Upland Software

IT Financial Management Services by ComSci

ComSci helps organizations manage and communicate the cost, quality and value of the IT services they deliver to the enterprise, driving business alignment and IT transparency. ComSci also provides a managed service offering to streamline monthly data production to enable clients to focus on delivering value, not chasing data.

Features

  • IT Financial Management (ITFM)
  • Technology Business Management (TBM)
  • Service Cost Modelling
  • Bill of IT
  • Chargeback/Showback
  • Managed Service Offering supporting data production cycle
  • Telephone cost modelling and control
  • MSP/Cloud provider cost modelling and control

Benefits

  • Optimise IT spend/investments
  • Decrease IT spend as percentage of revenue
  • Automate/streamline monthly data production
  • Focus time and resources on demonstrating IT value to enterprise
  • Model service impacts, both costs and volumes
  • Demonstrate value of IT investments to all parts of enterprise
  • Facilitate showback/chargeback of IT services to enterprise
  • Centralise, analyse, and optimise telephone investments (VOIP/mobile/landline)
  • Centralise, analyse, and optimise MSP/cloud provider investments (AWS, Azure)

Pricing

£5 per person per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 9

970743506576408

Upland Software

Dominic Aelberry

07500587303

daelberry@uplandsoftware.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints N/A
System requirements
  • Internet Browser
  • Broadband Internet connectivity

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Email and Online support ticket portal is available. Response time depends on support level. Platinum guarantees under 1 hour response.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Yes, at an extra cost
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Web chat via community site
Web chat accessibility testing N/A
Onsite support Yes, at extra cost
Support levels Standard, Gold, and Platinum support.
Gold = 20% ARR, Platinum = 30% ARR
Upland provides complete end to end support including a customer success manager, 24x7 support, and the option for an assigned platinum experience manager.
Please see the Premium support brochure for full details.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Upland Software provides complete implementation, training, ongoing support, upgrades, maintenance, and consulting services. There is a range of local and remote post-implementation support and consulting services available to you.

Upland Professional Services will complete the implementation process so the customer is enabled and trained to support future configuration effort themselves. This is configuration of the tool’s inherent functionality through the GUI menus and options – and not customising source code. The initial implementation workshops will focus on the business architecture and analysis that must proceed any ‘configuration clicking’ in the user interface.

Training options

Upland Software offers a comprehensive range of training options tailored to fit each customer's specific needs and for each of our solutions offerings. Choose from instructor-led classes, simulations and train-the-trainer programmes — delivered in-person, remotely, or via computer-based training. Training will take place during the implementation for system admins and then formal sessions will be held for specific roles once the configuration is fully defined. Train the trainer is the preferred approach for end users – this ensures that you the customer is the ultimate owner of your tool.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Users are always able to extract data at any time. There are a number of ways to extract data, through API, CSV, templates and reports. On contract end Upland will provide a number of data options including a database copy.
End-of-contract process Data extract that requires no statement of work is included. Additional work will require a statement of work.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None (full, responsive HTML5 supported).
Accessibility standards None or don’t know
Description of accessibility ComSci is a web-based application accessible via a modern web browser such a Chrome, Firefox or Internet Explorer 11+.
Accessibility testing N/A
API No
Customisation available Yes
Description of customisation Customers select power users to be trained as administrators. These administrators have access to an administrative panel within ComSci. All administration and configuration is achieved through the same browser interface that is used by end users. All screens, forms, reports, views are configured through the browser interface. No coding knowledge or skill is needed to perform configurations within ComSci.

Some customers have asked for custom/additional processes which go through our Customer Success Management group and are specific to that customer. Most features requested are implemented in such a way that are configurable and allow the customer to opt-out or in.

Scaling

Scaling
Independence of resources ComSci is a standard 3-tier application with Web, Application and Database tiers. Each tier can be scaled horizontally and vertically. Customer data is segregated in individual database instances; fronted by a multi-tenant application layer.

