A ‘fully managed’ Financial Planning and Management cloud solution from HAYNE comprising of dedicated cloud servers, storage, network capacity based on the Azure IaaS platform coupled with a complete FPM software solution – maintained, monitored and supported by a dedicated team of certified technical engineers at HAYNE.
- Fully managed service (support & operations)
- Remote access
- Realtime application monitoring
- Realtime security monitoring
- Financial Consolidation
- Business Intelligence
- Higly scalable
- Fully managed solution
- End to End support
- Proactive cost management
- Enable the business to adapt quickly
- Budgeting and planning that can be easily adapted
- Forward-looking predictive and cognitive capability
- Create timely, secure and reliable plans, budgets and forecasts
- Automation of repetitive and low-value manual tasks
- Detailed audit trail from ERP through adjustment journals
£200 to £2000 per server per month
Hayne Solutions Ltd
|Service constraints||Planned maintenance schedules are in place for essential server maintenance and patching. Typically these are out of hours and planned 12 months in advance.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Typical response is 15 minutes, standard SLA is 1 hour. Bespoke SLAs are negotiable.
Out of hours and weekend support are not standard but negotiable.
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
As a fully managed solution end to end support is included, which covers the Cloud IaaS and the business applications via a single point of contact. Support is break fix and does not include consultancy or training requests.
An enhanced support level called "Assist+" is available in which bespoke options can be included e.g. extended hours, additional product support and requests.
|Support available to third parties||Yes|
Onboarding and offboarding
Most types of training are available, from one on one sessions, on-site or office based classroom sessions.
Product documentation is supplied and bespoke documentation is also available specific to the buyers solution.
|End-of-contract data extraction||
This process is dependent on the product set and buyer requirements, but typically the solutions are SQL driven.
At the end of the Contract the buyer has the option to take ownership of the solution or the solution can be decommissioned and copies of data provided.
In the case of SQL, typically a BAK or BACPAC would be given to the buyer via an encrypted file transfer.
Where possible we try to meet the requirements of the buyer rather than enforce our own process.
At the end of a typical contract the buyer has three options:
1) rolling contract or negotiate new contract
2) solution is handed over to the buyer and ownership is transferred
3) solution is decommissioned and data handed over
These processes are included as part of the cost. If the buyer has specific requirements that are far beyond the standard process which consumes further resource then this may incur additional cost
Using the service
|Web browser interface||Yes|
|Using the web interface||The web interfaces are specific to the product set and combination of options and features that the buyer opts for as part of the solution, so there is no general answer.|
|Web interface accessibility standard||None or don’t know|
|How the web interface is accessible||This is dependent on the business issues that the solution is designed to address for the buyer and the overall requirements of the buyer around RBAC.|
|Web interface accessibility testing||As a reseller we would not undertake this aspect of product development, we work with major vendors and it is expected this level of testing would be undertaken by the vendor.|
|Command line interface||No|
|Independence of resources||
Each solution is dedicated to the buyer so users will not be competing for resources with other customers.
In terms of preventing one buyers user consuming all the resource or impacting on other users on the same solution, the system will be scoped for maximum user load based on the total number of concurrent users, in some instances auto-scaling can/will be used to address resource issues.
|Infrastructure or application metrics||Yes|
|Supplier type||Reseller providing extra features and support|
|Organisation whose services are being resold||Microsoft, IBM, LucaNet, Tagetik|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||A third-party destruction service|
Backup and recovery
|Backup and recovery||Yes|
|What’s backed up||
Backups are part of the managed service, buyer involvement is not required.
If the buyer has a specific requirement to perform manual backups on-demand, this can be accommodated.
|Datacentre setup||Multiple datacentres with disaster recovery|
|Scheduling backups||Supplier controls the whole backup schedule|
|Backup recovery||Users contact the support team|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
|Guaranteed availability||The Azure IaaS platform that is used for the HAYNE FPM solutions are backed by a 99% uptime SLA and in cases where the solution meets a specific requirement it is a 99.99% financially backed SLA.|
|Approach to resilience||
Every aspect of the Azure IaaS is highly resilient and fault tolerant with a minimum of N+1 for all components infrastructure components.
