erwin CloudCore is a cloud-based platform-as-a-service (PaaS) suite, providing data modelers and enterprise architects with superior speed and ease of use in an on-demand environment. Pay-as-you-go versions of erwin DM, erwin EA and erwin BP are delivered via erwin CloudCore plus bring-your-own-license support for existing customers.
- No in-house infrastructure required. Scale hardware to suit your needs.
- Software installed by erwin and integrations are pre-configured.
- Software upgrades are available automatically.
- Standards definition and deployment.
- Option for behind firewall installation on private cloud instance.
- Faster solution delpoyment.
- Flexible cost model.
- Easily extendable solutions.
- Rigourously tested environments.
- Standard deployment allows route to easier software upgrades.
£2209 per user per year
- Free trial available
Sandhill Consultants Ltd
|System requirements||Current Microsoft Windows critical updates|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Response times are different at weekend but are backed up by vendor support of 24 x 7|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
|Support levels||Free of charge upgrades, bug issue resolution, provision of standard fixes and workarounds to known problems, managing your erwin relationship and issue escalations, license key assistance and management, rapid response on 'How to Support', Direct access to erwin experts by email, telephone, and remote desktop, guidance on upgrades, guidance on 'known issues', model testing, Answering product installation configuration and usage questions, in depth product knowledge of erwin and complimentary products. 24 x 7 technical support provided by vendor. All of the above in included within cost of product and maintenance.|
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||General support and assistance is available from Sandhill, however Sandhill can provide onsite or online training at an additional cost. User documentation is available with the product purchase.|
|End-of-contract data extraction||CSV export|
|End-of-contract process||Service ends at end of license subscription period. Data can be made available for 30 days after end of contract. No additional costs at end of contract.|
Using the service
|Web browser interface||Yes|
|Using the web interface||Only limitations are governed by licensing|
|Web interface accessibility standard||None or don’t know|
|How the web interface is accessible||Accessible via a web browser|
|Web interface accessibility testing||In road map|
|What users can and can't do using the API||Multiple options.|
|API automation tools||Ansible|
|API documentation formats|
|Command line interface||Yes|
|Command line interface compatibility||Windows|
|Using the command line interface||Multiple options.|
|Independence of resources||Regular capacity testing and assessment completed by erwin Inc.|
|Infrastructure or application metrics||No|
|Supplier type||Reseller providing extra features and support|
|Organisation whose services are being resold||Erwin Inc|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Encryption of all physical media|
|Data sanitisation process||No|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Backup and recovery
|Backup and recovery||Yes|
|What’s backed up||Databases|
|Backup controls||Yes can back up on a different schedule through a contracted agreement.|
|Datacentre setup||Multiple datacentres with disaster recovery|
|Scheduling backups||Users schedule backups through a web interface|
|Backup recovery||Users contact the support team|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||Erwin shall make the Service available twenty-four (24) hours per day, seven (7) days a week with a minimum uptime level of ninety-nine and nine tenths of a percent (99.9%) measured on an aggregate monthly basis, with no single unscheduled outage exceeding four (4) consecutive hours in a single seven (7) day period. Should Erwin incur an unscheduled outage in excess of four (4) hours or more than two (2) unscheduled outages in excess of two (2) hours or more in duration within a single billing month, upon notice by Customer and confirmation by Erwin, Customer will be credited 10% of that month’s monthly recurring payment. Such service availability does not, however, include regularly scheduled maintenance or any unscheduled downtime due to failures beyond Erwin’s control (such as errors or malfunctions due to Customer’s computer systems, local networks or Internet connectivity).|
|Approach to resilience||Daily back up of application and database server. RTO (recovery time objective) of 24 hours. AWS AZ to ensure database is synchronised.|
|Outage reporting||Email alerts. Public dashboard in roadmap.|
Identity and authentication
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||There is an option within the account section of the tool, where the client administrator can allow erwin support access, to log into a client’s area and test the issue they are seeing, or test fixes once applied. This access is completely controlled by the customer and is turned off by default. For server maintenance, a Jump server is used to access any AWS remote production environments, including connecting through a provisioning server, requiring private key access. The Jump server is locked to the corporate network ip address and the provisioning server(s) can only be accessed using the Jump server.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
|Devices users manage the service through||Dedicated device on a segregated network (providers own provision)|
Audit information for users
|Access to user activity audit information||No audit information available|
|Access to supplier activity audit information||No audit information available|
|How long system logs are stored for||Between 1 month and 6 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||British Assesment Bureau|
|ISO/IEC 27001 accreditation date||31/12/2017|
|What the ISO/IEC 27001 doesn’t cover||Scope of certification is the provision of SaaS and Hosting Services|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||ISO 27001 Standards and Procedures. Reporting structure is Senior Vice President of erwin managed through the cloud services team.|
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||All changes are raised via the support ticketing system, Zendesk, and will be added into the development tracking system. Code changes are implemented with build script - we do use automated deployment tools for code movement and roll-backs from our beta, staging and live environments. Changes are approved by Development and Product Manager of erwin before being pushed.|
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
Vulnerability scanning tool generates reports, tested against a known database of issues. Rule sets use common vulnerabilities and exposures (CVE), center for internet security (CIS) Operating System configuration benchmarks, and security best practices.
High and Medium issues resolved as quickly as possible. Low and Informational issues worked into the normal sprint plans.
Security pack covers whole platform of solutions:
- Intrusion Detection/Prevention and hosting of agents and manager within remote environment
- Security Information and Event Monitoring (SIEM – Manage Engine EventLog Analyzer) - and the hosting of the agents and manager within the remote environment
- Quarterly vulnerability testing.
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||
If the advanced security pack is chosen (on single tenant environments), we utilise an IDS/IPS tooling and all events are sent to a central management console, managed by DevOps team.
The IPS software will remediate and block issues where they are found.
Any alerts will quickly be responded to and remediated by the DevOps team, depending on criticality.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
Incident record is created in the Quality Log
Incident Manager assigned to co-ordinate resolution and communications . Incident manager will work with the account manager to keep the customer informed.
Issues will be escalated to Product Management and Development Management.
Escalation beyond this is to the senior management team
Customer is notified of the issue/incident and the plans to resolve it by the account manager.
Development Manager will review the issue, any knock-on effects and devise the best fix method
Change management process follows attempts at resolving the issue.
Incident Report completed afterwards detailing the cause, lessons learned.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||No|
|Price||£2209 per user per year|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||Full access to software for 30 day trial period|
|Pricing document||View uploaded document|
|Terms and conditions document||View uploaded document|