Utilising Azure Platform as a Service, we provide cost visibility and management control to landline, mobile and WAN telecom service assets. Via the management and resolution of billing errors, wastage and excess capacity, we optimise and rationalise services to deliver direct and indirect savings of 10-30% of annual expenditure.
- Microsoft Azure Platform as a Service - PaaS
- Linearly scalable to address any size of organisation
- Analyse data from any source at a transactional level
- Big data search, analytics and management reporting
- Secure user access based on customer criteria
- Mobile Policy management, implementation and control
- Centralised view of entire telecoms and IT expenditure
- Integration with existing IT, HR and Finance systems
- Single Sign-On
- Full customisation
- Total cost control of the telecoms estate
- 10-30% typical cost reduction on telecoms estate
- Operational efficiencies in the management and reporting
- Provide accurate ongoing service asset cost control and cost allocation
- Comprehensive governance and compliance across the telecom estate including mobile
- Supplier contract management and governance
£40500 per licence per year
- Education pricing available
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|Service constraints||Our application is restricted to using Microsoft Azure services, specifically PaaS. Azure Stack (onsite deployment) is on our roadmap once Microsoft release later this year. Outages are limited as hardware patching and maintenance is performed by Microsoft meaning no downtime to the PaaS environment. The only planned outage is a 2 hour weekly window (out of hours) to perform feature upgrades and bug fixes.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||The Helpdesk will response as soon as reasonably possible and in any event within 1 Business Hour. The Helpdesk operates Monday to Friday between 09.00 and 17.00 - due to the nature of the solution 24/7 support is not typically required, however, 24/7 can be provided on a price on application basis.|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
End-User Support is provided Monday to Friday 09.00 to 17.00 with a target of 95% of all support tickets being responded to within 1 business hour. The nature of our solution is typically not considered mission critical.
In addition, we are able to provide on-site support in the form of an trainer and/or a technical account manager these will be charged based on our published day rate.
We also provide remote support in respect of supplier billing data loading as this is typically the most time consuming element for Customer resource and it is commonly more cost effective for our specialist resource to support this activity.
|Support available to third parties||Yes|
Onboarding and offboarding
There is typically a setup phase of c. 6 weeks, where we will create the required instance, setup up all data loading scripts for all required datasets, import a maximum of 12 months historical telecoms and IT billing data and customer reference data, contracts and tariffs, create all agreed custom fields and reports as part of the onboarding process.
Upon completion of the setup phase the Customer will be able to access the application and be given visibility of the potential historical rebate and savings opportunities. Using the Customer's own data we will provide onsite training and support to ensure that the Customer can maximise the use of the tool.
Upon completion of the setup phase the Customer will have access to a total of 10 additional onsite training days, alongside pre-recorded training videos and user documentation.
|End-of-contract data extraction||
At the end of the contract a total of three extracts will be made available to the customer in an csv format:
1. Inventory Extract
2. Contract and Tariff Extract
3. Order History Extract
|End-of-contract process||A total of three extracts will be prepared on the final day of the contract and issued to the Customer in a CSV format. At the end of the contract the Customer instance will be disabled and all associated data will be destroyed in line with our ISO 27001 procedures which will see all paper document shredded, all data deleted and any associated instance destroyed.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||No|
|Accessibility standards||WCAG 2.0 A|
Accessibility Developer Tools by google
automated audit tool is called accessSniff
|What users can and can't do using the API||
Users require credentials to get a token to make a restful call to the API to get data
As above by posting required changes and using the key API calls for saving data
API can only be called from specific IP domains.
|API documentation formats||Open API (also known as Swagger)|
|API sandbox or test environment||Yes|
|Description of customisation||
Users can create custom fields that can be applied to all aspect of our solution or to specific modules. In addition, users can create custom searches and reports to drive key information. Users can also customise the underlying data structure to support their specific needs.
Customisation is achieved through standard functionality contained within our application. Who can customise is defined within user permission, permission enable a user to have rights to create, edit and/or view.
|Independence of resources||Veropath application is built using the Azure PaaS solution where were each client has their own dedicated SQL Azure database. Databases can either share DTU's in a pool or be configured to use a dedicated pool. Pools can be scaled on demand to allow increased DTU's for high periods of activity. Web Services operate in an application pool and are scaled dynamically on CPU and Memory thresholds. Using a combination of these services provides a high degree of assurance that demand is met on both fronts.|
|Service usage metrics||Yes|
|Reporting types||Regular reports|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||EU-US Privacy Shield agreement locations|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||Reports or Custom Search|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||Custom formats via Python|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
Veropath Portal Access has a targeted 99% SLA. Veropath Portal Uptime has a targeted 99% SLA.
