Softcat Limited

Ivanti Service Management

Ivanti Service Management is a robust, highly flexible IT and Enterprise Service Management application, built on best practices that helps customers meet the dynamic needs of a growing business and achieve the highest level of service quality, delivery, and performance.

Features

  • ITIL Service Management Solution
  • SAAS (also Hybrid or Private Cloud)
  • Market leading Service Catalog and role driven Self Service
  • Over 80 prebuilt service templates for IT, Facilities and HR.
  • Configuration Management and Service Level Management
  • Request, Incident, Problem and Change Management
  • Graphical workflow supporting multi threaded automations
  • Voice Integration
  • Browser based administration
  • Xtraction Reporting for business insights

Benefits

  • High availability SaaS Based service management solution
  • Software as a Service
  • ITIL based Service Catalogue
  • Integration with IT Operations toolsets
  • Provides end-user portal for self service request management
  • Enterprise class manageable Service Management solution.
  • Robust automation and integration with business applications

Pricing

£297 per user per year

Service documents

G-Cloud 9

916467728519945

Softcat Limited

Charles Harrison

01612725766

psitq@softcat.com

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Ivanti Service Manager is a complete ITIL based Service Management solution that integrates with Ivanti IT Asset Manager, Ivanti Secure Configuration Management, Ivanti Environment Manager powered by Appsense, Ivanti Unified end-point Management (LANDESK Management Suite), Shavlik Protect and Patch
Cloud deployment model Public cloud
Service constraints Upgrades are performed automatically by Ivanti Software where you will have access to upgraded functionality. Upgrades as part of the new version will not affect any configuration changes done within your environment and you will have the option of turning on or keeping the product enhancement features off as part of the new release. Versions are in-line with Year and bi-annual upgrades, one in the spring and the latter in Autumn time period. Communication is issued well in advance by email and issued on user login to the Ivanti platform of any major release as part of the standard agreement.
System requirements
  • Ivanti Service Manager is delivered over the internet
  • Ivanti Service Manager is browser based

User support

User support
Email or online ticketing support Email or online ticketing
Support response times See support terms - https://www.ivanti.co.uk/en-GB/company/legal/support-terms
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AAA
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard WCAG 2.0 AA or EN 301 549 9: Web
Web chat accessibility testing Ivanti Community - https://community.ivanti.com/welcome
Onsite support Yes, at extra cost
Support levels See Suport Terms - https://www.ivanti.co.uk/en-GB/company/legal/support-terms See Technical Resource Manager (TRM) terms within support terms above Cloud Care Team forms part of Support.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Training is provided on site: Service Management Fundamentals (2 days) Service Management Administration (3 days) User documentation is available via online Help
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Database is provided to the customer
End-of-contract process At the end of the contract the customer is given a full back up of the sql database containing their data. Once the customer has confirmed receipt of data and successful restore then all data is removed from our system.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service No functional differences, apart from mobile interfaces can be configured suitably for tablet and smartphone interfaces.
Accessibility standards WCAG 2.0 AAA
Accessibility testing Use of tools such as JAWS have been tested for use with browser form UI. Labels and field content have been positively tested for speech output and. Escalated Tickets can be configured with alternating/flash icons to draw attention.
API Yes
What users can and can't do using the API The Service Manager API can be adopted to CREATE/UPDATE and DELETE tickets (Incidents/Requests/Problem etc.). Actions can also be called to automate activity/instruction such as issuing emails or updates. The API can obtain information out of Service Manager into third party solutions such as to feed web sites of User/Ticket History/Asset details.
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Ivanti Service Manager provide a codeless development platform. New Business Objects(Tables), Forms, Fields, Reports and automated actions can be configured. All configurations are supported. Configurations can be recorded onto packages and exported/Imported from Development to Test to Production environments to mitigate risk of manual development steps. Service Manager utilises a Role based access model. Templates, Quick actions(automations) and dashboard development can be carried out by "Super users" whilst Administrators are able to reconfigure business objects and/or create new objects.

Scaling

Scaling
Independence of resources The Multi-tenant solution is scaled based on the workflow subjected by each tenant, SQL DB's are unique to each client and not shared. Services are established to automatically deploy additional Virtual Servers in the event of an increase of requirements.

