MEGA INTERNATIONAL LIMITED

HOPEX Cloud for IT and Business Management (ITBM)

HOPEX ITBM allows to create a strategic road-map with planning of future business capabilities and related IT investments using Business Architecture. It makes possible to optimise IT portfolios for costs, lifecycle and agility. Helps transformation project planning with alignment to strategic objectives of an enterprise.

Features

• Single repository with reusable artefacts
• License-free publication to extended user population
• Software platform with functional modules (adopt only what you need)
• Seamless integration across functional areas - and with external systems
• Multiple publication formats (Word, Excel, PDF, HTML5)
• User-friendly assistants for modelling and diagramming
• Collaborative workflows with fine-grained access control
• Crowd-sourcing information for fact-based assessments
• Extensive library of reports and dashboards, easy to configure-customise
• Detailed comparative evaluation of business transformation scenarios

Benefits

• Clearly establish accurate transformation scenarios with strategic objectives
• Access reports and dashboards through multiple types of devices
• Make informed, fact-based decisions using data from various stake-holders
• Obtain holistic view of dependencies between business and IT objects
• Establish accurate risk and cost profiles for business transformation scenarios
• Combine business and IT agility with strong organisational governance
• Ensure alignment of organisational operating model with strategy and objectives
• Optimise business and IT performance and costs
• Incorporate business, IT, risk and compliance into a single model
• Improve speed and quality of executive decision-making

£349 to £465 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Framework

G-Cloud 12

Service ID

765176175904972

Contact

Lorne Clark
+ 44 1926 298 296
information.uk@mega.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: MEGA recommends clients take advantage of regular products updates and versions to be kept up-to-date and benefit from additional features as products evolve.
• System requirements:
  • HTML Browser (MS Edge, Mozilla Firefox, Google Chrome, Apple Safari)
  • JavaScript enabled
  • Cookies enabled
  • Web storage enabled
  • Screen resolution 1280x800
  • Download of files enabled
  • Popup blocker disabled

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The Severity of Incidents and requests qualifies the extent/ rapidity of the Service. No access – Security, log-in etc: 1 business hour Critical – client contacted within 4 business hours, then action plan in place Moderate - client contacted within 1 business day, then action plan in place Minor - client contacted within 2 business days, then action plan in place Please see the Service Level Agreement in the T&C especially for the Incident Severity & Response Time details. More information can be found in the SLA as well as the Service Description card attached to the G-Cloud 12 offering
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: We put in place a 1-2-1 chat through Skype or similar application that allows users and support team to interact through calls, messages and conferencing to test product, understand issues and provide general support around our tool. Skype, Go-To-Meeting, Microsoft Teams be used to demonstrate product specifications and help users to answer their questions. MEGA’s solutions allow zoom function which helps people with visual impairment to use the tool in a more efficient way
• Web chat accessibility testing: None
• Onsite support: Yes, at extra cost
• Support levels: The standard maintenance support that guarantees replies to service requests, updates and upgrades as well as fixes is included in the cost of the subscribed Cloud solution. With every Update documents are provided. For example:  Improvement: medium level new features implemented in the version.  Fixes: errors fixed in the version.  Known issues: identified errors remaining uncorrected in the version. Training, maintenance of the Client’s configurations, specific developments or customizations are not included in the standard Service.. Please see attached the SLA and Support Services documents for the detailed list of services included For specific configurations, customisations or extensions and integrations, our Professional Services with Business Consultants, Technical Consultants and Product Engineers may be suggested to be involved, For this additional level of support, the SFIA card outlines the daily rates applicable
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Mega use the following STRUCTURED and METHODIC approach for each project: 1. Kick-off Workshop 2. Gather and Formalise Requirements 3. Develop Methodology 4. Install Mega Modelling Solution 5. Train Users 6. Assist with Data Load 7. Perform Model Clinics 8. At Elbow Support A team of consultants, engineers and SME's will support the client all throughout the journey
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats:
  • Power Points
  • Excel templates for imports
  • Example reports
  • MEGA Community platform for clients and supplier forum
  • Blog and Knowledge Centre
• End-of-contract data extraction: Open standard exporting of Data can be provided at Contract end using tooling capability. It is typically personalized to clients, includes exports and data restore
• End-of-contract process: Most customers typically renew subscriptions of the service. For those deciding to leave, a personalised, planned approach is put in place that includes back-up, exports and data restore with clear written communication about the end-of-contract process

