G-Cloud 11 services are suspended on Digital Marketplace

If you have an ongoing procurement on G-Cloud 11, you must complete it by 18 December 2020. Existing contracts with KAIASM LTD are still valid.
KAIASM LTD

Kaiasm Demand Engine

We give our clients the ability to radically align their proposition with the demand in their market/information space, satisfying users and growing market share in the process.

It drives competition analysis, buying/content strategy, supplier analysis, range/category/information extension, PIM, online product filtering, extended conversion rate optimisation, on-site search and information architecture.

Features

  • Remote access
  • Browser based
  • Visualised insight
  • Action lists - and action-forwarding
  • Mapping large scale demand data to services and products
  • Performance reporting for continuous alignment to demand
  • Information architecture creation and transition
  • Onsite search capability enhancement (Endeca, Funnelback, Solr etc)
  • Easy integrations with client systems e.g. project management, chat, analytics
  • Organic search performance management

Benefits

  • Shifting operational focus from supply-led to demand-led
  • Prioritisation operational tasks towards greatest value
  • Seeing the whole market/information space in one view
  • Insight to inform product or information range-extension
  • Supporting your clients in finding what you offer
  • Aligning internal culture to external demand
  • Clear and simple visualisation without losing valuable information

Pricing

£50,000 to £1,125,000 a unit

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@kaiasm.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 11

Service ID

6 6 2 5 9 3 3 2 5 0 1 9 2 7 1

Contact

KAIASM LTD Liam McGee
Telephone: 0330 223 1164
Email: info@kaiasm.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Analytics e.g.: Google Analytics; Adobe Analytics.
On-site search technologies e.g.: Solr; Endeca; Funnelback; ElasticSearch; Algolia; Fredhopper; Attraqt.
Agile project management e.g.: Jira; Trello; Github; Zenhub.
Internal services and products
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
None.
System requirements
None

User support

Email or online ticketing support
Email or online ticketing
Support response times
4 Hour response time to emails
9:00-17:00 Mon-Fri
Excluding weekends and public holidays

faster response by separate negotiation
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
We are with our clients for the long game. Our support aims to partner with the client to remove any organisational, operational, technical and even financial obstacles from the path of the project. Implementation support is included within the project cost, with further support levels available (and costed) on a case by case basis.

We provide a technical account manager as part of the service.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Onsite training
Blended learning
User documentation
Help-as-you-work via tooltips and keys
SCORM-compliant training modules via moodle or integrated into client's own training system.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
Via download through the user interface.

For the client's convenience, this may be accomplished for a period after the contract ends via a support request.
End-of-contract process
The service is suspended and the client can download their data.
Support of ingestion into other systems is available at extra cost - for example, if a particular schema is required.

Using the service

Web browser interface
Yes
Supported browsers
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Visualisations are smaller, and the layout changes, but all functionality is in place.
Service interface
No
API
Yes
What users can and can't do using the API
We provide a read API for most aspects of the service. Bulk writes would be done via a support request.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Customisation: every view can be customised via filters, reorders and data cuts. Most aspects of the visualisation (labels, number of nodes shown) are also custom options

Bespoking: the tool is often bespoked to the particular needs of large clients.

Scaling

Independence of resources
Each client gets their own instance or set of instances within AWS.

We also give uptime guarantees within our SLA for our digital tools (see 'guaranteed availability' below.

Analytics

Service usage metrics
Yes
Metrics types
Implementation quality
Implementation extent
Search visibility
Demand Alignment ratio
Google Analytics (sessions, visitors, pageviews etc.)
Actions (sent via email or via a project management tool integration)
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
Less than once a year
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Via the web application.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • Freemind mm
  • Treejack compliant csv
  • Neo4j data dump
  • Excel xlsx
  • Mongo data dump
  • RDF
  • JSON
  • XML
  • Anything else requested, within reason e.g. OWL, SKOS
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
We'll take anything digital.

