Search Johnston (t/a Kaiasm)

Kaiasm Demand Engine

We give our clients the ability to radically align their proposition with the demand in their market/information space, satisfying users and growing market share in the process.

It drives competition analysis, buying/content strategy, supplier analysis, range/category/information extension, PIM, online product filtering, extended conversion rate optimisation, on-site search and information architecture.


  • Remote access
  • Browser based
  • Visualised insight
  • Action lists - and action-forwarding
  • Mapping large scale demand data to services and products
  • Performance reporting for continuous alignment to demand
  • Information architecture creation and transition
  • Onsite search capability enhancement (Endeca, Funnelback, Solr etc)
  • Easy integrations with client systems e.g. project management, chat, analytics
  • Organic search performance management


  • Shifting operational focus from supply-led to demand-led
  • Prioritisation operational tasks towards greatest value
  • Seeing the whole market/information space in one view
  • Insight to inform product or information range-extension
  • Supporting your clients in finding what you offer
  • Aligning internal culture to external demand
  • Clear and simple visualisation without losing valuable information


£50000 to £1125000 per unit

  • Education pricing available

Service documents


G-Cloud 11

Service ID

6 6 2 5 9 3 3 2 5 0 1 9 2 7 1


Search Johnston (t/a Kaiasm)

Doug Laughlen

0330 223 1164

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Analytics e.g.: Google Analytics; Adobe Analytics.
On-site search technologies e.g.: Solr; Endeca; Funnelback; ElasticSearch; Algolia; Fredhopper; Attraqt.
Agile project management e.g.: Jira; Trello; Github; Zenhub.
Internal services and products
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints None.
System requirements None

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 4 Hour response time to emails
9:00-17:00 Mon-Fri
Excluding weekends and public holidays

faster response by separate negotiation
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We are with our clients for the long game. Our support aims to partner with the client to remove any organisational, operational, technical and even financial obstacles from the path of the project. Implementation support is included within the project cost, with further support levels available (and costed) on a case by case basis.

We provide a technical account manager as part of the service.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Onsite training
Blended learning
User documentation
Help-as-you-work via tooltips and keys
SCORM-compliant training modules via moodle or integrated into client's own training system.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction Via download through the user interface.

For the client's convenience, this may be accomplished for a period after the contract ends via a support request.
End-of-contract process The service is suspended and the client can download their data.
Support of ingestion into other systems is available at extra cost - for example, if a particular schema is required.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Visualisations are smaller, and the layout changes, but all functionality is in place.
Service interface No
What users can and can't do using the API We provide a read API for most aspects of the service. Bulk writes would be done via a support request.
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Customisation: every view can be customised via filters, reorders and data cuts. Most aspects of the visualisation (labels, number of nodes shown) are also custom options

Bespoking: the tool is often bespoked to the particular needs of large clients.


Independence of resources Each client gets their own instance or set of instances within AWS.

We also give uptime guarantees within our SLA for our digital tools (see 'guaranteed availability' below.


Service usage metrics Yes
Metrics types Implementation quality
Implementation extent
Search visibility
Demand Alignment ratio
Google Analytics (sessions, visitors, pageviews etc.)
Actions (sent via email or via a project management tool integration)
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency Less than once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Via the web application.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • Freemind mm
  • Treejack compliant csv
  • Neo4j data dump
  • Excel xlsx
  • Mongo data dump
  • RDF
  • JSON
  • XML
  • Anything else requested, within reason e.g. OWL, SKOS
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats We'll take anything digital.

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks IP whitelist
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network IP whitelist

Availability and resilience

Availability and resilience
Guaranteed availability # Uptime
Uptime of covered services is guaranteed to a certain percentage of time within UK office hours, which is 9am-5pm Mon-Fri excluding bank holidays (the services will normally also be available outside these hours). The level of guaranteed uptime depends on the priority level of the service:

Priority level Guaranteed uptime
1 99.9%
2 99%
3 98%

Uptime is calculated to the nearest minute, based on the number of minutes in the given month within the scope of the SLA. If uptime for any item drops below the relevant threshold, a penalty will be applied in the form of a credit for the client.
The level of penalty will be calculated depending on the number of hours for which the service was unavailable, minus the downtime permitted by the SLA:

Priority level Penalty per hour (Pro-rated to nearest minute)
1 5% of monthly charge for covered service
2 2% of monthly charge for covered service
3 1% of monthly charge for covered service

Uptime penalties in any month are capped at 100% of the total monthly fee of the covered service
Uptime measurements exclude periods of routine maintenance. These must be agreed between the supplier and client in advance.
Approach to resilience Available on request.
Outage reporting Configurable email alert.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Management interfaces:
- User roles
- Username/password
- IP address whitelisting

Admin interfaces and access
- Private Key
- 2-factor authentication
Access restriction testing frequency At least once a year
Management access authentication
  • Username or password
  • Other
Description of management access authentication IP range limiting

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards We comply with those aspects of ISO/IEC 27001 we deem applicable to our type and size of company and service. We do not hold sensitive or personally identifiable data, and where non-commercial would normally be appropriate for open realease, so the security hazards are comparatively low.
Information security policies and processes We have policies processes and reporting based on those parts of ISO27001 appopriate to our size and type of business, together with UK Cyber Essentials. We use an Assets, Threats and Vulnerabilities risk model.

We hold information in electronic media (databases, files in PDF, Word, Excel, and other formats), and on paper either as printed materials or handwritten notes. We hold it on behalf of employees, clients, suppliers and partners, and we provide various elements of it as appropriate and reasonable to shareholders, our country’s government agencies and regulators, the media, and the local community.
Our information systems include systems and data attached to our data or telephone networks, systems managed by us, mobile devices used to connect to our networks or hold our data, data over which we hold the intellectual property rights, data over which we are the data controller or data processor, and communications sent from or to us.

Information security policies (available on request):
- Classification
- Backups
- Access Control
- Passwords
- Cryptographic controls
- Disaster recovery
- BYOD and Work from Home

Cyber security policies (available on request):
- Authentication
- Anti malware
- Install/Update
- Firewalls
- Removable storage

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Available on request.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We use an assets/threats/vulnerabilities model. Resisters of these are available on request.

Update/Patch policy: Devices, apps and software are patched as soon as possible after an update or patch is released. We may defer to end of working day, but then let it update. Operating systems, programs, phones and apps should all be set to ‘automatically update’ wherever this is an option. Any software or hardware which is no longer supported must be reviewed by IT for safety.

Information about potential threats gleaned from OWASP Threat Agent content, the Intel Threat Agent Library (TAL) and Threat Agent Risk Assessment (TARA).
Protective monitoring type Supplier-defined controls
Protective monitoring approach For logging and alerting, we are aiming to meet the GPG-13 baseline control set: PMC1, PMC4, PMC7, PMC9, PMC10, PMC1, PMC12.

Identification also via network intrusion and prevention tools (e.g. snort)

Response alerts senior sysadmin and Head of Research to a compromise, with third party assistance (e.g. via AWS) brought in as necessary.

Response to incidents is ASAP (best efforts) for high priority systems,
1 hour (working hours) for low priority systems.
Incident management type Supplier-defined controls
Incident management approach We have processes for common events (e.g. port probes) and rare events (denial of service attacks).

Users report inicidents via standard support channels.

Incident reports provided via issue management system (github)

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £50000 to £1125000 per unit
Discount for educational organisations Yes
Free trial available No

Service documents

Return to top ↑