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile interface is designed for non frequent users. They mostly view repository contents, including diagrams, can enter simple data. They can create diagrams through a tabular entry mode but cannot edit graphically diagrams. Through the mobile interface, a user can collaborate, add review notes, contribute to workflows or answer questionnaires. Graphical User Interface (GUI) is simplified and tailored for mobile screens. It is not a dedicated application, but a web application running through a mobile browser on Android and IOS.
• Service interface: Yes
• Description of service interface: Mega proposes the internal customer portal where clients can submit & consult the requests and supports tickets This service is provided free of charge. Furthermore, the MEGA Community is a collaborative place where enterprise architecture enthusiasts confidently exchange experience, tips and best practices and influence the company's directions for success of their organization's digital transformation. It can be accessed through https://community.mega.com/
• Accessibility standards: None or don’t know
• Description of accessibility: HOPEX provides a web based graphical User Interface (UI). The UI is designed according to usability best practice and in order to guide the user. All the solutions present a similar UI with just the changes related to the user profile or functionality used. Data input is guided by web form presenting field with structured data or free text. All the fields provide an online help and type/coherence checks are executed against input data. Finally, HOPEX has the option to draw diagrams or produce automatic graphics according to the various methodologies provided by the functional solutions.
• Accessibility testing: None
• API: No
• Customisation available: Yes
• Description of customisation: With HOPEX Power Studio, advanced users can customize HOPEX products and develop a unique view tailored to the specifics of their organization.; ; KEY FEATURES; HOPEX Power Studio include capabilities to customize:; ; Metamodels and attributes; User interfaces: web desktops, diagrams, property pages, and wizards; Processes and workflows; Assessment campaigns and questionnaires; Advanced report customization; The product also offers advanced report customization features. HOPEX Power Studio users can create report templates that are reused by end-users on a daily basis. Report templates include custom layouts, custom charts, custom colors or fonts, conditional formatting of pictures, and definition of filters that can be changed by end users when displaying the report.; The product lets users create custom queries from the repository through the report dataset feature. Extracted data can then be displayed using multiple types of reports such as bar charts, pie charts, graphs, word cloud, tables and matrices. Data can also be exported to third party BI solutions through available export tools.; ; HOPEX Power Studio is a platform product.; ; For a successful outcome, MEGA recommends for all configurations and customisations to liaise with the Professional Services and follow the Project Structure basics

Scaling

• Independence of resources: MEGA provides SaaS services, relying on Microsoft Azure, managed and monitored by the Mega Cloud Services (MCS) team. All the customers’ platforms are fully Single-tenant.

Analytics

• Service usage metrics: Yes
• Metrics types: Mega Cloud Services provide monthly usage metrics upon request. In terms of the reporting, MEGA suggests a monthly call with the Hosting team to provide information on logins and platform usage, platform size and efficiency, review Service Requests and any urgent Requirements in progress
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: On the HOPEX Cloud platforms, all storages are encrypted with Microsoft Azure Storage Service Encryption (SSE) using 256-bit AES encryption.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Exporting of Data can be achieved using open standards for example CSV and SQL formats but also some more specific depending on solution and end-user needs
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • Xls
  • Xml
  • Xmg
  • Mgr
  • Mgl
  • Html
  • Export to other solutions through API/WebServices
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • Xls
  • Xml
  • Mgr (proprietary format)
  • Mgl (proprietary format)
  • Xmg
  • Import to other solutions through API/WebServices

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Customer's public IP address should be provided to MEGA and registered into the Mega Cloud Services (MCS)'s IP whitelisting in order to reach the services. All the customers’ platforms are fully Single-tenant (dedicated servers and VLAN).
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Only the Mega Cloud Services (MCS) team is authorized to reach customers’ platforms through a secured bastion host recording all cloud engineers’ actions (logs and video). Please refer to the attached documentation for details.

