Beyond Systems Limited

Beyond Cloud E-Business Archive Application Service

The Beyond “Cloud E-Business Archive Application” is a product designed for any organisation that is moving from Oracle E-Business on to another ERP platform but still has a requirement to retain and query their old data for several years.

Features

  • Archive old E-Business data for reference
  • Archive old E-Business data for freedom of information queries
  • Easy to query archive data
  • Each to build ad-hoc queries

Benefits

  • Securely store archive data
  • Query old data
  • Backed up
  • User friendly query interface
  • Available as required

Pricing

£15000 per instance per year

Service documents

Framework

G-Cloud 11

Service ID

9 9 8 9 4 0 5 4 6 9 3 7 9 2 5

Contact

Beyond Systems Limited

Mark Daynes

08450940998

mark.daynes@wegobeyond.co.uk

Service scope

Service constraints
Constrained by the Oracle Database As A Service Cloud service which can have planned maintenance arrangements.
System requirements
Oracle Database As A Service

User support

Email or online ticketing support
Email or online ticketing
Support response times
During working hours Mon-Fri 9.00 -17.00 - questions are acknowledged same day. Response times are rolled forward to the next working day if raised at weekends.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
For all applications Beyond will provide a basic level of software support during business hours (excluding public holidays and the period between Christmas Day and New Years’ Day), Monday to Friday, 09.00am-5.00pm. The customer will be expected to provide 1st line support and a documented scenario will need to be produced and reported to Beyond for investigation. Should the customer spawn a fault investigation that is subsequently not proven not be a software error, then Beyond reserve the right to charge for that time consumed to aid the customer investigation
Support available to third parties
No

Onboarding and offboarding

Getting started
At the start of the engagement a feasibly study will be carried out prior to the engagement to ensure the customer setup is compatible with our software and a custom on-boarding plan will be built. Operator training is included. User documentation is provided.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Once the contract ends, the service will be deleted along with the data. For applications that hold users data, an extraction process will be agreed with the user prior to the contract end date where a charge will be agreed.
End-of-contract process
At the end of the contract the cloud service will be terminated which is included in the cost. Additional charges will be agreed for any data extraction required at the termination.

Using the service

Web browser interface
Yes
Using the web interface
The users can use the application builder provided to build/amend their own reports over the archive data.
Web interface accessibility standard
WCAG 2.1 AAA
Web interface accessibility testing
Oracle regularly conducts testing to ensure that the user interfaces are perceivable, operable and understandable by people with range of abilities. Continually testing coding, visual operation, manual operations, too-assisted operations across people with and without disabilities.
API
No
Command line interface
No

Scaling

Scaling available
No
Independence of resources
The service is an archive service specifically design to retrieve information on an ad-hoc basis infrequently so it should never be affected by other users. If it ever does become stressed the customer can raise a service request to address.
Usage notifications
No

Analytics

Infrastructure or application metrics
No

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Data at rest is held on an Oracle Hosting Service and this is protected by Oracle's own standards.
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
Yes
What’s backed up
The entire archive is backed up at the outset
Backup controls
Only one back up is required at the start of the service as the data neve changes.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
Other
Other protection between networks
The data protection between buyer and supplier is controlled by third party hosting providers but this is usually - TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The application can be available 24 hours per day but on occasion the Database provider, Oracle, will need to take short service intervals to apply patch and security updates. Where necessary, Service Levels and outcomes will be agreed with the customer prior to any engagement. Under such circumstances, we would be happy to discuss Financial Recompense Models.
Approach to resilience
Available on request
Outage reporting
Email alerts and/or telephone calls to impacted customers

Identity and authentication

User authentication
Username or password
Access restrictions in management interfaces and support channels
Access is restricted in management interfaces and support channels by roles within the application to ensure only those authorised can access the system
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password
Devices users manage the service through
Dedicated device on a segregated network (providers own provision)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
No audit information available
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Our security governance aims to be compliant with ISO:27001:2013
Information security policies and processes
Beyond have a written security policy available on request. Security roles are assigned to specific individuals with their defined responsibilities, including access security as well as the network.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All change is governed by a Change Management Board. A configuration and change management log tracks all changes needed and the reason, plus the person responsible for making the change. All change must be approved by our Project Manager and this approval date is recorded in the configuration log. All technical changes are controlled by source control system so we are able track any change that has triggered an error.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Monitoring and assessment is a continual process and we deploy counter measures before potential threats arise. We work closely with Oracle who advise of potential threats and patches as they are identified.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Monitoring and assessment is a continual process. We work closely with Oracle who advise on any potential threats when they arise. All potential compromises are dealt with as urgent and requiring immediate assessment and resolution.
Incident management type
Supplier-defined controls
Incident management approach
At the start of the engagement the incident management process is agreed with the customer along with how they wish to report incident as well as how they wish reports to be issued to them.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
No

Energy efficiency

Energy-efficient datacentres
No

Pricing

Price
£15000 per instance per year
Discount for educational organisations
No
Free trial available
No

Service documents

Return to top ↑