Novabase

Monitoring and Evaluation Platform

Solution that enables the management, collection and analysis of data to monitor the performance of programs and projects. The solution allows the creation of a customized data context, data collection forms, and avanced visualizations to respond to each business context, supported by advanced features delivered out-of-the-box.

Features

  • Management and configuration of the system metadata
  • Users can enter data intuitively through configurable data forms
  • Users can perform queries, visualize results on real-time dashboards/charts/reports/map
  • Users can easily drill down and apply filters to slice&dice
  • Integration with operational data sources through secure APIs
  • Analytics (including ad-hoc & data discovery)
  • Information consolidation & standardisation
  • Multi-platform, multi-interface compatible

Benefits

  • Centralised data supporting and simplifying all management processes
  • Clear and faster processes, with wider engagement
  • Efficiency gains based on comprehensive, high quality, and timely information
  • Enabling an easier reporting to third parties
  • Time spent on value-added activities (information analysis, discussions, and actions)
  • Possibility of defining different KPIs and thresholds for different Departments/Entities
  • User-focused design for different backgrounds and skills
  • Avoidance of traditional implementation projects, highly reducing risk and uncertainty

Pricing

£45 to £180 per user per month

  • Free trial available

Service documents

G-Cloud 10

807883805423467

Novabase

Ricardo Goncalves

07776697179

ricardo.jorge.goncalves@novabase.co.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints No
System requirements Web browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Time for first response: 2 to 12 hours (depending on priority)
Time for first resolution: 6 to 48 hours (depending on incident priority and complexity)

All requests logged on weekends and holiday are responded next business day, according to above SLAs.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels By licensing the solution, the client has access to a service account manager and to the 1st level of support that covers email Helpdesk, Service operation that includes support from our technical team, for fulfilling user requests, resolving service failures (includind cloud support), fixing problems, as well as carrying out routine operational tasks, governed by the service SLA, and also to continual service improvement to continually improve the effectiveness and efficiency of the solution, the service and the processes.

The Client can add a 2nd level of support that includes on-site technical support and trainning/change management via the Service Support that is also included in the G-Cloud 10
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started With the software licensing, the Buyer gains access to all System documentation. Also, the system has been designed to be easily used/understood by all possible functional profiles.

Additionally, there is a complementary service (registered on Cloud Support - Lot 3) which allows the Buyer to have access to additional services such as training, functional support, etc.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction With the end of the contract, a full data backup is provided to the Client. Any existing copies are then deleted from the system.
End-of-contract process According to G-Cloud 10's terms and conditions, the service includes support for transition/handover activities including backups, technical support coordination and helpdesk. All components and operational services are suspended at the end of the contract.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service All components are supported by technology and interfaces which have been designed and adapted for desktop, tablet and mobile usage.
Accessibility standards None or don’t know
Description of accessibility N/A
Accessibility testing N/A
API No
Customisation available Yes
Description of customisation The solution is deployed with the base installation and afterwards it can be costumized using the Supporting Services present in G-Cloud or autonomously by the IT Department of the Buyer.

The solution Administrator/Designer can configure all information models, create/alter data Forms or create/change data visualizations.

Scaling

Scaling
Independence of resources Each service instance is independent and includes the provisioning of its supporting cloud infrastructure using Microsoft Azure, that enables scalability by using scale up or scale out strategies.

Analytics

Analytics
Service usage metrics Yes
Metrics types Metrics collected in the platform (non exhaustive): Number of Users; Number of Sessions; Page Views; Pages per Session; Avg Session Time; Number of new Sessions;
Reporting types
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach The software allows users to export data in XLS or CSV using out of the box features.
Data export formats CSV
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • XLS

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks IPsec or TLS VPN gateway
Data protection within supplier network Other
Other protection within supplier network Microsoft Azure's Virtual Private Networks and Network Security Groups

