Deployed Scoping Tool

An intelligent smart form determines the Scope of Work for a project. The tool then translates this input into a Statement of Work. This is the executable contract between the parties with a summary sheet to allow for quick review and decision making. A dashboard summarizes data on all SoWs.


  • User-facing, Intelligent Smart Form
  • Risk Engine and Risk Rating
  • Statement of Work Generator
  • Pricing Engine
  • Man Power Planner
  • Dashboard


  • Take Ownership of Scope Definition
  • Understand and Reduce Risk
  • Reduce Costs by Understanding the Breakdown and Requirements
  • Reduce Clutter such as Admin, Rework and Scope Creep
  • Safe time and SoW iterations
  • Standardised Design & Structure
  • Better Value for Money on People Related Contracts
  • Real-time Insights and Thoughtful Statistics
  • Enablement of Fasts and Powerful Decision-Making
  • Benchmarking and Negotiation Power


£500 to £15000 per licence per month

  • Free trial available

Service documents


G-Cloud 11

Service ID

7 1 3 3 0 4 2 7 1 3 9 1 9 2 9



Kayleigh Kuptz


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints N/A
System requirements To be able to use Microsoft Azure

User support

User support
Email or online ticketing support Email or online ticketing
Support response times SLA times are different on weekends
User can manage status and priority of support tickets No
Phone support No
Web chat support No
Onsite support No
Support levels We provide three levels of support:

P3 :72 hours with 8 hours initial response time
P2: 48 hours with 6 hours response time
P1: 24 hours with 3 hours response time

The price for the ticketing system is included in our subscription fee.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We have an initial assisted onboarding process which includes pre-loading of customer's data and policies which is coupled with organic training sessions.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction On exit, Deployed provides them with a zip file containing all relevant data.
End-of-contract process At the time of signing the contract a comprehensive exit plan is agreed. This is bespoke to each client.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The mobile version provides a streamlined experience surfacing the most frequently used features of the product while the desktop version provides a full set of services including administration functions such as user management.The product is web-based and both versions are responsive and work on screens and devices of all types.
Service interface No
Customisation available Yes
Description of customisation Users may customize the service via the SaaS tools provided. The product is web-based and customization options are mapped to various access levels. Only Deployed employees have super administrator status which allows them to override any user settings, however, clients are given the chance to self-service by logging into the portal as either administrators or managers and then by visiting the Settings screen.


Independence of resources Customer don't have their own tenant, however the system is highly scalable due to robust architecture choices such as being API-driven, being based on microservices and making use of massively scalable SaSS products on Microsoft Azure.


Service usage metrics Yes
Metrics types Our clients can designate administrators within their group who have access to records of audited operations. This includes tracking data access and documents management as well as some general system usage statistics. Optionally, data could be surfaced via an API for extra cost.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach The SaSS product is web-based and offers many opportunities for data download and reporting. Each feature has their own means of exporting data such as download in various formats or emailing, to name a few.
Data export formats CSV
Data import formats
  • CSV
  • Other
Other data import formats PDF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Any breached SLAs are judged on an case-by-case basis and refunds are worked out based on impact on any critical line of business operations or more serious problems such as potential data loss.
Approach to resilience Resilience is leveraged via Microsoft Azure SaSS services. The specifics of the overall system resilience would be an amalgamation of all the different services used and can be provided upon request.
Outage reporting Internally, visibility is given via monitoring tools dashboards and alerts. Notifications include emailing distribution lists, reporting to relevant Microsoft Team channels, automatic creation of ticket on the support team board. APIs are available including off-the-shelf metrics API from all the cloud products used.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels The product is a web-based SaSS secured by OpenId and OAuth 2.0 standards. Administrators within the customer's team are set up in the system as part of the on-boarding process and given privileges to access system settings for their organization including user management. All product features are governed by user claims. Internal tools and support channels are hosted on a completely separate system and hooked to a separate user store.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Data security and safeguarding is part of the on-boarding process for any employees. Company policies including directives on data security are always available, re-enforced via daily processes such as code reviews and standardization of tools and storage locations and then enforced during specific assignments or employee exit procedures.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Configuration management is for the most part code-driven and automated and therefore governed by code-reviewed approved actions. Change management processes are also enforced by code review and, where not applicable, manual changes accessible only to qualified staff members and properly documented.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Vulnerability management is largely delegated to Microsoft Azure via strategic selection and leverage of services that offer off-the-shelf comprehensive security. Potential threats are identified via Microsoft feed notifications as well as subscription to different cyber security alert sources.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Potential compromises are surfaced either via pro-active analysis of monitoring tools dashboards and metrics or alerts received based on unusual activity or notifications from Microsoft Azure. Response is measured against the severity and credibility of the threat, however, all critical issues, specially security threats, are reacted to immediately 24/7.
Incident management type Supplier-defined controls
Incident management approach Incidents can be raised by a number of departments. Monitoring teams may raise incidents based on the dashboard metrics, QA teams may raise incidents based on routine smoke testing of the production environment and automation tests may raise tickets based on pre-determined rules and priority. Potential threats create tickets which are triaged by designated tech team members. Their priorities are automatically assigned where possible, such as, for instance, where an email subject is known and consistent.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £500 to £15000 per licence per month
Discount for educational organisations No
Free trial available Yes
Description of free trial A Proof of Concept or Data Exchange

Service documents

Return to top ↑