Haplo Higher Education Research Management Suite
Haplo provides a research management system to universities and research institutes. Haplo is a modular product. PhD Manager supports Graduate School / Doctoral College / Postgraduate Researcher management. Ethics Monitor streamlines Research Ethics applications. Funding supports pre-award, post-award, and costing. Repository includes research impact, researcher web profiles, REF.
- Doctoral College / Graduate School / Postgraduate Research Management
- Research Ethics Approval Form and Workflow
- Pre-award Funding Management and Post-award Funded Project Approval Workflow
- Research Costing Tool
- Academic Profiles
- Integration with Institutional Infrastructure
- Research Excellence Framework management
- Customisable Workflow
- Single integrated portal for all research activity
- High levels of user engagement
- Strong audit trail of review and approval
- Public showcase of research activity
- Modular implementation allows selection of required features
- Highly configurable to enable precise fit to the institution
- Integration with existing systems for data feeds and authentication
£35000 per instance per year
9 0 0 4 4 6 9 8 3 6 5 5 3 9 3
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|System requirements||Haplo can be accessed via any web enabled device.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
During core working hour:
* Critical issues are responded to within 1 hour (fix: continuous effort)
* High within 2 hours (fix: 1 business day)
* Medium within 4 hours (fix: 4 business days)
* Low within 6 hours (fix: by agreement.)
During non-core working hours:
* Critical issues are responded to within 2 hours (fix: continuous effort)
* High within 2 core service hours (fix: 1 business day)
* Medium within 4 core service hours (fix: 4 business days)
* Low within 6 core service hours (fix: by agreement.)
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
|Support levels||We provide two support levels. Our standard support provides for 99.5% uptime. An enhanced support for 99.9% uptime is available.|
|Support available to third parties||No|
Onboarding and offboarding
Haplo products are configured for each client and integrated with institutional systems. The Haplo team work closely with each client to implement their Haplo solution.
1) Requirements gathering and specification process. Requirements information is shared via a secure online project room and reviewed at an on-site workshop with key stakeholders from the institution and the Haplo team.
2) Configuration and integration. Haplo is configured to reflect institutional terminology, organisational structure, regulations and processes. Haplo is integrated with institutional identity management and authentication systems, Student Record Systems (if using PhD Manager) and/or HR system and other institutional systems as required.
3) Testing and revision cycles. Haplo attend for a 0.5 day on-site training for key users prior to testing.
4) Deployment. Haplo work with IT colleagues to set up DNS, SSL certificate, identity management, SMTP relaying; ensuring data feeds are live and working as required; and assist with one-off data imports if required.
5) Training and user documentation. Training system is provided matching the institution's preferred configurations with suitably anonymised data.
|End-of-contract data extraction||
At the end of the contract, data is returned to the user as:
* An 'archive' of all data in a form that can be loaded into the open source version of the Haplo platform, available from haplo.org
* An export of all data in JSON format.
* Copies of all the files uploaded to the application.
|End-of-contract process||£250 per 50GB or part thereof for the export process, which includes the cost of storage devices. The user is responsible for secure courier fees.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||The user interface provides the same functionality on mobile and desktop. Mobile has small affordances to ensure a good user experience on touch devices.|
|Description of service interface||A web based interface which enables users to find information about research, submit applications, approve other applications, submit research outputs, and collaborate with other users. Privileged users have access to configuration and service management functionality.|
|Accessibility standards||WCAG 2.1 AA or EN 301 549|
|Accessibility testing||Use of accessibility evaluation tools to ensure compatibility with assistive technology.|
|What users can and can't do using the API||
REST style APIs are provided to:
- Add or change data in the system
- Receive messages about changes and events
- Access reporting information
Batch file APIs are provided to:
- Manage users and their profiles as an automated feed
- Import information
Initial creation of an application instance is not available through an API.
|API documentation formats||HTML|
|API sandbox or test environment||Yes|
|Description of customisation||
Haplo is tailored to meet the requirements of each institution. The following elements are configurable:
* organisational structure
* data received and data held about each researcher
* which workflows are included and custom workflows
* text of online forms and approval routing workflows
* business logic and business rules
* authentication methods
* public repository interface (entirely customisable to match the existing university website.)
