Strategy, risk and performance management service

Clearview Strategy, risk and performance is designed specifically to enable you to manage your strategy, planning, risks, compliance and performance at both organisational and individual levels.

The Clearview system is modular by design giving you the opportunity to tailor an organisation performance management and governance solution to your specific requirements.


  • Capture the mission, vision, values, STEP, SWOT, objectives and goals
  • Centralised management of risks, controls and mitigation actions
  • Support for three lines of defence risk/business assurance framework
  • Employee performance reviews, competency assessments (90/360) and L&D
  • Compliance frameworks such as ISO 9001,27001, EFQM, IIP and more...
  • Central repository for KPIs within a balanced scorecard framework
  • Centralised programme and project management
  • Comprehensive report pack and dashboard visualisations of performance
  • Manage your performance indicators in one centralised place


  • Define, manage, communicate and execute the strategy of your organisation
  • Embed a performance culture with clear ownership and accountability
  • Drive continuous improvement, easily identify areas for review and action.
  • Engage staff in the process of achieving the strategic plan
  • Ensure that risk is effectively managed and taken seriously
  • Reduces the time required to gather and present management information
  • Manage your organisation's audit process
  • Adds rigour to the management of your organisation
  • Streamline the management of your business


£15 to £25 per user per month

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 11

Service ID

5 9 6 5 6 8 5 3 4 5 2 9 2 8 2



Nicky Hawkins

01905 679810

Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints None.
System requirements None.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Within 8 hours business working days 9am to 5pm.

There is no weekend service unless contracted for separately.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Chat with help desk personnel to resolve support issues and raise tickets from chat sessions.
Web chat accessibility testing None.
Onsite support Yes, at extra cost
Support levels The Clearview Support (help desk) Team provides a phone, online chat and email support service that operates a risk-based triage process to enable an agreed prioritisation for all support requests. This is based on the impact to the client and also the severity of the issue as defined by the customer reporting the issue. This risk assessment will produce a priority level that informs the resolution plan. Software issues (e.g. bugs, defects, requests for change) are reviewed and verified by the product and service teams. Once reviewed, the issue is given a severity which controls the time of a resolution.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Once we commission your software environment for you, we provide full on-site training and consultancy on the configuration and use of the system.

The system also has full context sensitive help available on every screen which can be supplemented by your own organisation specific help materials and documentation.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Data can be extracted from the SQL server database reporting views in CSV format at no charge.
End-of-contract process Upon termination the client can extract data direct from the main database reporting interface views at no charge. If a custom data export is required, then this is charged on a time and materials basis.
Upon termination, and after the client’s data has been returned, the software is removed from the client’s servers. If these are on the cloud hosting service managed by Clearview then the servers, database and backups are removed.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Microsoft Edge
  • Chrome
Application to install No
Designed for use on mobile devices No
Service interface No
What users can and can't do using the API The API is used for the import of performance data values and targets using a standardised file format. It is designed to enable the automation of performance data feeds from external systems and historical import of performance data.
API documentation Yes
API documentation formats PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation Content of drop down validation lists, formulas, risk levels, risk matrix size, impact and probability labels, definition of financial risk, employee performance review and competency forms, compliance frameworks, project priorities and traffic light imagery, project progress calculation methods, KPI calculation methods and traffic lighting colours and many other module specific options.

There are administrator interfaces that enable the configuration of the system accessible to users with appropriate role based permissions.


Independence of resources Each customer has their own virtual server and database instance. Performance of these services are continuously monitored by the Clearview support team.


Service usage metrics Yes
Metrics types A full system audit log is maintained for logins and system updates. This is accessible for all users with appropriate rights from within the software.
Reporting types Regular reports


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency Less than once a year
Penetration testing approach In-house
Protecting data at rest Other
Other data at rest protection approach All data that is kept in storage or backups/archives are encrypted using Azure's 256-bit AES encryption.
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach There are a variety of ways of users exporting data from the system. The most popular is to use the various views configured within the system to export the data to CSV format for use within third party reporting tools.

Within the system screens can be cut and pasted to desktop productivity applications such as MS Excel, but also reports can be exported to MS Excel and PDF (and in some cases MS Word).
Data export formats CSV
Data import formats
  • CSV
  • Other
Other data import formats Any custom import formats are available but would be chargeable.

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Microsoft (Azure platform) guarantees external connectivity at least 99.95% of the time.
Approach to resilience Microsoft Azure instances are stored in a regional data centre. This means that the data is stored in either the North or Western Europe region (North = Ireland, West = Netherlands) as a primary location. The servers are then replicated to the other regional data centres so that in the event of a failure or disaster, the servers will be available from the backup location.

UK data centre locations are also available.
Outage reporting Outages are reported to our internal Azure dashboard and also emailed to our support teams for action.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels Only users that have been setup with a unique username and password within the software can log into the system. Login attempts are stored in the audit logs within the software and only authenticated users can access the system.
Access to the administration settings within the application is limited to the Clearview super user whose password is only known by the Clearview help desk. Customer Administrators have less rights and can only change system settings for the application. All other users can't access any administrator settings that would impact the application.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 ISO Quality Services Limited
ISO/IEC 27001 accreditation date 13/11/2014
What the ISO/IEC 27001 doesn’t cover Not applicable. All aspects of the service delivery are covered.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Clearview are ISO 27001 certificated and independently audited annually to ensure continued compliance with this standard.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Clearview host virtual servers in the Microsoft Azure network. All virtual servers are built from a basic template with only the required ports and services available. Once the Clearview software is installed on the virtual server, the remaining ports and services are then enabled for the software to function. This configuration keeps risk of attack to a minimum. Clearview regularly reviews service performance and reviews recommendations arising from monitoring of the virtual servers. Any issues arising are developed into an action plan and delivery tracked through our own action management software.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Clearview employee a third-party Microsoft Azure specialist company to monitor the virtual servers hosted in the Microsoft Azure network. The third-party company assess and monitor the servers for vulnerabilities and operating system patch management. This is reported back to Clearview through regular meetings, email notifications and support ticketing systems. New virtual servers are deployed with the latest operating system security updates and hot fixes along withthe latest versions of the Clearview software.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Clearview outsource the monitoring of the Azure servers to a third-party Microsoft Azure specialist company who proactively monitor the servers.
If an issue is identified the following broad process is followed.
- identification
- Containment - ensuring data is safe
- Eradication
- Recovery - includes application of fixes
- Lessons learned.
Alerting of an issue may happen straight away. The response is then governed by the support SLA which is within a working day.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Clearview outsource the monitoring of the Azure server to a third-party Microsoft Azure specialist company who have their own incident management process. This essentially flows as below...
- identification
- Containment - ensuring data is safe
- Eradication
- Recovery - includes application of fixes
- Lessons learned.
Users report incidents via our help desk and for all user reported incidents a full report is provided at the end of the process. Whilst in progress updates on current status is provided via the help desk.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £15 to £25 per user per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Access to system with demonstration data and guidance notes on how to use.

Trial limited to one month duration.

Service documents

Return to top ↑