Availability and resilience

Availability and resilience
Guaranteed availability The defined SL for availability is greater or equal than 99,9% (service based on Microsoft Azure). Users would be refunded on following invoices, based on progressive discounts. The refund is calculated based on a formula which includes metrics regarding service management delivery times, number of reopening requests, number of incidents and availability rates.
Approach to resilience Our service's resilience is based on Microsoft Azure backup infrastructure policies and capabilities. Redundancy is ensured regionally (West and South UK Microsoft data centres), with daily backups of application components and databases.
Outage reporting Email alerts are sent to clients informing of any outages, with regular updates providing information about work in progress and estimations on service restore. A public dashboard is also made available by Microsoft providing information about Azure's status (data centre health, status history, and detailed report).

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Operational Support teams have a specific set of credentials that are regularly updated due to domain policies. All management interfaces are accessed through Azure RDP endpoints and Azure Management Portal, by authorized team members.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for Between 6 months and 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 6 months and 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security No
Security governance certified Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
Information security policies and processes Data classification is discussed with the Buyer and is managed accordingly. Access to Monitoring and Evaluation Platform and all its information is only allowed to Employees who have a legitimate need, namely to perform maintenance or support services. All these Employees are part of the team responsible for Monitoring and Evaluation Platform's service management, and they are bounded by written agreement and professional confidentiality obligation. Any breaches are reported to the Service Manager and the Account Manager to be followed/resolved and communicated/discussed with the Buyer.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach The change management process aims to ensure a centralised treatment of all changes being made to Monitoring and Evaluation Platform following a standard process of control and approval. It is to ensure a full alignment with the requirements, looking to minimise impacts on quality and incidents related to unauthorised changes and configurations. Following ITIL principles, requests are addressed through the established channels, where they are classified according to their nature, namely resulting from changes in business processes, incidents, problems, etc. Requests' lifecycle is tracked end-to-end ensuring resolution and feedback. All changes are fully analysed from business, technical and security perspectives.
Vulnerability management type Supplier-defined controls
Vulnerability management approach System Vulnerability is addressed by: monitoring/auditing system regularly and inspecting cloud infrastructure performance; defining event response on security breaches and reporting; ensuring security settings remain effective over time by detecting/correcting vulnerabilities at communications, application and database levels; providing training on security according to team members responsibility levels and scope of action; deployment of patches or implementation of other measures according to how critical they are; configuration and change management processes applied to security baselines; business continuity and disaster recovery strategies subject to regular testing; management policies ensuring that only appropriate people have access to the software and its resources.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Monitoring based on event/alarms to follow-up on availability, performance and capacity of cloud infrastructure. Monitoring KPIs to evaluate compliance with agreed service levels and ensure a proactive intervention whenever required. Definition of guidelines for risk analysis and operations processes for an efficient resolution of incidents and problems.Tests scheduling to assess system fault tolerance/resilience. Implementation of continuous cloud infrastructure management strategies to respond to evolving business needs. Implementation of security policies/processes to prevent risk, including collecting and analysing security data to identify potential security risks which could compromise availability. Implement storage management strategies. Backup configuration, according to pre-set data management policies.
Incident management type Supplier-defined controls
Incident management approach Incident management processes aim to restore the normal operation of the service as fast as possible, avoiding disruption to users. It allows to identify common incidents which can be immediately resolved without further delay, pushing other incidents to a standard incident lifecycle management – registry, screening, classification, verification, scheduling and closing. Incidents may be reported through the platform and/or the Help Desk, or be detected in the context of change, availability, configuration and/or security management processes where may have caused interruption or reduction of the quality of the service. Feedback is provided to Users throughout the incident’s lifecycle management.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £45 to £180 per user per month
Discount for educational organisations No
Free trial available Yes
Description of free trial PEM's free trial allows exploration of analysis from a pre-set database. In some dashboards, data can be edited in order to visualize the response time from the platform, but will not be saved after closing the platform. The free trial version implies a user-specific login valid for one month.

Documents

Documents
Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