MEGA INTERNATIONAL LIMITED

HOPEX Cloud Application Inventory and Rationalisation (ITPM)

HOPEX Cloud IT Portfolio Management allows IT departments to
inventory their IT assets, develop transformation plans through
a comprehensive assessment of their assets, while reducing
complexity and costs. It also allows optional integration with third party vendors products - CAST and BDNA (through direct importer)

Features

  • Single repository with reusable artefacts
  • License-free publication to extended user population
  • Software platform with functional modules (adopt only what you need)
  • Seamless integration across functional areas - and with external systems
  • Multiple publication formats (Word, Excel, PDF, HTML5)
  • User-friendly assistants for modelling and diagramming
  • Collaborative workflows with fine-grained access control
  • Crowd-sourcing information for fact-based assessments
  • Extensive library of reports and dashboards, easy to configure-customise
  • Detailed comparative evaluation of business transformation scenarios

Benefits

  • Clearly establish accurate risk and cost profiles for transformation scenarios
  • Access reports and dashboards through any device, anywhere
  • Make informed, fact-based decisions using accurate crowd-sourced data
  • Obtain holistic view of dependencies between all organisational artefacts
  • Clearly establish accurate risk and cost profiles for transformation scenarios
  • Combine business and IT agility with strong organisational governance
  • Ensure alignment of organisational operating model with strategy and objectives
  • Optimise business and IT performance and costs
  • Incorporate business, IT, risk and compliance into a single model
  • Improve speed and quality of executive decision-making

Pricing

£358 to £528 per user per month

Service documents

Framework

G-Cloud 11

Service ID

9 2 8 3 8 4 8 9 1 6 2 9 7 4 3

Contact

MEGA INTERNATIONAL LIMITED

Lorne Clark

+ 44 1926 298 296

information.uk@mega.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
N/a
System requirements
  • HTML Browser (MS Edge, Mozilla Firefox, Google Chrome, Apple Safari)
  • JavaScript enabled
  • Cookies enabled
  • Web storage enabled
  • Screen resolution 1280x800
  • Download of files enabled
  • Popup blocker disabled

User support

Email or online ticketing support
Email or online ticketing
Support response times
The Severity of Incidents and requests qualifies the extent/ rapidity of the Service. No access – Security, log-in etc: 1 business hour Critical – client contacted within 4 business hours, then action plan in place Moderate - client contacted within 1 business day, then action plan in place Minor - client contacted within 2 business days, then action plan in place Please see the Service Level Agreement in the T&C especially for the Incident Severity & Response Time details. More information can be found in the SLA as well as the Service Description card attached to the G-Cloud 11 offering
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
We put in place a 1-2-1 chat through Skype or similar application that allows users and support team to interact through calls, messages and conferencing to test product, understand issues and provide general support around our tool. Skype, Go-To-Meeting, Microsoft Teams be used to demonstrate product specifications and help users to answer their questions. MEGA’s solutions allow zoom function which helps people with visual impairment to use the tool in a more efficient way
Web chat accessibility testing
None
Onsite support
Yes, at extra cost
Support levels
The standard maintenance support that guarantees replies to service requests, updates and upgrades as well as fixes is included in the cost of the subscribed Cloud solution. With every Update documents are provided. For example:  Improvement: medium level new features implemented in the version.  Fixes: errors fixed in the version.  Known issues: identified errors remaining uncorrected in the version. Training, maintenance of the Client’s configurations, specific developments or customizations are not included in the standard Service.. Please see attached the SLA and Support Services documents for the detailed list of services included For specific configurations, customisations or extensions and integrations, our Professional Services with Business Consultants, Technical Consultants and Product Engineers may be suggested to be involved, For this additional level of support, the SFIA card outlines the daily rates applicable
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Mega use the following STRUCTURED and METHODIC approach for each project: 1. Kick-off Workshop 2. Gather and Formalise Requirements 3. Develop Methodology 4. Install Mega Modelling Solution 5. Train Users 6. Assist with Data Load 7. Perform Model Clinics 8. At Elbow Support A team of consultants, engineers and SME's will support the client all throughout the journey
Service documentation
Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
  • Power Points
  • Excel templates for imports
  • Example reports
  • MEGA Community platform for clients and supplier forum
  • Blog and Knowledge Centre
End-of-contract data extraction
Open standard exporting of Data can be provided at Contract end using tooling capability. It is typically personalized to clients, includes exports and data restore
End-of-contract process
Most customers typically renew subscriptions of the service. For those deciding to leave, a personalised, planned approach is put in place that includes back-up, exports and data restore with clear written communication about the end-of-contract process

