Budgeting, Reporting, Consolidation Solution - Host Analytics

Host Analytics is an Enterprise Performance Management Platform (plan, budget, forecast, consolidation & reporting). RSM provides licences and a range of services for organisations wishing to implement a Host Analytics software to support planning, budgeting, forecasting, consolidation and reporting processes on a single, scalable cloud-based .


  • Complete cloud-based Enterprise Performance Management (EPM) Platform
  • “Software as a Service" delivery model
  • Scalable, three-tier, multitenant cloud architecture
  • Infrastructure with appropriate processing power based on the user's need
  • Automated upgrades and security patches
  • Run across multiple servers, balanced based on user volume
  • Customer’s data and metadata are maintained and managed separately
  • Robust data integrity and security


  • Reduces Total Cost of Ownership and Time to Implement
  • No need for additional hardware,data center space and software investment
  • Allowing immediate access to new, innovative functionality, driven by customers
  • State of the Art SOC1/SOC2 Type II certified hosting
  • Guaranteed 99.5% uptime to ensure easy application access for users
  • Easy and flexible configuration with implementations are measured in weeks
  • Advanced networking and data security services
  • Pre-built templates and functionality


£17 per unit per month

  • Education pricing available

Service documents


G-Cloud 11

Service ID

6 7 0 3 6 5 6 7 1 8 2 1 0 1 6



Kathryn Styler

0121 214 3100

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints No known constraints or limitations
System requirements No hardware, software, and network requirements

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Host Analytics offer one level of support for all of our customers called Premium Support. Premium Support includes a call-back response time of under two (2) hours.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Host Analytics offer one level of support called Premium Support.
Host Analytics Premium Support provides an enhanced level of support available to Host Analytics Clients at no additional cost.
Premium Support includes:
* Toll-free telephone support
* Under two (2) hour call-back response time
* Four (4) authorized support contacts
* 24x7 critical phone support
* Support coverage from 8:00AM to 8:00PM (you select one of our time zones), Monday to Friday, excluding holidays
* USA Pacific Time (PST/PDT)
* USA Central Time (CST/CDT)
* USA Eastern Time (EST/EDT)
* European (UTC)
* Australia (AEST/AEDT)
Customers have the ability to receive assistance at any time via their preferred medium (toll-free phone/ online portal/ email/ live chat) and the priority of the case is defined by the customer.
There is an automated ticket system where you can submit a support ticket and assign the urgency needed for said ticket. The ticket is then assigned to a support agent who is responsible for solving the case.
In addition to support, a Customer Success Manager (CSM) is assigned to proactively monitor, survey, and engage with the client.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started At the outset of the implementation project, individuals designated as system administrators are required to complete the appropriate courses in the Host Analytics “Getting Started” series. Those individuals need a baseline understanding of the system in order to effectively participate in configuration and design discussions with our consultants. From there, we offer a broad array of training in a variety of different forms.
We have training programs, offerings, and curriculum that align to each one of your users' maturity with the product. Training is provided at all times during the length of your subscription agreement. Training materials can be accessed through our Host Academy application and come in many different forms: online instructor-led courses, online self-paced training modules, a training sandbox, and much more. The library of courses is tailored to the role of each user and includes recommended new courses and updates.