Availability and resilience

• Guaranteed availability: 99,4% GUARANTEED up-time, Maximum unscheduled outage duration: One Business Day on Development sandbox, One Business Day on Test sandbox, 3 Business Hours on Production platform Maximum monthly unscheduled outage on Development sandbox, One Business Day on Test sandbox4 Business Hours (*) on Production platform (*) As an example, this represents a Service Availability of more than 99.4% over a month. Scheduled maintenance will be subject to a 5-Business Days’ notice, unscheduled maintenance will be subject to a 1-Business Day notice (excluding security incidents). Please see the Service Level Agreement in the T&C especially for the Incident Severity & Response Time.
• Approach to resilience: HOPEX Cloud service is SOC 2 framework compliant. MEGA has chosen the following Microsoft datacenters to host its HOPEX Cloud Enterprise service for European customers:; Europe (United Kingdom) – SOC 2 Compliance:; o South UK (London); o West UK (Cardiff); or France – SOC 2 Compliance On going:; o France Central (Paris); o South France (Marseille); Please refer to the document "SOC2 Type2 2018 letter - Does not require NDA.pdf" that can be provided upon request (it is re-issue yearly by a 3rd party auditor)
• Outage reporting: Phone, email alert or through MEGA’s online support system. Please see the Service Level Agreement in the T&C for more details

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Only the Mega Cloud Services (MCS) team is authorised to reach customers’ platforms through a secured bastion host recording all cloud engineers’ actions (logs and video).
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: Yes
• Any other security certifications: MEGA has the SOC2 Type II certification

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: MEGA is SOC2 certified
• Information security policies and processes: SOC2 is a recognised certification widely used across Cloud / SaaS vendors. If required, customers will be able to ask us for it. There should be no need for reporting structure description as certification guarantees this (we comply with over 500 audited points)

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: MEGA implemented a Change Management Process to ensure the use of standardized methods and procedures to handle change promptly and efficiently, thus minimizing any adverse impact on service quality from change-related incidents. Changes on the HOPEX Cloud service include at least the following: • MEGA application release and patching; • Client subscription creation/removal; • Customer change requests according to service catalog.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: MEGA implemented an IS Vulnerability Management Process allowing to provide secure services to its customers. As part of the HOPEX Cloud service, in addition to a dedicated monitoring system and periodic scans allowing to detect potential new vulnerability (report sent to MCS Manager to plan remediation), who use system update services available through the Microsoft Azure portal to monitor Microsoft threats and vulnerabilities deploying associated updates mitigating the risk of potential exploitation and compromise. By default, security updates are deployed outside customers’ business hours.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The Mega Cloud Services (MCS) team continuously monitors customers’ HOPEX platforms availability though a dedicated monitoring system allowing to notify MCS administrators in the event of an anomaly (e.g. system overload, components malfunction or failure). Immediate customer notification in case of security incidents.
• Incident management type: Supplier-defined controls
• Incident management approach: In case of emergency (security/ functional incidents), Mega Cloud Services (MCS)team can be solicited by email, platform, phone to solve incidents related to the SaaS services. HOPEX Cloud customers can contact them to solve any incident on the platform. MCS leads incident resolution by defining a treatment plan and assigning the different tasks to the right departments. A dedicated patch can be designed and deployed on the customer’s Pre-Production platform (permanent or temporary HOPEX Cloud Workbench platform) before being deployed on the Production platform. HOPEX users can report and consult status of incidents through the MEGA community portal (http://community.mega.com/)

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £349 to £465 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Access to HOPEX demo solution can be provided free of charge and allows users to fully test the product
• Link to free trial: https://www.mega.com/en/request-trial

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF