Hewlett Packard Enterprise

HPE Quality Center Enterprise

HPE Quality Center Enterprise provides a comprehensive view of the end-to-end application lifecycle process, allowing Development and Quality teams to focus on delivering quality application features and benefits, faster. The solutions scale from single projects to multiple, organisation-wide projects providing the management of requirements, tests, and defects.

Features

  • Requirements management
  • Risk-based test planning and management
  • Quality release and cycle management
  • Version control
  • Baselining
  • Test scheduling and execution
  • HPE Sprinter-integrated manual testing
  • Defect management
  • Reporting and graphing
  • Developer collaboration

Benefits

  • Single dashboard consolidates the status of requirements, tests, and defects
  • Make real-time decisions on application status across projects and QA
  • Define, manage and track requirements through entire development lifecycle
  • Improve quality management by using consistent, repeatable software testing processes
  • Define, manage, and track test script types in one place.
  • Save time and resources with asset sharing and reuse
  • Track release progress and quality to foster collaboration and visibility
  • Works with integrated development environments for linking tasks, requirements, defects

Pricing

£22621 per instance per year

Service documents

G-Cloud 9

640257825051811

Hewlett Packard Enterprise

UK Public Sector Frameworks

+44 141 619 0131

psukframeworks@hpe.com

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to HPE Quality Center integrates with the rest of the HPE Application Delivery Management Portfolio of Testing Products:
HPE Mobile Center
HPE Unified Functional Testing
HPE Sprinter for Manual Testing
HPE Loadrunner for Performance Testing
HPE Performance Center for Performance Testing
Cloud deployment model Private cloud
Service constraints HPE QC Enterprise on SaaS includes following value add services (provided upon customer request during HPE SaaS Order Term):
• Up to 20 named users of HPE Agile Manager on SaaS (limited to total number of QC users, only applicable to new HPE AGM on SaaS customers)
• Integrations to HPE testing tools (according to HPE SaaS Integration matrix document)
• One Unified Functional Testing license server
• One VPN connection
System requirements
  • Browser Internet Explorer 10 or 11
  • Operating System Microsoft Windows 8.1 64 Bit
  • Office Suite Microsoft Office 2013 32 Bit
  • CPU Core duo 1.6 Ghz (or higher) or equivalent processor
  • Memory (RAM) 2 GB minimum
  • Free Disk Space 2 GB minimum

User support

User support
Email or online ticketing support Email or online ticketing
Support response times HPE staffs and maintains a 24x7x365 Service Operations Center, which will be the single point of contact for all issues related to the support for HPE Application Lifecycle Management on SaaS Service for the Customer. The customer will maintain a list of authorized users who may contact HPE for support. The customer’s authorized users may contact HPE for support via the Web portal or telephone 24 hours a day, 7 days a week.
General Request
Response Time: up to 24 business hours
Resolution Time: up to 2 business days
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Customer Success Manager (CSM) 120 hrs annually
Customer liaison
Manages contract issues
Coordinates HPE resources & mentoring
Escalation point of contact between the customer and HPE for SOC staff
Coordinates periodic maintenance
Oversees customer onboarding

Service Operations Center staff(SOC)
Primary point of contact for service requests.
24x7 application support
24x7 SaaS infrastructure support Operations staff (Ops)
Monitors the HPE systems and HPE Quality Center Enterprise on SaaS Service for availability
Performs system-related tasks such as backups, archiving, and restoring instances according to HPE’s standard practices

Technical Solution Consultant (TSC) 80 hrs annually
Provides second-level support for customer service requests
Provides customer the access to pre-recorded enablement sessions on the solution
Assists with the implementation of the workflows and reports in accordance with agreed-to design
Assists with the HPE QC Enterprise project template or workflow customization of one master project or template (up to 24 hours per year)
Provides up to three custom reports per year during contract term by using standard HPE QC Enterprise product reporting features. Additional custom reports can be created for additional fee
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Customer Success Manager oversees the customer onboarding process and facilitates ongoing mentoring.

Documentation is available Online:

HPE Online Product Help Center is available:
alm-help.saas.hpe.com/

HPE ALM Online Tutorial is available:
http://alm-help.saas.hpe.com/en/14.00/pdfs/Tutorial.pdf

HPE Education is available both on site or self paced online on a separate fee basis available on request.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Upon expiration or termination of the SaaS Order Term, HPE may disable all Customer access to HPE Application Lifecycle Management on SaaS solution, and Customer shall promptly return to HPE (or at HPE’s request destroy) any HPE Materials.
HPE will make available to Customer such data in the format generally provided by HPE. The target timeframe is set forth below. After such time, HPE shall have no obligation to maintain or provide any such data, which will be deleted in the ordinary course.
The Termination Data Retrieval Period is defined as the length of time in which the customer can retrieve a copy of their customer HPE Application Lifecycle Management on SaaS data from HPE. HPE targets to make available such data in the format generally provided by HPE for 30 days following the termination of the SaaS Order Term.
End-of-contract process The Customer Success Manager will work with the client to negotiate a new contract period when the initial term is coming to a conclusion.

