SmartSimple Software

Grants, Research, Case and Awards & Scholarship Management Software

SmartSimple was designed from the start to help organisations connect with their communities & streamline critical processes. We’re able to do this because our products are almost endlessly configurable. Once a system is implemented, our clients are able to administer their software on their own, with minimal help from us.

Features

  • Grants Management
  • Awards and Scholarship Management
  • Automated workflows and reminders
  • Business Intelligence Dashboards
  • Research Management
  • CRM
  • SAAS
  • Ad-hoc Reporting
  • Data Analytics
  • Audit Control

Benefits

  • Ensure Data consistency
  • Make informed decisions
  • Available online/offline via fillable PDF
  • Eliminate administrative overhead by using eligibility quizzes
  • Integrate with 3rd Parties (accounts, HR etc..) via our API
  • Use detailed analytics to report easy to public websites
  • Measure the impact of your processes internally and externally
  • Provide transparency while keeping your data secure within your control
  • Self manage without expense of developers
  • Configuration

Pricing

£16 to £75 per person per month

Service documents

G-Cloud 9

978983663038927

SmartSimple Software

Christina Ng

1416-591-1668ext.126

cng@smartsimple.com

Service scope

Service scope
Service constraints Their are no constraints using SmartSimple
System requirements
  • Firefox
  • Internet Exploer 8 or above
  • Chrome
  • Safari
  • Mobile compatible

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Support is free
We operate to a strict SLA
Phone Support hours at 8am GMT until 10pm GMT Monday to Saturday
A web support portal is available 24/7/365 with the same SLA as phone support
Critical Support in the case of an outage is available 24/7/365
Critical response time: 15 minutes
High Level response time: 30 minutes
Medium level response time: within 2 hours
Low level response time: within 8 hours / 1 working day
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 A
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard WCAG 2.0 A
Web chat accessibility testing Tested using reputable 3rd party audit and compliance companies to ensure chat support functions correctly and without delay.
Onsite support Yes, at extra cost
Support levels Phone Support Free
Web Support Free
Onsite support after the implementation of the software, although very rare, it is usually that we support when staff are on leave, rates vary depending on the requirement of the support. i.e. is it simply helping staff on site or building new functionality without specification etc...
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Training Course Outlines

SmartSimple is committed to providing high quality training to all its customers and partners.

All training is instructor-led and provides a mix of both lectures and hands-on exercises.
Each participant has access to a computer and a training copy of SmartSimple during the course.

A detailed outline of training courses can be found here:
https://wiki.smartsimple.com/wiki/Training_Course_Outlines
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats
  • Webinar
  • Webex
  • Community Conference
  • Product Advisory Council
  • YouTube
  • Recorded best practices
End-of-contract data extraction SmartSimple provide administrators the ability to extract all data via structured txt, csv, or directly via our API. Along with a copy of all data in physical format.
End-of-contract process There is no additional cost for terminating the service
90 days notice is required prior to terminating the service, we provide your data back free of charge, this is listed in our contracts available on www.smartsimple.com

Using the service

Using the service
Web browser interface Yes
Using the web interface No setup required, users simply require a web browser and internet connection to use the system. Administrators trained by SmartSimple have no limitations except the deleting of data as this requires a request to SmartSimple to have data deleted.
Web interface accessibility standard WCAG 2.0 A
Web interface accessibility testing SmartSimple uses various third party testers and auditors to provide non bias tests and results to ensure the level of testing and usability of the system falls inline with web standard requirements
API Yes
What users can and can't do using the API Detailed white paper and samples of our API (Json restful Services) can be found here:
https://api.smartsimple.com/devtools/api.html
API automation tools
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
Command line interface No

Scaling

Scaling
Scaling available Yes
Scaling type Automatic
Independence of resources SmartSimple use AWS EC2 meaning the system scales on demand based on set metrics for response times. Elastic computing ensures no latency on service and endless computing power
Usage notifications Yes
Usage reporting
  • API
  • Email
  • Other

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • HTTP request and response status
  • Number of active instances
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up Everything
Backup controls SmartSimple control the backup schedule for you, everything is backed up to a hot backup each night which you can access as standard, archives and physical backups are also conducted to your schedule.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Supplier controls the whole backup schedule
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks http://www.smartsimple.com/security-privacy.html
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network http://www.smartsimple.com/security-privacy.html

Availability and resilience

Availability and resilience
Guaranteed availability http://www.smartsimple.com/uptime-users.html
Real-time statistics, updated daily taken from our three hosting regions; United States, Europe and Canada
Approach to resilience This information is available upon request via our SOC 2 Type 2 documentation and DRP
Outage reporting API, Email Alerts, the SmartSimple Command Center and direct phone calls to notify should their be an outage. AWS up time report and dashboard.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Username or password
Access restrictions in management interfaces and support channels SmartSimple is a role based system, users with the role of administrator are SmartSimple staff only. SmartSimple together with our customers define user account controls prior to signing of Statements of work to ensure the right users see the data they are only privileged to see. Your internal administrator(s) are then able to make changes to account controls which is audited and tested prior to being signed off.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Certifications for SOC 1/SSAE 16/CSAE 3416/ISAE 3402
ISO/IEC 27001 accreditation date 31/12/2016
What the ISO/IEC 27001 doesn’t cover Data upon request
ISO 28000:2007 certification Yes
Who accredited the ISO 28000:2007 Certifications for SOC 1/SSAE 16/CSAE 3416/ISAE 3402
ISO 28000:2007 accreditation date 02/02/2016
What the ISO 28000:2007 doesn’t cover Certifications for SOC 1/SSAE 16/CSAE 3416/ISAE 3402
Audit and compliance DRP and SOC 2 and operational reference guide available upon signing of NDA
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations
  • PCI DSS Level 3, FIPS 140-2 encryption
  • SOC 2 certified
  • Certifications for SOC 1/SSAE 16/CSAE 3416/ISAE 3402 SOC 2
  • FedRAMP Authority to Operate (ATO)
  • 2-factor and single sign on
  • Information is encrypted at rest/in motion for increased security
  • AWS Advanced Technology Partner

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
Other security governance standards SmartSimple is SOC 2 certified, compliance certifications SOC 1/SSAE 16/CSAE 3416/ISAE 3402 (formerly SAS70), SOC 2.
Compliant for PCI DSS Level 3, FIPS 140-2 encryption.
FedRAMP Authority to Operate (ATO) at the moderate impact level issued US Department of Defense.
Support 2-factor and single sign on integration for enhanced authentication.
Information security policies and processes This information is listed in our DRP and How we work with you documentation. Security is treated as critical level tickets with strict SLA and process reporting in place to ensure even suspected security issues are addressed immediately.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach 90% of the time our customers are empowered to make changes themselves. In the case you can not or do not have the bandwidth to make change it is possible to create a request for services via your online portal which will be assessed as a change or a support ticket. Changes are deemed to be chargeable if they require more than a 3 hours work from your assigned business analyst.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach This information is available upon request.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach This information is available upon request
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Incidents (real or suspected) are reported via our API, Email, Web Distribution and reports. Should a suspected incident occur your account manager is notified and contacts you immediately. We have yet to have a real incident.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes

Pricing

Pricing
Price £16 to £75 per person per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Our Trial service requires an NDA to be signed, you will then be given access to a baseline of SmartSimple which allows you access as various steakholders in the process chain. This typically is applicant, reviewer/evaluator, board member, staff member, finance staff member and research office or supporting office.
Link to free trial https://www.smartsimple.com/

Documents

Documents
Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