Analytics

Analytics
Service usage metrics Yes
Metrics types Uptime, full support ticket information, development information.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Many areas of ComSci that provide summations of data (e.g., dashboard, charts/graphs, and reports) can be exported in a variety of common formats (e.g., PDF, Word, HTML, Excel, etc.). ComSci can also provide bulk extracts of data to feed into analytical tools (e.g., SPSS, Tableau, etc.).
Data export formats
  • CSV
  • Other
Other data export formats
  • Word
  • XLS
  • PDF
  • HTML
  • XML
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • XLS
  • XML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Software Availability;
The periods of time that the Application is Available for use by the Customer not including scheduled downtime. “Availability” or “Available” means that an Authorized User can log in and access the Application.

Available in all material respects 99.5% average over a month (calculated on a 24 x 7 x 365 basis, other than Scheduled Downtime and other than any period of downtime that lasts 5 continuous minutes or less).
Approach to resilience Available on request
Outage reporting Customer Portal. E-mail.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels ComSci will create either an encrypted LDAP connection to SAML 2.0 compliant identity federation solution (e.g., Active Directory). Once we have a connection, ComSci will send an on-demand request with the required authenticating information from our application server. If the end users credentials are valid, they will then be granted access. If the credentials are not valid we deny access. This request is in real time, therefore if an employee is disabled at 11:30, at 11:31 if they attempt to access, they will be denied.
Access restriction testing frequency At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations
  • SSAE 16 SOC 1 Type II / ISAE 3402
  • Safe Harbor (EU and Switzerland)
  • SOC 2

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards Other
Other security governance standards Upland Software’s product lines are accredited or follow best practices as defined by various bodies in relation to their standards and procedures. These include, but are not limited to:
++ SSAE-16 / ISAE 3402
++ SOC 2
++ Safe Harbor (EU and Switzerland)
Information security policies and processes Upland’s security framework is based on the ISO 27001 framework. On an annual basis, Upland ComSci is SSAE16 SOC1 Type II / ISAE 3402 audited, and as of 2016, SOC 2 audited as well. Upland has a VP of Security and Compliance who has remit and resources to ensure all information security policies are maintained.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach ComSci has a formal change and patch management process for dissemination into production environments. The process involves the development of features/enhancements, unit testing, building and hardening, and then full regression testing in a QA environment prior to production deployment. Controls are in place to ensure that our production environment is only accessible by certain key employees as part of the production roll-out process or for troubleshooting. We schedule change and patch deployments to occur off business hours/days and include checks on build procedures and validations to ensure successful deployments.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Upland participates in the following security forums and professional associations: SANS, insecure.org, w3.org, cert.org, and securityfocus.com. Additionally, alerts are sent to us from Microsoft and Adobe security departments, and we receive alerts from the 3rd party organization conducting our quarterly vulnerability scans and 24x7 monitoring services.

We receive alerts via Microsoft on software and OS updates/patches. We use Microsoft Server Update Service (WSUS) to deploy and manage security patch updates.
Patches are tested prior to installation. We make every attempt to install critical security patches as soon as possible while ensuring compatibility and testing requirements are met.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Upland’s Security Organization performs monitoring activities in order to continuously assess the quality of internal control over time. These activities are used to initiate corrective action through department meetings, client conference calls, and informal notifications. Management performs monitoring activities on a continuous basis, taking necessary actions as required to correct deviations from company policy and procedures.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Upland Software manages incidents by identifying and responding to them quickly, notifying key support and management personnel in a timely manner, restoring service as soon as possible, determining the cause of the incident, and taking appropriate steps to prevent future incidents. Our incident management process also allows us to quickly notify external organizations that may have been affected by an incident, including customers and partners. We employ internal and external
monitoring systems that periodically verify the state of each Upland cloud-based software product.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £5 per person per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Full software access for up to 1 month

Documents

Documents
Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