As solution is not considered business critical and the customer would suffer no losses as result of being unable to access the application we would not offer any form of refund where targeted levels are not achieved, however, if we are non-compliant the process below would be followed:
1. One (1) month non-compliance with the SLA - Account Director will provide detailed explanation and recovery plan to the Customer;
2. Two (2) consecutive months non-compliance across all KPIs detailed within the SLA – the Supplier’s COO will attend a meeting with the Customer to provide detailed explanation and recovery plan; and
3. Three (3) or more consecutive months (or 3 months out of 6) non-compliance across all KPIs detailed within the SLA - The Customer may elect to terminate the Services.
|Approach to resilience||Our solution is built using Microsoft Azure Platform as a Service, this provides full automated disaster recovery and machine self-heeling.|
|Outage reporting||Email notification and public announcements on Veropath. At the point of logging into the Veropath a user will be notified of any announcements that have been made within the tool the user and the tool will track if the announcement(s) has been read. Announcements are typically used to provide advanced warning of planned outages and reminders prior to the outage. In the event of an unplanned and planned outage the user will be provided with a notification on the login page providing a indication of time to resolve.|
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||
User can either authenticate with Veropath username (email address) and Password (strength client defined) setup on the application
or Active Directory Foundation Services allowing local client AD security to be maintained.
|Access restrictions in management interfaces and support channels||Access is restricted through client defined security groups created in the application which incorporates both access to Modules (with read/write/design/admin), and data sources (Structure, Supplier, Account) and Owner services. User can be a member of a Business group which has indirect security group membership or direct access to a security group. Business group hierarchy only allows access to user owned services from the child business group, they do not inherit the security group access of the child business group.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||Between 6 months and 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||Between 6 months and 12 months|
|How long system logs are stored for||Between 6 months and 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||QMS International|
|ISO/IEC 27001 accreditation date||25/01/13|
|What the ISO/IEC 27001 doesn’t cover||No aspect of our operation is not covered by ISO/IEC 27001 certification. The accreditation covers Veropath as an organisation, and covers both the Operational and Developmental aspects of the business.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security accreditations||No|
|Named board-level person responsible for service security||Yes|
|Security governance accreditation||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||Information Security policies and management of these policies are controlled within the ISO27001 process. In line with this structure polices are reviewed every quarter through an ISMS meeting with key individuals from the business and the ISMS Manager. Agreements are made whether policies require updating or new policies need developed in line with change in business process, or external factors. Policies and process are audited once a year by QMS an external body who review and highlight recommendations where necessary. New staff must complete a security awareness course, plus there is an annual security awareness course which all staff must complete. Access to policies are available for staff within the company sharepoint site.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Change Management is detailed within our ISO 27001 policy.
Microsoft online Team Foundation Services is used to register bugs and feature from concept through to delivery. "Change sets" are published to Development environment and code reviewed by senior developers to confirm impact to performance and security. Once approved a release is built on the Alpha environment and on successful testing this is released to Beta. Once in Beta this can be hot swapped to Production allowing immediate rollback if issues are identified with no downtime for the user.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
The Veropath application and related services are run using Azure PaaS meaning that all patches including critical patches are applied immediately by Microsoft without causing any downtime of the service.
Azure provide regular updates of updates and threat prevention.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Configuration of Azure Alerts across App services (API, Web) and SQL Services covering various performance indicators (query analysis, long response times, high CPU, high memory), server event errors (4xxx, 5xxx), and regular use of Azure Advisory services to determine any services which require attention based on recommendations. Threat detection in conjunction with auditing is enabled on all databases.
Alerts are raised through wall boards and emailed to central group for investigation. Depending on the threat level will dictate course of action and response.
|Incident management type||Supplier-defined controls|
|Incident management approach||Veropath has a clearly defined Incident Management approach, taking it’s guidelines from the ISO 27001 standard. A report of security incidents is raised at each ISMS Management review. Individual incidents are logged with TFS for tracking and to help improve services in the future. An Incident Reporting and Management Policy also supplements this Policy and provides clear guidelines for staff on the classification of Incidents and the time frames in place for the effective reporting of incidents. The Policy also clarifies the parties responsible for incident management and the control of incidents from detection to resolution.|
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£40500 per licence per year|
|Discount for educational organisations||Yes|
|Free trial available||No|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|