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Mobile interface is designed for non frequent users. They mostly view repository contents, including diagrams, can enter simple data. They can create diagrams through a tabular entry mode but cannot edit graphically diagrams. Through the mobile interface, a user can collaborate, add review notes, contribute to workflows or answer questionnaires. Graphical User Interface (GUI) is simplified and tailored for mobile screens. It is not a dedicated application, but a web application running through a mobile browser on Android and IOS.
Service interface
Yes
Description of service interface
Mega proposes the internal customer portal where clients can submit & consult the requests and supports tickets This service is provided free of charge. Furthermore, the MEGA Community is a collaborative place where enterprise architecture enthusiasts confidently exchange experience, tips and best practices and influence the company's directions for success of their organization's digital transformation. It can be accessed through https://community.mega.com/
Accessibility standards
None or don’t know
Description of accessibility
HOPEX provides a web based graphical User Interface (UI). The UI is designed according to usability best practice and in order to guide the user. All the solutions present a similar UI with just the changes related to the user profile or functionality used. Data input is guided by web form presenting field with structured data or free text. All the fields provide an online help and type/coherence checks are executed against input data. Finally, HOPEX has the option to draw diagrams or produce automatic graphics according to the various methodologies provided by the functional solutions.
Accessibility testing
None
API
No
Customisation available
Yes
Description of customisation
With HOPEX Power Studio, advanced users can customize HOPEX products and develop a unique view tailored to the specifics of their organization.

KEY FEATURES
HOPEX Power Studio include capabilities to customize:

Metamodels and attributes
User interfaces: web desktops, diagrams, property pages, and wizards
Processes and workflows
Assessment campaigns and questionnaires
Advanced report customization
The product also offers advanced report customization features. HOPEX Power Studio users can create report templates that are reused by end-users on a daily basis. Report templates include custom layouts, custom charts, custom colors or fonts, conditional formatting of pictures, and definition of filters that can be changed by end users when displaying the report.
The product lets users create custom queries from the repository through the report dataset feature. Extracted data can then be displayed using multiple types of reports such as bar charts, pie charts, graphs, word cloud, tables and matrices. Data can also be exported to third party BI solutions through available export tools.

HOPEX Power Studio is a platform product.

For a successful outcome, MEGA recommends for all configurations and customisations to liaise with the Professional Services and follow the Project Structure basics

Scaling

Independence of resources
MEGA provides SaaS services, relying on Microsoft Azure, managed and monitored by the Mega Cloud Services (MCS) team. All the customers’ platforms are fully Single-tenant.

Analytics

Service usage metrics
Yes
Metrics types
Mega Cloud Services provide monthly usage metrics upon request. In terms of the reporting, MEGA suggests a monthly call with the Hosting team to provide information on logins and platform usage, platform size and efficiency, review Service Requests and any urgent Requirements in progress
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
Other data at rest protection approach
On the HOPEX Cloud platforms, all storages are encrypted with Microsoft Azure Storage Service Encryption (SSE) using 256-bit AES encryption.
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Exporting of Data can be achieved using open standards for example CSV and SQL formats but also some more specific depending on solution and end-user needs
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • Xls
  • Xml
  • Xmg
  • Mgr
  • Mgl
  • Html
  • Export to other solutions through API/WebServices
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • Xls
  • Xml
  • Mgr (proprietary format)
  • Mgl (proprietary format)
  • Xmg
  • Import to other solutions through API/WebServices

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
Customer's public IP address should be provided to MEGA and registered into the Mega Cloud Services (MCS)'s IP whitelisting in order to reach the services. All the customers’ platforms are fully Single-tenant (dedicated servers and VLAN).
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
Only the Mega Cloud Services (MCS) team is authorized to reach customers’ platforms through a secured bastion host recording all cloud engineers’ actions (logs and video). Please refer to the attached documentation for details.

