Budgeting, Reporting, Consolidation Solution - Host Analytics
Host Analytics is an Enterprise Performance Management Platform (plan, budget, forecast, consolidation & reporting). RSM provides licences and a range of services for organisations wishing to implement a Host Analytics software to support planning, budgeting, forecasting, consolidation and reporting processes on a single, scalable cloud-based .
- Complete cloud-based Enterprise Performance Management (EPM) Platform
- “Software as a Service" delivery model
- Scalable, three-tier, multitenant cloud architecture
- Infrastructure with appropriate processing power based on the user's need
- Automated upgrades and security patches
- Run across multiple servers, balanced based on user volume
- Customer’s data and metadata are maintained and managed separately
- Robust data integrity and security
- Reduces Total Cost of Ownership and Time to Implement
- No need for additional hardware,data center space and software investment
- Allowing immediate access to new, innovative functionality, driven by customers
- State of the Art SOC1/SOC2 Type II certified hosting
- Guaranteed 99.5% uptime to ensure easy application access for users
- Easy and flexible configuration with implementations are measured in weeks
- Advanced networking and data security services
- Pre-built templates and functionality
£17 per unit per month
- Education pricing available
- Pricing document
- Skills Framework for the Information Age rate card
- Service definition document
- Terms and conditions
- Modern Slavery statement
0121 214 3100
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Service constraints||No known constraints or limitations|
|System requirements||No hardware, software, and network requirements|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Host Analytics offer one level of support for all of our customers called Premium Support. Premium Support includes a call-back response time of under two (2) hours.|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Host Analytics offer one level of support called Premium Support.
Host Analytics Premium Support provides an enhanced level of support available to Host Analytics Clients at no additional cost.
Premium Support includes:
* Toll-free telephone support
* Under two (2) hour call-back response time
* Four (4) authorized support contacts
* 24x7 critical phone support
* Support coverage from 8:00AM to 8:00PM (you select one of our time zones), Monday to Friday, excluding holidays
* USA Pacific Time (PST/PDT)
* USA Central Time (CST/CDT)
* USA Eastern Time (EST/EDT)
* European (UTC)
* Australia (AEST/AEDT)
Customers have the ability to receive assistance at any time via their preferred medium (toll-free phone/ online portal/ email/ live chat) and the priority of the case is defined by the customer.
There is an automated ticket system where you can submit a support ticket and assign the urgency needed for said ticket. The ticket is then assigned to a support agent who is responsible for solving the case.
In addition to support, a Customer Success Manager (CSM) is assigned to proactively monitor, survey, and engage with the client.
|Support available to third parties||Yes|
Onboarding and offboarding
At the outset of the implementation project, individuals designated as system administrators are required to complete the appropriate courses in the Host Analytics “Getting Started” series. Those individuals need a baseline understanding of the system in order to effectively participate in configuration and design discussions with our consultants. From there, we offer a broad array of training in a variety of different forms.
We have training programs, offerings, and curriculum that align to each one of your users' maturity with the product. Training is provided at all times during the length of your subscription agreement. Training materials can be accessed through our Host Academy application and come in many different forms: online instructor-led courses, online self-paced training modules, a training sandbox, and much more. The library of courses is tailored to the role of each user and includes recommended new courses and updates.
There is also a comprehensive Online Help available in addition to a Knowledge Base and User Community site with contextual help screens and self-paced training videos accessible from the application. In addition to all self-paced and virtual instructor-led courses, 3-day Boot Camps are also available for users with additional cost.