There is also a comprehensive Online Help available in addition to a Knowledge Base and User Community site with contextual help screens and self-paced training videos accessible from the application. In addition to all self-paced and virtual instructor-led courses, 3-day Boot Camps are also available for users with additional cost.
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
  • Online community
  • Online Knowledge Base and training materials
End-of-contract data extraction Users would typically contact Host Support team for assistance in extracting their data at the end of their subscription term. Some customers complete data extraction without assistance. Data is typically exported in a CSV file format.
End-of-contract process The Host Analytics subscription price includes a dedicated Customer Success Manager. In the case that a Customer is coming to the end of their subscription term, the Customer Success Manager will guide said Customer during their offboarding process which includes making provisions for return of any requested customer data. Once the process is complete (usually within 28 days), all Customer data captured with Host’s application services is securely deleted. We understand that every Customer's exit plan is unique to their situation and specific requirements.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Host Analytics is a browser-based platform meaning that users can access the platform from anywhere, as long as they have access to a device (e.g. desktop, laptop, smart phone, tablet) with browser and internet connection. The mobile instance of Host Analytics platform does not have the full functionalities of the desktop platform, but will still have intuitive features such as point-and-click capabilities and easy navigation.
Service interface Yes
Description of service interface The system is intuitive because it doesn't require a deep system interface for users to learn. Data is presented in one interface where users can access the tasks they need to accomplish. The reporting interface is similar in that a business user can simply place business dimensions onto a simple palate and create a report on the fly with little or no training.
Accessibility standards WCAG 2.1 AA or EN 301 549
Accessibility testing Host Analytics EPM Application Suite is delivered as Software as a Service mode. We utilize Microsoft Technologies which has supports accessibility standard requirements.
What users can and can't do using the API The Host EPM platform supports data import/export to/from other applications via API integration. Therefore, it offers the ability to not only write data from outside applications in the Host Analytics database, but to also push the data out of our system into any data warehouse (DW), enterprise resource planning (ERP) system, or other systems.
Host Analytics API is primarily used to establish integrations with other databases.
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment Yes
Customisation available No


Independence of resources The Host Analytics infrastructure is designed to have dedicated resources at 2x the current load at anytime. The application and system are rapidly scalable and Dynamic Resource Scheduling is utilised to redistribute load based on host failure or heavy usage. When peak loads increase, new servers are brought online to ensure that substantial reserve capacity is maintained at all times. For this reason, there is no scalability limitation related to user access.

There is no limit on the number of users, concurrent users, or where globally those users are logging into the application.


Service usage metrics Yes
Metrics types Host Analytics system status/service uptime is communicated through via Trust website (
Reporting types
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra support
Organisation whose services are being resold Host Analytics

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach Documented "Physical Security Policy” is reviewed on annual cycle basis.
• The customer data is stored at primary and secondary data centers only.
• The data centers physical security controls include restricted entry and exit gates, CCTV cameras, man-traps, multi-factor access controls including bio-metrics, physical security guards, motion sensors etc.
• Access to Server Room is restricted to Technical Operations personnel after completion of background checks
• Host Analytics owns and manages IT Infrastructure and Application Code at hosting facility provided by leading data center service provider. All production system servers and security equipment’s are located in a separate cage.
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Easy export of data with a few clicks into a file.
Data export formats
  • CSV
  • Other
Other data export formats
  • Excel
  • PDF
  • Word
  • Power Point
  • GoogleSheet
  • Goodle Document
  • Tab Deliminated
Data import formats
  • CSV
  • Other
Other data import formats
  • Excel
  • Text
  • Any other flat file

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability In the Host Analytics SLA signed with customers, Host Analytics agree to use commercially reasonable efforts to provide availability to the Application Services on the Production Environment 99.5% of the time. Host Analytics have historically achieved an uptime of 99.9%.
Approach to resilience Host Analytics has built the application to ensure high availability and scalability. Host Analytics provides scalability by performing load forecasting and building in excess capacity. Excess capacity is available at all times via fully configured servers operating in standby mode. When peak loads increase, those servers are brought online to ensure that substantial reserve capacity is maintained at all times.
EPM application's secured architecture includes DDoS Protection Engine, Firewalls, Intrusion Detection System (IDS), and Log Monitoring. The Security Incident and Event Management (SIEM) system provides alerts to Host Analytics Network Operations Center about any abnormal activity/patterns on real time basis.
Outage reporting In the case of a security incident or data breach, Host team provides notification to affected customers within 48 hours of discovery. A detailed root cause analysis report is provided within 5 business days. The incident information is communicated via Trust website (, email, or RSS feed.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication Host Analytics production system user access provisioning is divided between;
- Host Analytics technical team access to production systems follows least privileges and segregation of duties principles.
- Customer User Access to their own data and role-based access controls. Host Analytics provide native login and integration with any Identity management system that can process a SAML 2.0 assertion.
The application also supports multi-factor authentication (MFA) and source IP whitelisting to further enhance customer’s user access. Access to customer data is not outsourced to any external ASP or 3rd party.
Access restrictions in management interfaces and support channels You will retain ownership of your data at all times and can even restrict Host access to their application. The Host Analytics EPM Cloud solution includes an option that customers can select which will allow Host Analytics Support Users to access a customer’s application to better help them facilitate necessary tasks or provide additional assistance. When Support Access is turned off, Host Analytics Support Users will not have access to a customer’s application. The system keeps audit logs of all Support Users that log in to a customer’s application.
Access restriction testing frequency At least once a year
Management access authentication
  • Dedicated link (for example VPN)
  • Other
Description of management access authentication Host Analytics use a separate production management network (PMN) for management access and for Technical Operations Team access to production data centers.
They have layered security approach to secure remote access. Only authorized technical operations team members after completion of successful background checks are provided with remote VPN. The MAC address of the Host provided laptop is required to be registered with Data Center. For VPN a separate credential is provided for each user. Once the VPN tunnel is established domain account and authentication is required. Multi-factor authentication is mandatory for production system access.

