Ideagen Q-Pulse QMS: Proactive Quality Management Toolkit (2024)

£4,200 an instance a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Framework

G-Cloud 13

Service ID

1 4 5 8 9 8 4 0 2 7 0 8 3 2 4

145898402708324

Contact

IDEAGEN LIMITED Jen Pemberton
Telephone: 01629 699100
Email: G-Cloud@ideagenplc.com

Service scope

Software add-on or extension

No

Cloud deployment model

Public cloud

Service constraints

For customers using the Q-Pulse hosted SaaS service, updates are pushed at pre-advised times. For other levels environment, maintenance patches and upgrades of the software are scheduled at a convenient time as agreed with the customer.

System requirements

• Reliable and fast internet connection
• Requires Chrome, Edge and Firefox
• Offline reviewing capabilities require Microsoft Windows

User support

Email or online ticketing support

Email or online ticketing

Support response times

Ideagen operate support on 4 Priority Levels

Urgent – P1

Example: System Outage

We aim to respond within 1 hour

We aim to provide a resolution plan within 4 hours

High – P2

Example: Critical Component Failure

We aim to respond within 2 hours

We aim to provide a resolution plan within 8 hours

Normal – P3

Example: Problematic Behaviour

We aim to respond within 8 hours

We aim to provide a resolution plan within 24 hours

Low – P4

Example: Non-Critical Failure/Query

We aim to respond within 12 hours

We aim to provide a resolution plan within 48 hours

See Also

Ideagen Quality Management Reviews & Ratings 2024Why Great Retailers Care About Product Feed Management on SocialApple Hearing Study shares preliminary insights on tinnitusIdeagen Quality Management

User can manage status and priority of support tickets

No

Phone support

Yes

Phone support availability

24 hours, 7 days a week

Web chat support

No

Onsite support

No

Support levels

We have a dedicated Ideagen Support Team that operates a risk-based triage process in order to prioritise all support requests. This is based on the impact to end users and also the severity of the issue as defined by the customer reporting the issue. This risk assessment will produce a priority level. Software issues (e.g. bugs, defects) are reviewed and verified by Ideagen’s Test and QA Teams. Once reviewed, the issue is given a severity which controls the time of a fix. Support is provided as part of annual maintenance cost. https://gael.secure.force.com/Support_SLA

Support available to third parties

Yes

Onboarding and offboarding

Getting started

Ideagen works with the customer through the implementation process. This includes deployment of software, product user documentation, and e-learning content. End user training and configuration are available for an additional cost.

Service documentation

Yes

Documentation formats

PDF

End-of-contract data extraction

This would be managed through a data extraction/export service via our Technical Services Division. This would be managed at no additional cost. Data extraction within 30 days after the effective date of termination.

End-of-contract process

Where Ideagen hosts client data, upon request by the client within 30 days after the effective date of termination or expiration of the agreement. Ideagen will make the relevant client data available to the client for export or download. After that 30 day period Ideagen will have no obligation to maintain client data.
Additionally, upon termination or expiry of the agreement, the customer is entitled to transfer assistance within the running notice period and until up to 14 days after the termination of the agreement. This service comes at no additional cost to the customer.

Using the service

Web browser interface

Yes

Supported browsers

• Microsoft Edge
• Firefox
• Chrome

Application to install

Yes

Compatible operating systems

• Android
• IOS
• Windows

Designed for use on mobile devices

Yes

Differences between the mobile and desktop service

Our native mobile app is designed to allow users to perform selected functionality deemed appropriate for the mobile workforce. Giving access to read and acknowledge receipt of controlled documents; Ability to complete Audit checklists and report Incidents. Documents and Audits can be taken off-line to assist in areas of poor internet connectivity. Our app is available on both Android and iOS devices. The desktop service covers all Q-Pulse functionality including these aspects but cannot operate off-line.

Service interface

Yes

User support accessibility

None or don’t know

Description of service interface

The user interfaces are designed primarily to allow end-users to access to the records and information stored and controlled within the management system and complete any required tasks. For example, read a document, complete an audit, investigate an issue. Additional interfaces are also provided for the configuration and administration of the software, business analysis and task management

Accessibility standards

None or don’t know

Description of accessibility

Q-Pulse (web components) is partially conformant with WCAG 2.1 level

Accessibility testing

None

API

Yes

What users can and can't do using the API

Web service APIs support SOAP, REST and JSON programming styles and allow for reading or creation of records in the Q-Pulse application. It will be challenging to replicate the layout of design forms within the Occurrence module due to the proprietary format utilised however, all field definition and data is accessible to create your own forms. Once committed, only a limited set of Records can be edited via the Service API.

API documentation

Yes

API documentation formats

• HTML
• ODF
• Other

API sandbox or test environment

No

Customisation available

Yes

Description of customisation

Custom fields and workflows, Reports, notifications and labels can be customised. This is included in the price.

Scaling

Independence of resources

Hardware is initially provisioned to meet the expected demand of the customer. Our Q-Pulse product scales both vertically and horizontally depending on the load and thresholds. This is monitored by our cloud operations team.