Data is replicated to at least 3 locations, so in the event of any major datacentre outage, servers can typically be brought back online with a reboot or in the event of a full DR situation, a recovery from backup.
The FPM software applications are however not fully fault tolerant due to the design of the solution relying on multiple data sources and software components.
Where possible HA features are enabled at the application level to reduce overall SPOF.
In most cases HAYNE will communicate directly with the buyer in the event of an outage either by email or phone or both depending on the severity of the outage.
HAYNE offer advanced service monitoring facilities specific to the customers solution, a website would be available to view the overall status of the solution and view historic availability and performance metrics.
In addition HAYNE use multiple monitoring solutions to proactively manage our customers solutions, so we expect to be proactive in alerting the customer to any issues in the first instance, in the event of a fault we would expect HAYNE to be the first point of contact.
Identity and authentication
|Access restrictions in management interfaces and support channels||RBAC is used and we follow the rule of least privilege for all users and systems. Where possible we deploy multi-factor authentication.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
|Devices users manage the service through||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||Less than 1 month|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||Between 1 month and 6 months|
|How long system logs are stored for||Between 1 month and 6 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||
HAYNE follow industry best practice processes and use the ISO 27001 framework as our standard approach to security.
Due to operating a Cloud based service, security is at the forefront of what we do, it was also a deciding factor in why we adopted the Microsoft Azure platform to power our solution, due to the level of international security certifications and overall approach to security that Microsoft have.
|Information security policies and processes||We have an established and documented ISMS based on the ISO 27001 framework.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
HAYNE have an established change management process, all requests are managed through our IT ticketing and asset control system.
Change requests are used for any change that impacts a live system and which introduces risk.
The level of risk is assessed and if approved is signed off by the ISO
In cases where the change impacts an internet facing system, further checks are performed along with post implementation penetration checks (in-house).
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Real-time monitoring and vulnerability assessment is performed. HAYNE have a comprehensive operational checklist which is signed off each day to ensure critical checks are performed.
The main focus of our operational checks and real-time monitoring is around several key areas of security and availability:
Identity and Access Control (Failed logons, locked accounts)
Update Compliance (Security Patching)
Threat Intelligence (Network behavioural analysis)
Common Configuration Enumeration (CCE)
Backup & Recovery
We constantly review and respond to the assessments and where applicable implement controls.
HAYNE have a planned maintenance schedule for patching and related activities. Imminent threat or risk we deploy patches a.s.a.p.
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||
The Azure platform which HAYNE utilises is compliant with CSA/CCM as well as many other international standards.
Specifically for the way HAYNE manages the solution, we use the security monitoring tools provided by Microsoft to monitor all security activity. HAYNE have developed security dashboards to allow HAYNE to focus on critical areas of customer solutions.
HAYNE have multiple alerts in place to inform technical staff of threats (email & SMS) for out of hours issues.
|Incident management type||Supplier-defined controls|
|Incident management approach||
Predefined incident response policies and processes are in place, while HAYNE is not certified, we follow the ISO 27001 framework for incident management. All customer incidents are logged and tracked on our support system.
With regard to the Azure platform, this is ISO 27001 compliant, should an incident affect that aspect of the solution Microsoft would follow their policies and processes.
|Approach to secure software development best practice||Supplier-defined process|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||Yes|
|Who implements virtualisation||Third-party|
|Third-party virtualisation provider||Microsoft Azure|
|How shared infrastructure is kept separate||
•Authentication: An Azure AD tenant is logically isolated using security boundaries
•Compute: Standalone virtual machines do not have access to a physical host server, this isolation is enforced by using physical processor (ring-0/ring-3) privilege levels.
•VM placement algorithm & protection from side channel attacks. Rules Configured by Fabric Controller Agent to Isolate VM
•Logical Isolation Between Compute and Storage
•IP Level Storage Isolation
•Encryption in transit
•Encryption at rest
•Isolation through Network Topology
|Price||£200 to £2000 per server per month|
|Discount for educational organisations||No|
|Free trial available||No|
|Pricing document||View uploaded document|
|Terms and conditions document||View uploaded document|