Customisation is generally performed by Haplo, working closing with the institution, but training is available for the institution's developers to make customisations.
|Independence of resources||Each application instance has a resource limit which ensures that an application cannot apply a load which would affect other instances. When an application reaches the limit, requests are still serviced without error, but at a slower rate.|
|Service usage metrics||Yes|
|Metrics types||Metrics are available on system usage, users and storage.|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||
Bulk export of data can be undertaken via an API.
End users (with appropriate permissions) can use the standard user interface to export data to excel (such as reports) or PDF (such as completed application forms.)
An archive process is available to export all data in a computer readable format at extra cost.
|Data export formats||Other|
|Other data export formats||
|Data import formats||Other|
|Other data import formats||
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||
|Other protection within supplier network||
SSH with mutual authentication is used to transfer data.
Data is always encrypted in transit, even on the local private network.
Availability and resilience
|Guaranteed availability||We offer a 99.5% SLA (not including planned maintenance). Refunds are offered on a sliding scale as a % of monthly charges.|
|Approach to resilience||Available on request.|
|Outage reporting||Outages are reported by email alerts to subscribing users.|
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||Users accounts are automatically configured by a user feed. Users then may be authenticated by Shibboleth (UK Access Management Federation), the user's AD FS or other SAML2 federated identify management. Users external to the institution may be authenticated by username and password if required by institution policy. Legacy LDAPS support is available.|
|Access restrictions in management interfaces and support channels||Users must be granted membership of privileged user groups before they can access management interfaces and our support services.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||Between 1 month and 6 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Lloyd's Register Quality Assurance Limited|
|ISO/IEC 27001 accreditation date||21/5/2018|
|What the ISO/IEC 27001 doesn’t cover||Our ISO27001 certification covers the entire service.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
Haplo follows a no-compromise approach to information security as detailed in our Information Security Policy.
The Technical Director has primary responsibility for information security.
The Systems Administration Team is responsible for the day-to-day safety and security of the hosted platform and the information it contains.
The Haplo team are trained to follow our information security processes during induction and during regular staff training and security updates.
The Senior Management team meet regularly to review company information security practices.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
All infrastructure and platform software is managed inside source control, with the source control version ID used to track changes through their lifetime.
To release any change, an authorised user must create and cryptographically sign a package to deploy it into production.
The customised applications running on top of the infrastructure and platform are independently versions, and Haplo works with the user's change control process to deploy changes.
A formal code review process assesses all changes for potential security impact.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Processes within our ISO27001 ISMS assess potential threats to our services.
Information about potential threats is obtained by subscribing to supplier's security notifications or monitoring dependency updates. Security issues are evaluated, and then applied within 24 hours after testing after running a full test suite. An emergency process can be used to patch more quickly if the vulnerability requires faster action.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Full auditing is enabled on all servers, recording all command and access. Logs are shipped to an independent server with separate access controls on a remote network, and analysed for anomalies.
Potential compromises are investigated by preserving all logs and data, then analysing potentially affected systems. Response is immediate to any incident.
|Incident management type||Supplier-defined controls|
|Incident management approach||
Haplo's Incident Management Policy details pre-defined processes for how we respond to incidents. Haplo classifies issues relevant to Information Security in 3 categories with different pre-defined processes for each category, reflecting different levels of security implications.
Users should report incidents to our Support Helpdesk either by ticket or telephone. Incidents will also be reported by automatic monitoring systems. Clients are kept informed regularly during the resolution of an incident.
Upon resolution, Haplo generates a report of the causes of the incident, the scope of the breach, and the actions taken, which is shared with the client.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£35000 per instance per year|
|Discount for educational organisations||No|
|Free trial available||No|