Using the service

Using the service
Web browser interface Yes
Supported browsers Internet Explorer 10+
Application to install Yes
Compatible operating systems Windows
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility N/A
Accessibility testing N/A
API No
Customisation available Yes
Description of customisation Project Customisation
Workflow Customisation

Both available through the Administration function on request.

Scaling

Scaling
Independence of resources Our SaaS Platform scales to match user demand and delivery of service with 99.9 percent availability.

Analytics

Analytics
Service usage metrics Yes
Metrics types Solution Uptime shall be measured Quarterly using HPE monitoring software running from a minimum of four global locations with staggered timing.
Solution Support Uptime will be measured using the measurable hours in the quarter (total time minus planned downtime) as the denominator. The numerator is the denominator value minus the time of any outages in the quarter (duration of all outages combined) to give the percentage of available uptime (2,198 actual hours available / 2,200 possible available hours = 99.9 availability).
An “outage” is defined as two consecutive monitor failures within a five-minute period, lasting until the condition has cleared.
Reporting types Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Exporting ALM projects or template projects enables you to take project data from an ALM server, and back it up to another location or another media device.
You can import requirement or test plan data from a Word document to an ALM project. To import from Word, you must install the Microsoft Word Add-in on your client machine.
You can import requirement, test plan, or defect data from an Excel worksheet to an ALM project.
Data export formats
  • CSV
  • Other
Other data export formats
  • MS Excel
  • MS Word
Data import formats
  • CSV
  • Other
Other data import formats
  • MS Excel
  • MS Word

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks HPE SaaS network is an isolated network. Inbound /Outbound traffic is encrypted. Internet-facing devices controlled by Access Control Lists (ACLs) Perimeter level security such as: firewalls, IPS/IDS, proxies and content based inspection in order to detect hostile activity, and to monitor the environment’s health and availability.
Security
 Inbound/Outbound connection policies.
 Network secure segments such as DMZ.
 Separation between shared infrastructure components, and customer application servers.
 Separation between Production, Development and QA environments.
 Wired networks only. (There are no wireless networks in SaaS Data centers.)
 Monitoring tools that provide information on availability, usage and performance.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network HPE SaaS network is an isolated network. Inbound /Outbound traffic is encrypted. Internet-facing devices controlled by Access Control Lists (ACLs) Perimeter level security such as: firewalls, IPS/IDS, proxies and content based inspection in order to detect hostile activity, and to monitor the environment’s health and availability.
Security
 Inbound/Outbound connection policies.
 Network secure segments such as DMZ.
 Separation between shared infrastructure components, and customer application servers.
 Separation between Production, Development and QA environments.
 Wired networks only. (There are no wireless networks in SaaS Data centers.)
 Monitoring tools that provide information on availability, usage and performance.

Availability and resilience

Availability and resilience
Guaranteed availability Solution Availability is defined as the HPE Quality Center Enterprise on SaaS production application being available for access and use by Customer and its Authorized Users over the Internet. HPE will provide Customer access to the HPE Quality Center Enterprise on SaaS production application on a twenty-four hour, seven days a week (24x7) basis at a rate of 99.9 % (“Solution Uptime”).
Solution Uptime shall be measured by HPE using HPE monitoring software running from a minimum of four global locations with staggered timing.
On a quarterly basis, Solution Support Uptime will be measured using the measurable hours in the quarter (total time minus planned downtime, including maintenance, upgrades, etc.) as the denominator. The numerator is the denominator value minus the time of any outages in the quarter (duration of all outages combined) to give the percentage of available uptime (2,198 actual hours available / 2,200 possible available hours = 99.9 availability).
An “outage” is defined as two consecutive monitor failures within a five-minute period, lasting until the condition has cleared.
Approach to resilience To ensure that infrastructures such as: Remote access, Active directory, DNS services, mail services, DB services, and customer facing applications such as: the Customer Authentication systems, and the Ticketing system are fully disaster recoverable, using Business Impact Analysis (BIA) HPE SaaS identified and prioritized system components and mission/business processes, and established the backup strategies required to enable both employees and customers to keep a communication channel open in case of any disruption.
Customer disaster recovery requirements must be driven by a customer’s business needs, and should be discussed during the SLA agreement.
In the standard Recovery Point Objective (RPO), HPE SaaS performs both on-site and off-site backups as follows: (Unless there is a special customer contractual requirement)
 On-site backup occurs daily and includes a local copy of production data followed by an offsite backup of the same production data to a remote site.
 Backup process takes place out of working hours per region.
When there is a service disruption, customers are notified in accordance with the HPE SaaS customer notification SLO policy.
Important Note
Unless clearly requested by the customer, HPE SaaS does not address major disasters, such as an earthquake or power interruption.
Outage reporting HPE provides monitoring of this HPE Quality Center Enterprise on SaaS solution backend components 24x7 using system monitors for availability. HPE uses a centralized notification system to deliver proactive communications about application changes, outages and scheduled maintenance. Alerts and notifications are available to the Customer online at: home.saas.hpe.com/myaccount