|Other documentation formats||
|End-of-contract data extraction||Users would typically contact Host Support team for assistance in extracting their data at the end of their subscription term. Some customers complete data extraction without assistance. Data is typically exported in a CSV file format.|
|End-of-contract process||The Host Analytics subscription price includes a dedicated Customer Success Manager. In the case that a Customer is coming to the end of their subscription term, the Customer Success Manager will guide said Customer during their offboarding process which includes making provisions for return of any requested customer data. Once the process is complete (usually within 28 days), all Customer data captured with Host’s application services is securely deleted. We understand that every Customer's exit plan is unique to their situation and specific requirements.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Host Analytics is a browser-based platform meaning that users can access the platform from anywhere, as long as they have access to a device (e.g. desktop, laptop, smart phone, tablet) with browser and internet connection. The mobile instance of Host Analytics platform does not have the full functionalities of the desktop platform, but will still have intuitive features such as point-and-click capabilities and easy navigation.|
|Accessibility standards||WCAG 2.1 AA or EN 301 549|
|Accessibility testing||Host Analytics EPM Application Suite is delivered as Software as a Service mode. We utilize Microsoft Technologies which has supports accessibility standard requirements.|
|What users can and can't do using the API||
The Host EPM platform supports data import/export to/from other applications via API integration. Therefore, it offers the ability to not only write data from outside applications in the Host Analytics database, but to also push the data out of our system into any data warehouse (DW), enterprise resource planning (ERP) system, or other systems.
Host Analytics API is primarily used to establish integrations with other databases.
|API documentation formats||Open API (also known as Swagger)|
|API sandbox or test environment||Yes|
|Independence of resources||
The Host Analytics infrastructure is designed to have dedicated resources at 2x the current load at anytime. The application and system are rapidly scalable and Dynamic Resource Scheduling is utilised to redistribute load based on host failure or heavy usage. When peak loads increase, new servers are brought online to ensure that substantial reserve capacity is maintained at all times. For this reason, there is no scalability limitation related to user access.
There is no limit on the number of users, concurrent users, or where globally those users are logging into the application.
|Service usage metrics||Yes|
|Metrics types||Host Analytics system status/service uptime is communicated through via Trust website (http://trust.hostanalytics.com/).|
|Supplier type||Reseller providing extra support|
|Organisation whose services are being resold||Host Analytics|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||EU-US Privacy Shield agreement locations|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a CHECK service provider|
|Protecting data at rest||
|Other data at rest protection approach||
Documented "Physical Security Policy” is reviewed on annual cycle basis.
• The customer data is stored at primary and secondary data centers only.
• The data centers physical security controls include restricted entry and exit gates, CCTV cameras, man-traps, multi-factor access controls including bio-metrics, physical security guards, motion sensors etc.
• Access to Server Room is restricted to Technical Operations personnel after completion of background checks
• Host Analytics owns and manages IT Infrastructure and Application Code at hosting facility provided by leading data center service provider. All production system servers and security equipment’s are located in a separate cage.
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||In-house destruction process|
Data importing and exporting
|Data export approach||Easy export of data with a few clicks into a file.|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||In the Host Analytics SLA signed with customers, Host Analytics agree to use commercially reasonable efforts to provide availability to the Application Services on the Production Environment 99.5% of the time. Host Analytics have historically achieved an uptime of 99.9%.|
|Approach to resilience||
Host Analytics has built the application to ensure high availability and scalability. Host Analytics provides scalability by performing load forecasting and building in excess capacity. Excess capacity is available at all times via fully configured servers operating in standby mode. When peak loads increase, those servers are brought online to ensure that substantial reserve capacity is maintained at all times.
EPM application's secured architecture includes DDoS Protection Engine, Firewalls, Intrusion Detection System (IDS), and Log Monitoring. The Security Incident and Event Management (SIEM) system provides alerts to Host Analytics Network Operations Center about any abnormal activity/patterns on real time basis.
|Outage reporting||In the case of a security incident or data breach, Host team provides notification to affected customers within 48 hours of discovery. A detailed root cause analysis report is provided within 5 business days. The incident information is communicated via Trust website (http://trust.hostanalytics.com/), email, or RSS feed.|
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||
Host Analytics production system user access provisioning is divided between;
- Host Analytics technical team access to production systems follows least privileges and segregation of duties principles.
- Customer User Access to their own data and role-based access controls. Host Analytics provide native login and integration with any Identity management system that can process a SAML 2.0 assertion.
