Derive Logic Limited

IT Asset Management Tooling as a Service

Cloud ITAM and SAM tools (including Snow Software) provide organisations with visibility of their IT assets, enabling effective management of related entitlements, consumption and renewals. Tooling provides users with the intelligence (dashboards and reporting) that help them to optimise and transform estates, remaining compliant, optimised, agile and secure.


  • IT Asset Management (ITAM) for cloud
  • Software Asset Management (SAM) for cloud
  • Hardware Asset Management (HAM) integrating with cloud (e.g. IoT)
  • Entitlement & inventory data management
  • Asset and consumption/usage dashboards & reporting
  • Cost avoidance & cost savings
  • Licence compliance reporting and management - audit support
  • Hardware & software lifecycle management
  • Renewals management
  • Cloud Snow Software (SaaS)


  • Supports compliance and optimisation of physical and cloud assets
  • Consolidated visibility of hardware and software assets across an estate
  • Manages licensing and service renewals for assets in an estate
  • IT cost optimisation and avoidance, reduces overspend via reharvesting licenses
  • Entitlement & inventory management - SAM & ITAM
  • Improves IT governance - on-premise, cloud, outsourced & IoT
  • Software licensing utilisation and consumption of subscription based software
  • Reduces IT and business risks from non-compliant usage
  • Management information/intelligence (MI) enables effective budgeting
  • Supports effective IT governance through process and policy enforcement


£1.16 to £3.51 per device per month

  • Education pricing available

Service documents


G-Cloud 11

Service ID

8 0 2 0 3 2 4 0 1 6 7 5 5 3 8


Derive Logic Limited

Christopher Lewis

01285 719 820

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
Depending on the technology platform chosen, some platforms have technology constraints on functionality that is based on system integration.

Any compliance or optimisation analysis of the existing software estate is outside of the scope of this service.

Our Support Desk operates in office hours 9-5.30pm Monday to Friday, excluding Bank Holidays.
System requirements
  • Tooling clients/applications may need downloading and installing
  • Port 443 accessible
  • Firewall/proxy configured to allow data communication with chosen platform
  • Proxy details supplied (if required in agent configuration)
  • Credentials for 3rd party data sources (e.g. AD, vCenter)
  • Users need to have internet access

User support

Email or online ticketing support
Yes, at extra cost
Support response times
First response or acknowledgement one working day. In this response we provide ticket details and priority, we also provide details of expected timeline for resolution based on SLAs agreed with buyers. Our support deck operates 9am to 5.30pm (UK time), Monday to Friday excluding bank holidays.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Onsite support
Support levels
Our Service Desk Analysts act as a single point of contact and aim to resolve issues and queries on the first call. Should that not be possible we have a clear escalation path to Level 2 and 3 resources to ensure rapid resolution, via escalation to the appropriate Consultant or Architect as required.

Level1: Service Desk – Single Point of Contact (SPoC), call/ticket logging and reporting, support and advice with goal of first call resolution.

Level2: Licensing & Tooling Consultant – skilled in cloud licensing and compliance, covering specified vendors or software publishers and ITAM Tooling.

Level3: Senior Consultant or Architect - extensive experience and skills in SAM & ITAM transformation including cloud licensing, optimisation & data architecture.

If the client issue cannot be resolved remotely via telephone or web conference, we can provide on-site user support provided by our technical experts and consultants as defined by individual client contracts agreed with buyers on the framework. Pricing for on-site support will be dependant upon SLA and defined number and frequency of visits, to be defined and agreed with buyer at time of order.
Support available to third parties

Onboarding and offboarding

Getting started
During onboarding a plan is generated to cover the scope of the service, data requirements and service milestones, as well as a RACI (responsible, accountable, consulted and informed) matrix for key service stakeholders. The service will also be allocated a Derive Logic Engagement Manager, who will coordinate and manage the service onboarding and delivery.