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels HPE SaaS network is an isolated network. Internet access lines protected by security gateway (firewall). TFirewalls configured to prevent unauthorized access to internal networks, whilst allowing normal site operations. To protect information integrity and confidentiality, all inbound /outbound external traffic to hostile networks is encrypted by the SSL V.3/TLS 1.0 protocol. Routers add security perimeter for HPE SaaS sites. Internet-facing routers configured with access control lists (ACLs), designed to prevent unauthorized access to internal networks. If necessary, external access of selected HPE SaaS employees to SaaS network backend, for emergency support purposes, is protected by a two factor authentication mechanism.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information No audit information available
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 The Standards Institution of Isreal
ISO/IEC 27001 accreditation date 30/05/2016
What the ISO/IEC 27001 doesn’t cover Anything outwith Information Security
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date 29/12/2015
CSA STAR certification level Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover Services outwith the scope of security
PCI certification Yes
Who accredited the PCI DSS certification Coalfire Systems, Inc.
PCI DSS accreditation date June 2016
What the PCI DSS doesn’t cover Coalfire did not conduct technical testing for this assessment. The assessment was to identify the potential impact to the number of PCI DSS 3.1 controls applicable to merchants using encryption solutions based on HPE SecureData Payments.
Other security accreditations Yes
Any other security accreditations HIPAA – HPE SaaS is HIPAA ready

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
Information security policies and processes HPE SaaS has established the information security policy using its more than 10 years of experience in running the SaaS business, evaluating risks involved, and in accordance with industry practices. The result is a very comprehensive set of policies that includes the following security domains:
• Framework for the security policy
• It security management
• Access control
• Password policy
• System operations security
• Software development security policy
• Network security
• Human resources security
• Physical security
• Delivery operations security policy
• Security incident response policy
• End user security
• Compliance with legal requirements policy

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach HPE SaaS implemented a set of processes to ensure and control changes made in development and testing environments before executed in production.
HPE SaaS Change Management includes: provisioning, revocation, or modification of user access to the organizations systems, information assets and data. It also includes any required changes in status such as: termination of employment, contract or agreement, change of employment, or transfer within the organization in status of employees, contractors, customers, business partners or third parties.
HPE SaaS utilizes a pre-defined outage time window and update customers in accordance with a customer’s SLAs.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach HPE SaaS has implemented a set of processes to ensure that:
 Security requirements are part of the business requirements of new or existing applications.
 Specific controls are in place to ensure correct processing of data within the applications so as to prevent errors, loss, unauthorized modification, or misuse of information in applications. Some of these controls include:
 Application vulnerability identification, classification and remediation.
 Applications and systems are patched in a timely manner.
 Monthly internal and external vulnerability scans that cover both the applicative and infrastructure levels.
 Periodic penetration tests performed by security experts.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach HPE SaaS has established the information security policy using its more than 10 years of experience in running the SaaS business, evaluating risks involved, and in accordance with industry practices. The result is a very comprehensive set of policies that includes the following security domains:
• Framework for the security policy
• It security management
• Access control
• Password policy
• System operations security
• Software development security policy
• Network security
• Human resources security
• Physical security
• Delivery operations security policy
• Security incident response policy
• End user security
• Compliance with legal requirements policy
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach The HPE SaaS information security incident management policy provides guidelines for handling incidents efficiently and effectively. This policy presents general incident response guidelines that are independent of hardware platforms, operating systems and applications. The policy focuses on the detection, analysis, prioritization, and remediation, and communication of the incident. In the case of an incident, affected customers are notified according to HPE SaaS customer notification procedure.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £22621 per instance per year
Discount for educational organisations No
Free trial available Yes
Description of free trial Free 30-day trial
Conduct exploratory, functional, and regression testing
Scalability from project to enterprise
Standardize your testing practices
Single repository for your test assets
Link to free trial QC Trial on SaaS https://saas.hpe.com/signup/try/quality-center

Documents

Documents
Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