The application also supports multi-factor authentication (MFA) and source IP whitelisting to further enhance customer’s user access. Access to customer data is not outsourced to any external ASP or 3rd party.
|Access restrictions in management interfaces and support channels||You will retain ownership of your data at all times and can even restrict Host access to their application. The Host Analytics EPM Cloud solution includes an option that customers can select which will allow Host Analytics Support Users to access a customer’s application to better help them facilitate necessary tasks or provide additional assistance. When Support Access is turned off, Host Analytics Support Users will not have access to a customer’s application. The system keeps audit logs of all Support Users that log in to a customer’s application.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
|Description of management access authentication||
Host Analytics use a separate production management network (PMN) for management access and for Technical Operations Team access to production data centers.
They have layered security approach to secure remote access. Only authorized technical operations team members after completion of successful background checks are provided with remote VPN. The MAC address of the Host provided laptop is required to be registered with Data Center. For VPN a separate credential is provided for each user. Once the VPN tunnel is established domain account and authentication is required. Multi-factor authentication is mandatory for production system access.
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||Less than 1 month|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||Less than 1 month|
|How long system logs are stored for||Less than 1 month|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||
|Other security governance standards||Host Analytics follows ISO-27001 standard for the Information Security Management Framework (ISMF). They conduct annual SSAE-18/SOC 1 Type II, AT-101/SOC2 Type II, AT-101/SOC3, HIPAA BAA, Trust Arc Privacy Seal, EU-US Privacy Shield, Swiss-US Privacy Shield and GDPR assessments.|
|Information security policies and processes||
Host Analytics follows:
1. ISO-27001 standard for Information Security Management Framework
2. NIST-800 / FIPS-140 for encryption technology,
3. NIST-800 for system hardening and secure configurations
4. OWASP for SDLC and Vulnerability Management
5. Enterprise privacy seal, EU-US privacy shield and Swiss-US privacy shield certifications for data privacy
6. GDPR addendum/assessment
The internal control framework for SSAE-18/SOC1 and AT-101/SOC2 compliance covers all of the above controls related to data security and data life cycle management and is audited every year by independent third-party auditors.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Host Analytics has a documented Change Control Policy that is reviewed annually. The changes are managed via a "Service Request & Approval" process. The production system changes including IT infrastructure, network, systems, operating system patches, code releases must be approved by the VP, Technical Operations & Trust, or his designee.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Host Analytics has an established Vulnerability Management and Penetration Testing program. They follow an OWASP model to apply fixes at Critical severity – 72 hours, High severity – 30 days, and Medium severity – 60 days. Our penetration test reports are reviewed by third-party auditors during our SOC1 and SOC2 audits.
1. Static code analysis, and internal penetration test per feature release (quarterly)
2. External network scans are performed by a third party every month
3. Annual Application penetration testing is performed by a third party.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Host Analytics has a 24x7 Network Operations Center (NOC) and Security Operations Center (SOC) where their team continuously monitors the system. Both the NOC and SOC have processes in place should the team find any incidents. SLA monitoring is done by third-party service provider every ten minutes, from four different locations.
The Host Analytics secured architecture covers Intrusion Detection System and Log Monitoring. The Security Incident and Event Management system provides alerts to the Host Analytics Network Operations Center about any abnormal activity/patterns on a real time basis. The SIEM service is provided by a third a party.
|Incident management type||Supplier-defined controls|
|Incident management approach||
Host Analytics has documented Incident Response Plan.
• 24x7 Network Operations Center (NOC) and Security Operations (SOC) Teams
• The application suite secured architecture includes DDoS Protection Engine, Firewalls, Intrusion Detection System (IDS) and Log Monitoring. The Security Incident and Event Management (SIEM) system provides alerts to Host Analytics Network Operations Center about any abnormal activity/patterns on real time basis.
• Per incident response procedures, the incidents are categorized as P1-Critical, P2-Major and P3-Minor incidents. P1 and P2 incidents are covered 24x7. A service request ticket is generated and assigned to our Network Operations Center (NOC) and escalated, if necessary.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£17 per unit per month|
|Discount for educational organisations||Yes|
|Free trial available||No|