An initial kick-off workshop will then take place with key stakeholders and users, our team will produce and follow a detailed project plan covering system set-up, configuration and integration. Once the system is implemented we will on-board in-scope vendors and test this data, as well as system dashboards and reports for completeness and accuracy. At every stage our Engagement Manager will regularly up-date project owners and stakeholders on project progress, milestones and requirements.
Service documentation
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Word (as required)
  • Excel (as required)
  • Powerpoint (as required)
End-of-contract data extraction
Derive Logic will provide encrypted data extracts within 60 days as part of the decommissioning process, users will have a limited capability to extract data depending on the platform chosen and the users permissions.
End-of-contract process
At the end of the contracted period the client's users of the system will delete any software clients off their devices. Derive Logic will then extract all asset related data (as requested) from the system in question and return an encrypted copy of the data to the buyer or an appointed owner. Once this has been actioned successfully Derive logic will ensure that the system and related data held is deleted/destroyed within 60 days of contract termination date or a date to be agreed with the buyer.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Compatible operating systems
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices
Service interface
What users can and can't do using the API
This will depend on the technology platform chosen (e.g. APIs can be used to enable integration/connection to third party applications that connectors have been built for).
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
User can customise dashboards and reports as required, advanced customisation of the system may required Derive Logic support.


Independence of resources
UKFast our Data Centre partner provides us with monitoring alerts and autoScale of resources.


Service usage metrics
Metrics types
Clients can request service metrics by raising a ticket with our support desk, this will be dependant upon tool chosen and can be defined and agreed during scoping.
Reporting types
Reports on request


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Snow Software (others on request)

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users with permissions can run reports in the web interface and export limited datasets, wider ranging exports of data can be requested by raising a ticket with our support desk if required.
Data export formats
  • CSV
  • Other
Other data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
As a cloud service it is available continuously, unless agreed out of hours maintenance or up-grade work has scheduled, in which case the client will have been notified in advance by email. Our service is hosted in the UK in a UKFast data centre, UKFast quote 100% network service availability on their website (as at time of writing this submission). Our hours of operation are Monday to Friday 9.00am to 5.30pm, should an issue occur clients can contact our Support Desk during this time. No service credits will be issued for scheduled downtime, or any service interruption in business hours less than 2 hours.
Approach to resilience
Available upon request.
Outage reporting
Derive Logic will provide users/administrators with email alerts on outages or issues should they occur as quickly as possible. These will also be issued for any scheduled maintenance and up-grade work in advance.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
No client access to management interfaces in our standard service.
Access restriction testing frequency
Less than once a year
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Derive Logic take security extremely seriously when providing its services to both the private and public sectors. We hold the Cyber Essentials accreditation and maintain an active and documented information security programme which is owned at board level, our security is regularly audited and tested by a 3rd party that inspects physical and data security. Buyers can request details of our security governance and policies.
Information security policies and processes
Our security policies and processes are defined and documented, these are regularly audited and reviewed to ensure they are up to date and robust. Details upon request.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All requests for change (RFCs) are assessed for security and commercial impact prior to initiating. Once the change has been agreed and delivered, the schedule agreement is up-dated accordingly and it is logged within the workbook specific to the service. This workbook is maintained throughout the life of the service.
Vulnerability management type
Vulnerability management approach
The main objective of derive logic’s vulnerability management process is to detect and remediate vulnerabilities in a proactive and timely fashion. There are three ways Derive Logic manage vulnerabilities:

1. Periodic vulnerability scans.
2. Hosting partner notifications of infrastructure vulnerabilities.
3. Vulnerability alerts based on solution software components received from various security update services.
4.We are also a member of the Cyber Security Information Sharing Partnership (CiSP

Where vulnerabilities are detected where there could be any customer impact, the customer is notified as quickly as possible with the service potentially suspended until the vulnerability has been patched or remediated.
Protective monitoring type
Protective monitoring approach
Available to buyers on request.
Incident management type
Incident management approach
Our incident management processes for common events are defined in our IT policies master document, the purpose of this policy is to minimise the impact caused by information security incidents and malfunctions on information systems operated by or on behalf of Derive Logic. Our Policy Master document is regularly reviewed as part of our governance procedures. Users report incidents relating to our services via our support desk which is open 9am to 5.30pm Monday to Friday.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£1.16 to £3.51 per device per month
Discount for educational organisations
Free trial available

Service documents

Return to top ↑