Availability and resilience

Guaranteed availability
99,4% GUARANTEED up-time, Maximum unscheduled outage duration: One Business Day on Development sandbox, One Business Day on Test sandbox, 3 Business Hours on Production platform Maximum monthly unscheduled outage on Development sandbox, One Business Day on Test sandbox4 Business Hours (*) on Production platform (*) As an example, this represents a Service Availability of more than 99.4% over a month. Scheduled maintenance will be subject to a 5-Business Days’ notice, unscheduled maintenance will be subject to a 1-Business Day notice (excluding security incidents). Please see the Service Level Agreement in the T&C especially for the Incident Severity & Response Time.
Approach to resilience
HOPEX Cloud service is SOC 2 framework compliant. MEGA has chosen the following Microsoft datacentres to host its HOPEX Cloud Enterprise service for European customers: Europe (United Kingdom) – SOC 2 Compliance: o South UK (London) o West UK (Cardiff) or France – SOC 2 Compliance On going: o France Central (Paris) o South France (Marseille) Please refer to the attached documentation "SOC2 Type2 2018 letter - Does not require NDA.pdf".
Outage reporting
Phone, email alert or through MEGA’s online support system. Please see the Service Level Agreement in the T&C for more details

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Only the Mega Cloud Services (MCS) team is authorised to reach customers’ platforms through a secured bastion host recording all cloud engineers’ actions (logs and video).
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
MEGA has the SOC2 certification

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
MEGA is SOC2 certified
Information security policies and processes
SOC2 is a recognised certification widely used across Cloud / SaaS vendors. If required, customers will be able to ask us for it. There should be no need for reporting structure description as certification guarantees this (we comply with over 500 audited points)

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
MEGA implemented a Change Management Process to ensure the use of standardized methods and procedures to handle change promptly and efficiently, thus minimizing any adverse impact on service quality from change-related incidents. Changes on the HOPEX Cloud service include at least the following: • MEGA application release and patching; • Client subscription creation/removal; • Customer change requests according to service catalog.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
MEGA implemented an IS Vulnerability Management Process allowing to provide secure services to its customers. As part of the HOPEX Cloud service, in addition to a dedicated monitoring system and periodic scans allowing to detect potential new vulnerability (report sent to MCS Manager to plan remediation), who use system update services available through the Microsoft Azure portal to monitor Microsoft threats and vulnerabilities deploying associated updates mitigating the risk of potential exploitation and compromise. By default, security updates are deployed outside customers’ business hours.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
The Mega Cloud Services (MCS) team continuously monitors customers’ HOPEX platforms availability though a dedicated monitoring system allowing to notify MCS administrators in the event of an anomaly (e.g. system overload, components malfunction or failure). Immediate customer notification in case of security incidents.
Incident management type
Supplier-defined controls
Incident management approach
In case of emergency (security/ functional incidents), Mega Cloud Services (MCS)team can be solicited by email, platform, phone to solve incidents related to the SaaS services. HOPEX Cloud customers can contact them to solve any incident on the platform. MCS leads incident resolution by defining a treatment plan and assigning the different tasks to the right departments. A dedicated patch can be designed and deployed on the customer’s Pre-Production platform (permanent or temporary HOPEX Cloud Workbench platform) before being deployed on the Production platform. HOPEX users can report and consult status of incidents through the MEGA community portal (http://community.mega.com/)

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£358 to £528 per user per month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Access to HOPEX demo solution can be provided free of charge and allows users to fully test the product
Link to free trial
https://www.mega.com/en/company/request-30-day-trial

Service documents

Return to top ↑