Analytics

Analytics
Service usage metrics Yes
Metrics types Availability Statistics, i.e. % availability per month
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Reseller (no extras)
Organisation whose services are being resold Ivanti

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Using built in data export quick links or wizards
Data export formats
  • CSV
  • Other
Other data export formats
  • Pdf
  • WORD
  • EXCEL
  • HTM
  • TXT
  • PNG
Data import formats
  • CSV
  • Other
Other data import formats
  • EXCEL
  • XML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability SLA and remedies are Contract specific
Approach to resilience AWS provides customers the flexibility to place instances and store data within multiple geographic regions as well as across multiple Availability Zones within each region. Each Availability Zone is designed as an independent failure zone. In case of failure, automated processes move customer data traffic away from the affected area. AWS SOC 1 Type II report provides further details. ISO 27001 standard Annex A, domain 11. 2 provides additional details. AWS has been validated and certified by an independent auditor to confirm alignment with ISO 27001 certification.
Outage reporting AWS does not require systems to be brought offline to perform regular maintenance and system patching. AWS's own maintenance and system patching generally do not impact customers.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Access is restricted by Roles and Groups within the solution to ensure only those authorised can access the system via management interfaces and support channels
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)

Audit information for users

Audit information for users
Access to user activity audit information You control when users can access audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 EY Certify Point
ISO/IEC 27001 accreditation date 11/11/2016
What the ISO/IEC 27001 doesn’t cover None
ISO 28000:2007 certification Yes
Who accredited the ISO 28000:2007 EY Certify Point
ISO 28000:2007 accreditation date 11/11/2016
What the ISO 28000:2007 doesn’t cover None
CSA STAR certification Yes
CSA STAR accreditation date TBA
CSA STAR certification level Level 2: CSA STAR Attestation
What the CSA STAR doesn’t cover None
PCI certification Yes
Who accredited the PCI DSS certification CoalFire Systems, Inc.
PCI DSS accreditation date 2010 and July 2016
What the PCI DSS doesn’t cover Amazon Web Services (AWS) is a Cloud Service Provider (CSP) that does not directly store, transmit or process any customer cardholder data (CHD). However, AWS customers may create their own card data environment (CDE) that can store, transmit or process cardholder data using AWS products.
Other security accreditations Yes
Any other security accreditations
  • AWS PCI DSS 3.2 Attestation of Compliance (AOC)
  • AWS 2016 PCI DSS 3.2 Responsibility Summary

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
Information security policies and processes Control Objectives for Information and related Technology (COBIT) framework and have effectively integrated the ISO 27001 certifiable framework based on ISO 27002 controls, American Institute of Certified Public Accountants (AICPA) Trust Services Principles, the PCI DSS v2.0, and the National Institute of Standards and Technology (NIST) Publication 800-53 Rev 3 (Recommended Security Controls for Federal Information Systems).

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach In alignment with ISO 27001 standards, AWS Hardware assets are assigned an owner, tracked and monitored by the AWS personnel with AWS proprietary inventory management tools. AWS procurement and supply chain team maintain relationships with all AWS suppliers. Refer to ISO 27001 standards; Annex A, domain 7.1 for additional details. AWS has been validated and certified by an independent auditor to confirm alignment with ISO 27001 certification standard.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach AWS patches systems supporting the delivery of service to customers, such as the hypervisor and networking services. This is done as required per AWS policy and in accordance with ISO 27001, NIST, and PCI requirements. AWS Security regularly scans all Internet facing service endpoint IP addresses for vulnerabilities (these scans do not include customer instances). AWS Security notifies the appropriate parties to remediate any identified vulnerabilities. In addition, external vulnerability threat assessments are performed regularly by independent security firms. Findings and recommendations resulting from these assessments are categorized and delivered to AWS leadership.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach AWS's program, processes and procedures to managing antivirus / malicious software is in alignment with ISO 27001 standards. Refer to AWS SOC 1 Type II report provides further details. In addition, refer to ISO 27001 standard, Annex A, domain 10.4 for additional details. AWS has been validated and certified by an independent auditor to confirm alignment with ISO 27001 certification standard.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach AWS's incident response program, plans and procedures have been developed in alignment with ISO 27001 standard. The AWS SOC 1 Type II report provides details on the specific control activities executed by AWS.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £297 per user per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial 30 day free trail of the out of the box system covering all solution bundles.
Link to free trial Available upon request

Documents

Documents
Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