions and data. For example, back office applications (HR or Payroll system) or an application that supports/performs specific business function.
Cloud deployment model Private cloud
Service constraints The software will need access to Data from the buyers application(s), the buyer will have to provide access to data either real time or as per a pre-agreed schedule depending on the application and buyers need.
System requirements Valid browser (when using IE, IE9 or above)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Dependent on priority, response times range from 1 hour for P1s (Urgent) to 16 hours for P4s (low)
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Incident Level Priority 1; Incident Response = 1 working hour or less, Incident Update = Hourly
Incident Level Priority 2; Incident Response = 2 working hours or less, Incident Update = Every 4 Hours
Incident Level Priority 3: Incident Response = 1 working day or less, Incident Update = Every 24 Hours
Incident Level Priority 4: Incident Response = 2 working days or less, Incident Update = Every 120 Hours

Support charges are included in the monthly subscription fee. Support staff can be dispatched to site if changes that have impacted the service have been made to the client's own applications by the client. In this case, charges will be levied as described in the rate card attached with our pricing.

Each client has a nominated Account Manager who is responsible for all client engagement activities including support liaison.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Onsite implementation and training provided. Documentation provided includes user stories, process flows, product guide and validation scripts.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Clients can raise a request for the data and access to download the data from a secure FTP site will be provided.
End-of-contract process The client has the option to extend the services under GCloud terms. We would de-commission and discontinue the service.

Access to download data held on our platform will be provide at the end of the contract if requested.

Decommissioning costs are included in the contract price.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The look and feel of the application is automatically re-purposed to suit the device that the application is being accessed from (desktop, tablet and smart phone). Where features that are unique to specific devices are being used, for example where calendar is used to select dates for annual leave, the application will use Android calendar for devices using the Android operating system or IoS calendar for iPhone.
Service interface No
Customisation available Yes
Description of customisation There are configurable components of the service, including decision and service modellers. We provide different levels of admin permissions to exposed different levels of configuration


Independence of resources The Level Cognitive Intelligence platform uses Amazon Web Services (AWS), which is configured for high availability, fault tolerance, and adaptive load. This configuration allows the service to scale on demand with no noticeable effect on user experience.


Service usage metrics Yes
Metrics types We have some analytic metrics and page visit metrics that can be produced via reporting
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Using a secure FTP option. Some data will be one-off and other as per schedule.
Where service is integrated with users application, there is no need to export data.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • CSV
  • XLS
  • JSON
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • JSON
  • XLS
  • CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability System level guarantee: 99.5%.

System availability = 99.5% - 100% Service Credit = 0%.
System availability = 99.49 – 99.2% Service Credit = 5%.
System availability = 99.19% - 99.0% Service Credit = 10%.
System availability = Below 99% Service Credit = 15%.
Approach to resilience Level provide a clustered application solution with automatic failover as well as the ability to launch additional servers instantly to replace failed components. The solution's storage, memory and compute capacity can be increased without impact to the service to meet increases in demand.
Outage reporting Email alert.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication User authentication and authorisation follow the application’s security model, e.g. when a user logs in, a session cookie can be sent from the by the application and stored by the browser.  This is sent back to the application on each interaction, identifying the user and allowing them to interact without needing to pass their username and password every time.  When the user logs out, this cookie is invalidated and can no longer be used to gain access to the system. This, combined with TLS and specific network access, ensures a safe and secure model.
Access restrictions in management interfaces and support channels All internal (Level) access is via VPN and encryption keys on a case by case basis.
Access restriction testing frequency At least every 6 months
Management access authentication 2-factor authentication

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 The British Assessment Bureau.
ISO/IEC 27001 accreditation date 22/06/2016.
What the ISO/IEC 27001 doesn’t cover All areas of the ISO/IEC 27001 Statement of Applicability have been addressed.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications AWS.

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Level platform is based on Amazon Web Services whose Compliance enables customers to understand the robust controls in place at AWS to maintain security and data protection in the cloud. As systems are built on top of AWS cloud infrastructure, compliance responsibilities will be shared. By tying together governance-focused, audit-friendly service features with applicable compliance or audit standards, AWS Compliance enablers build on traditional programs; helping customers to establish and operate in an AWS security control environment. The IT infrastructure that AWS provides to its customers is designed and managed in alignment with security best practices and a variety of IT security standards, including:
• SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70) • SOC 2 • SOC 3 • FISMA, DIACAP, and FedRAMP • DOD CSM Levels 1-5 • PCI DSS Level 1 • ISO 9001 / ISO 27001 • ITAR • FIPS 140-2 • MTCS Level 3 .
In addition, the flexibility and control that the AWS platform provides allows customers to deploy solutions that meet several industry-specific standards.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Project Driven Changes
Clear milestones are set and acceptance criteria are quantified and measured before moving to the next phase. All project phases are controlled via a series of sprints which are carefully managed to ensure that the agreed delivery timescales are met.

Incident Driven Changes
Internal incidents should be logged only once a client incident reference has been attained. This ensures that the client’s incident management system is synchronised with our own, and that a clear communication channel is open between the client and Level to facilitate collaboration, coordination and the implementation of any changes.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our platform is hosted on AWS whose Security team performs vulnerability scans on the host operating system, web applications, and databases. Approved 3rd party vendors conduct external assessments (minimum frequency: quarterly). Identified vulnerabilities are monitored and evaluated. Countermeasures are designed and implemented to neutralise known/newly identified vulnerabilities.

AWS Security monitors newsfeeds/vendor sites for patches and receives customer intelligence.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Our platform is hosted on AWS which deploys (pan-environmental) monitoring devices to collect information on unauthorised intrusion attempts, usage abuse, and network/application bandwidth usage. Devices monitor:

• Port scanning attacks
• Usage (CPU, processes, disk utilisation, swap rates, software-error generated losses)
• Application metrics
• Unauthorised connection attempts

Near real-time alerts flag potential compromise incidents, based on AWS Service/Security Team-set thresholds.

Requests to AWS KMS are logged and visible via the account’s AWS CloudTrail Amazon S3 bucket. Logs provide request information, under which CMK, and identify the AWS resource protected through the CMK use.
Incident management type Supplier-defined controls
Incident management approach Our platform is hosted on AWS which adopts a three-phased approach to manage incidents:

1. Activation and Notification Phase
2. Recovery Phase
3. Reconstitution Phase

To ensure the effectiveness of the AWS Incident Management plan, AWS conducts incident response testing, providing excellent coverage for the discovery of defects and failure modes as well as testing the systems for potential customer impact.

The Incident Response Test Plan is executed annually, in conjunction with the Incident Response plan. It includes multiple scenarios, potential vectors of attack, the inclusion of the systems integrator in reporting and coordination and varying reporting/detection avenues.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £3000 to £4000 per licence per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Level's projects typically start with a requirements analysis against a specific business issue. We then undertake a Proof of Value (PoV) service (no licence fee is payable). This PoV typically runs for 8 weeks, allowing you to prove the value of the solution before deploying it in a live environment.

Service documents

Return to top ↑