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks
IP whitelist
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
IP whitelist

Availability and resilience

Guaranteed availability
# Uptime
Uptime of covered services is guaranteed to a certain percentage of time within UK office hours, which is 9am-5pm Mon-Fri excluding bank holidays (the services will normally also be available outside these hours). The level of guaranteed uptime depends on the priority level of the service:

Priority level Guaranteed uptime
1 99.9%
2 99%
3 98%

Uptime is calculated to the nearest minute, based on the number of minutes in the given month within the scope of the SLA. If uptime for any item drops below the relevant threshold, a penalty will be applied in the form of a credit for the client.
The level of penalty will be calculated depending on the number of hours for which the service was unavailable, minus the downtime permitted by the SLA:

Priority level Penalty per hour (Pro-rated to nearest minute)
1 5% of monthly charge for covered service
2 2% of monthly charge for covered service
3 1% of monthly charge for covered service

Uptime penalties in any month are capped at 100% of the total monthly fee of the covered service
Uptime measurements exclude periods of routine maintenance. These must be agreed between the supplier and client in advance.
Approach to resilience
Available on request.
Outage reporting
Configurable email alert.

Identity and authentication

User authentication needed
Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Management interfaces:
- User roles
- Username/password
- IP address whitelisting

Admin interfaces and access
- Private Key
- 2-factor authentication
Access restriction testing frequency
At least once a year
Management access authentication
  • Username or password
  • Other
Description of management access authentication
IP range limiting

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
We comply with those aspects of ISO/IEC 27001 we deem applicable to our type and size of company and service. We do not hold sensitive or personally identifiable data, and where non-commercial would normally be appropriate for open realease, so the security hazards are comparatively low.
Information security policies and processes
We have policies processes and reporting based on those parts of ISO27001 appopriate to our size and type of business, together with UK Cyber Essentials. We use an Assets, Threats and Vulnerabilities risk model.

Scope:
We hold information in electronic media (databases, files in PDF, Word, Excel, and other formats), and on paper either as printed materials or handwritten notes. We hold it on behalf of employees, clients, suppliers and partners, and we provide various elements of it as appropriate and reasonable to shareholders, our country’s government agencies and regulators, the media, and the local community.
Our information systems include systems and data attached to our data or telephone networks, systems managed by us, mobile devices used to connect to our networks or hold our data, data over which we hold the intellectual property rights, data over which we are the data controller or data processor, and communications sent from or to us.

Information security policies (available on request):
- Classification
- Backups
- Access Control
- Passwords
- Cryptographic controls
- Disaster recovery
- BYOD and Work from Home

Cyber security policies (available on request):
- Authentication
- Anti malware
- Install/Update
- Firewalls
- Removable storage

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Available on request.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We use an assets/threats/vulnerabilities model. Resisters of these are available on request.

Update/Patch policy: Devices, apps and software are patched as soon as possible after an update or patch is released. We may defer to end of working day, but then let it update. Operating systems, programs, phones and apps should all be set to ‘automatically update’ wherever this is an option. Any software or hardware which is no longer supported must be reviewed by IT for safety.

Information about potential threats gleaned from OWASP Threat Agent content, the Intel Threat Agent Library (TAL) and Threat Agent Risk Assessment (TARA).
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
For logging and alerting, we are aiming to meet the GPG-13 baseline control set: PMC1, PMC4, PMC7, PMC9, PMC10, PMC1, PMC12.

Identification also via network intrusion and prevention tools (e.g. snort)

Response alerts senior sysadmin and Head of Research to a compromise, with third party assistance (e.g. via AWS) brought in as necessary.

Response to incidents is ASAP (best efforts) for high priority systems,
1 hour (working hours) for low priority systems.
Incident management type
Supplier-defined controls
Incident management approach
We have processes for common events (e.g. port probes) and rare events (denial of service attacks).

Users report inicidents via standard support channels.

Incident reports provided via issue management system (github)

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£50,000 to £1,125,000 a unit
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@kaiasm.com. Tell them what format you need. It will help if you say what assistive technology you use.