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Less than 1 month
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for Less than 1 month
How long system logs are stored for Less than 1 month

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Annual certification audits for SSAE-18/SOC1 Type II
  • AT- 101/SOC2 Type II
  • AT-101/SOC3 reports

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards Host Analytics follows ISO-27001 standard for the Information Security Management Framework (ISMF). They conduct annual SSAE-18/SOC 1 Type II, AT-101/SOC2 Type II, AT-101/SOC3, HIPAA BAA, Trust Arc Privacy Seal, EU-US Privacy Shield, Swiss-US Privacy Shield and GDPR assessments.
Information security policies and processes Host Analytics follows:
1. ISO-27001 standard for Information Security Management Framework
2. NIST-800 / FIPS-140 for encryption technology,
3. NIST-800 for system hardening and secure configurations
4. OWASP for SDLC and Vulnerability Management
5. Enterprise privacy seal, EU-US privacy shield and Swiss-US privacy shield certifications for data privacy
6. GDPR addendum/assessment
The internal control framework for SSAE-18/SOC1 and AT-101/SOC2 compliance covers all of the above controls related to data security and data life cycle management and is audited every year by independent third-party auditors.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Host Analytics has a documented Change Control Policy that is reviewed annually. The changes are managed via a "Service Request & Approval" process. The production system changes including IT infrastructure, network, systems, operating system patches, code releases must be approved by the VP, Technical Operations & Trust, or his designee.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Host Analytics has an established Vulnerability Management and Penetration Testing program. They follow an OWASP model to apply fixes at Critical severity – 72 hours, High severity – 30 days, and Medium severity – 60 days. Our penetration test reports are reviewed by third-party auditors during our SOC1 and SOC2 audits.
They conduct:
1. Static code analysis, and internal penetration test per feature release (quarterly)
2. External network scans are performed by a third party every month
3. Annual Application penetration testing is performed by a third party.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Host Analytics has a 24x7 Network Operations Center (NOC) and Security Operations Center (SOC) where their team continuously monitors the system. Both the NOC and SOC have processes in place should the team find any incidents. SLA monitoring is done by third-party service provider every ten minutes, from four different locations.
The Host Analytics secured architecture covers Intrusion Detection System and Log Monitoring. The Security Incident and Event Management system provides alerts to the Host Analytics Network Operations Center about any abnormal activity/patterns on a real time basis. The SIEM service is provided by a third a party.
Incident management type Supplier-defined controls
Incident management approach Host Analytics has documented Incident Response Plan.
• 24x7 Network Operations Center (NOC) and Security Operations (SOC) Teams
• The application suite secured architecture includes DDoS Protection Engine, Firewalls, Intrusion Detection System (IDS) and Log Monitoring. The Security Incident and Event Management (SIEM) system provides alerts to Host Analytics Network Operations Center about any abnormal activity/patterns on real time basis.
• Per incident response procedures, the incidents are categorized as P1-Critical, P2-Major and P3-Minor incidents. P1 and P2 incidents are covered 24x7. A service request ticket is generated and assigned to our Network Operations Center (NOC) and escalated, if necessary.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £17 per unit per month
Discount for educational organisations Yes
Free trial available No

Service documents

Return to top ↑