BearingPoint Ltd

Infonova Digital Business Platform

Cloud-Native Infonova Digital Business Platform (DBP) hosted on AWS and utilizing AWS (serverless) technologies. Infonova DBP enables customers for an ecosystem play; allows to experiment, innovate & test with quick turnaround cycles; brings a marketplace new digital services; is build and provides new technologies and new and innovate business models

Features

  • Create & Sell: Product and Service Catalogue
  • Order & Fulfill: Order Management; Fulfillment & Orchestration
  • Rating/Charging; Invoicing/Collection; Customer Management; Product/Service Inventory
  • Grow Revenue: Partner Catalogue; Partner Management & Orchestration; Settlement
  • Product Catalogue driven ordering
  • Convergent Rating & Charging
  • Open APIs enable interoperability and extensibility of the platform
  • Cloud-native architecture: Container-based deployment; Cloud-managed data stores
  • Simplified operational management (container deployment, backup/restore, security)
  • SaaS Delivery, Open APIs, Serverless Integration Technology

Benefits

  • Platform for digital offerings experiment, launch and monetize new offerings
  • Reinvent new business models using ecosystems management and multi tenancy
  • Business orchestration and monetization capabilities
  • Launching product & bundles any pricing model in days
  • Business efficiency by sweating existing assets and removing internal silos
  • Collaborate, co-create, sell new solutions with new technologies/partners
  • Enable advanced billing, flexible catalogue and comprehensive order and fulfillment
  • Building an ecosystem of partners

Pricing

£10,000 a licence a month

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at UKPublicSectorBD@bearingpoint.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

5 7 4 2 1 8 9 0 1 6 8 6 8 2 5

Contact

BearingPoint Ltd Stewart Johns
Telephone: 07976 812978
Email: UKPublicSectorBD@bearingpoint.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
N/a
System requirements
SaaS accessed via Web (IE11, Chrome70, Firefox64, Safari12)

User support

Email or online ticketing support
Email or online ticketing
Support response times
SaaS service is 24x7
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
No
Support levels
N/a
Support available to third parties
No

Onboarding and offboarding

Getting started
Sandbox access, Training (online and on-site), documentation, community portal
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Word
  • Powerpoint
End-of-contract data extraction
Through API
End-of-contract process
Data can be purged

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
No
Service interface
Yes
Description of service interface
Web interface to manage products, orders, customers, billing and partners
Accessibility standards
None or don’t know
Description of accessibility
Via authenticated users/operators which have different authorisations
Accessibility testing
N/a
API
Yes
What users can and can't do using the API
All Infonova functionality is exposed via APIs
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
API sandbox or test environment
Yes
Customisation available
No

Scaling

Independence of resources
Application scaling is managed in multiple different layers: application load balancing layer, K8s worker nodes / K8s deployments (apps) layer, persistence infrastructure layer. In some of the layers scaling can be automated, i.e., autoscaling can be used. Autoscaling helps to dynamically scale capacity up or down according to predefined rules.

Analytics

Service usage metrics
Yes
Metrics types
Customers, Orders, Billing, Service Inventory
Reporting types
API access

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
In-house
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Through API
Data export formats
Other
Other data export formats
  • JSON
  • XML
Data import formats
  • CSV
  • Other
Other data import formats
  • JSON
  • XML

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks
Instances do not have public IP addresses and are thus separated from the public internet. Additionally, a so-called "Access" subnet is provisioned which is a "public" subnet, i.e. its EC2 bastion server is visible via a public IP-address. A NAT gateway in the public subnet enables private EC2 instances and K8s pods to communicate with public internet.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network
The ALB is the single access point for all "customer-related" traffic via HTTPS, i.e., UI (frontend) requests or API (REST) calls. Depending on the use-case, the attached security group can be configured to be completely open or restricted to specific user groups.

Availability and resilience

Guaranteed availability
99.5%
Approach to resilience
Infonova DBP is deployed across multiple availablity zones within the AWS cloud
Outage reporting
Infonova DBP is constantly monitored using cloud monitoring systems which rais alerts to the Infonova DBP 24x7 team

Identity and authentication

User authentication needed
Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
Infonova UI access can only be established through authenticated and authorized users. Infonova API access require OAuth2 access
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
DMSZ GmbH Deutsche Managementsystem Zertifizierungsgesellschaft mbH, Griesheim, Germany
ISO/IEC 27001 accreditation date
19/4/2019
What the ISO/IEC 27001 doesn’t cover
N/a
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • ISO 27005
  • ISO 27002
  • Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
ISO 27002
ISO 27005
Cyber Essentials
Information security policies and processes
BearingPoint is ISO 27001 & ISO 27002 certified. Our risk assessment methodology follows the methodology promoted by ISO 27005. In terms of policies, we have documented, we review and update the policies below that cover the following (these policies can be available on demand): Antivirus Policy, External Accounts Policy, Firewall Policy, Information Technology Use Policy and Guidelines, Mobile Device Management Policy, Network Policy, Password Policy, Remote Access Policy, Web Filtering Policy, Wireless Networking Policy, Removable media & backup Policy, Cryptography Policy ,Downtime Policy, Use of external services Policy, Email & instant messaging Policy, IT standards Policy, IT Purchasing Policy, IT support Policy, User account management Policy, Patch Policy, IT Cloud & server Policy, Telephony acceptable use Policy, Data classification & handling Policy, Clean desk & digital media disposal policy.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We are doing everything in DevOps. All DevOps code is commited in Git. All code is reviewed by 2 other people.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Infonova DBP is constantly monitored using cloud monitoring systems which rais alerts to the Infonova DBP 24x7 team
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Infonova DBP is constantly monitored using cloud monitoring systems which raise alerts to the Infonova DBP 24x7 team
Incident management type
Supplier-defined controls
Incident management approach
Customers get access to the Infonova DBP Portal and can log/manage incidents

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£10,000 a licence a month
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Guided sandbox access with support to model and test use cases

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at UKPublicSectorBD@bearingpoint.com. Tell them what format you need. It will help if you say what assistive technology you use.