Analytics

Service usage metrics

Yes

Metrics types

Metrics types User Session logons/offs and availability

Reporting types

Reports on request

Resellers

Supplier type

Not a reseller

Staff security

Staff security clearance

Other security clearance

Government security clearance

None

Asset protection

Knowledge of data storage and processing locations

Yes

Data storage and processing locations

• United Kingdom
• European Economic Area (EEA)
• Other locations

User control over data storage and processing locations

Yes

Datacentre security standards

Complies with a recognised standard (for example CSA CCM version 3.0)

Penetration testing frequency

At least once a year

Penetration testing approach

Another external penetration testing organisation

Protecting data at rest

• Physical access control, complying with CSA CCM v3.0
• Physical access control, complying with SSAE-16 / ISAE 3402
• Encryption of all physical media
• Other

Other data at rest protection approach

The virtual hard disks (VHD) are encrypted to AES256 bit encryption.

Data sanitisation process

Yes

Data sanitisation type

Deleted data can’t be directly accessed

See Also

Pros and Cons of Ideagen Quality Management 2024

Equipment disposal approach

Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach

Simple record(s) export options exist within the reporting functionality of the application (export to csv, pdf, xls, etc.) Large data exports are an additional cost.

Data export formats

• CSV
• Other

Other data export formats

XML

Data import formats

CSV

Data-in-transit protection

Data protection between buyer and supplier networks

TLS (version 1.2 or above)

Data protection within supplier network

• TLS (version 1.2 or above)
• Other

Other protection within supplier network

Encryption at rest (AES256)

Availability and resilience

Guaranteed availability

Our SLA provides a 99. 7% financially backed uptime guarantee.
If the Monthly Uptime Percentage falls below 99.7% for any given month, you may be eligible for the following Service Credit:

Monthly Uptime PercentageService Credit
< 99.7%10%
< 99.5%20%

If Ideagen fails to meet the minimum Monthly Uptime Percentage described above for a Service, you may submit a claim for a Service Credit;

Client must submit a claim to customer support at Ideagen that includes: (i) a detailed description of the Incident; (ii) information regarding the duration of the Downtime; (iii) the number and location(s) of affected Users (if applicable); and (iv) descriptions of your attempts to resolve the Incident at the time of occurrence;

Approach to resilience

Extensive fault tolerance technologies used, no single point of failure. Detailed information is available on request.

Outage reporting

Automated active monitoring system and alerts are in place. If an outage is detected, clients will be informed via email or telephone depending on the severity

Identity and authentication

User authentication needed

Yes

User authentication

• Username or password
• Other

Other user authentication

Username and Password, SSO.

Access restrictions in management interfaces and support channels

Ideagen have product specific as well as corporate access control policies that are assessed as part of our ISO accreditations. Ideagen operate on a least privilege basis. Access to servers containing client data are restricted to individuals demonstrating an appropriate need via an access request form. Only when access approval is granted, a token is sent to the requesters email address and only they can authenticate for a predefined amount of time. Even Ideagen "privileged" users in our cloud operations team are subject to the access control process described in the above statement.

Access restriction testing frequency

Less than once a year

Management access authentication

• 2-factor authentication
• Identity federation with existing provider (for example Google Apps)
• Dedicated link (for example VPN)
• Username or password
• Other

Description of management access authentication

All access to client environments requires an electronic form to be completed and authorized. The form must demonstrate the need for access and should be accompanied with client approval (e.g. support investigation, technical services project). The form is reviewed and if authorized a token is issued to the requestee. Only the individual making the request can use the token to gain access to the client hosted environments. MFA is leveraged from our Azure AD and will test the identity of the individual via Microsoft Authenticator App. The VPN to client environments is only accessible from the Ideagen internal network.

Audit information for users

Access to user activity audit information

Users have access to real-time audit information

How long user audit data is stored for

At least 12 months

Access to supplier activity audit information

Users contact the support team to get audit information

How long supplier audit data is stored for

At least 12 months

How long system logs are stored for

At least 12 months

Standards and certifications

ISO/IEC 27001 certification

Yes

Who accredited the ISO/IEC 27001

United Registrar of Systems

ISO/IEC 27001 accreditation date

21/09/2021

What the ISO/IEC 27001 doesn’t cover

Statement of applicability - All applied

ISO 28000:2007 certification

No

CSA STAR certification

No

PCI certification

Yes

Who accredited the PCI DSS certification

Self Validated by Worldpay

PCI DSS accreditation date

10/12/2021

What the PCI DSS doesn’t cover

Ideagen use a system called Worldpay to process all of our credit card payments.

Cyber essentials

No

Cyber essentials plus

No

Other security certifications

No

Security governance

Named board-level person responsible for service security

Yes

Security governance certified

Yes

Security governance standards

ISO/IEC 27001

Information security policies and processes

Ideagen follow and are externally audited against the ISO27001 Information Security Management Standard. Ideagen are happy to share an overview of our policies through our Information Security Policies Overview document and will also share our ISO27001 certificate and Statement of Applicability. Furthermore, information on GDPR can be found by following this link https://www.ideagen.com/gdpr-commitment

Operational security

Configuration and change management standard

Supplier-defined controls

Configuration and change management approach

All changes are subject to Ideagen's change management policies and procedures that are audited as part of our ISO certifications. Risk is measured and appropriate mitigations defined as part of the change approval process. Each change is properly assessed to ensure that operational risk is reduced and measures are in place for back-out plans should an issue occur. Any high-risk change must be authorised by a senior manager.

Development adheres to a documented SDLC. From design to code to test through to release . Development and test strategies consider security aspects in both application and deployment activities.

Vulnerability management type

Supplier-defined controls

Vulnerability management approach

Ideagen undertake ‘at least’ monthly internally managed vulnerability scans (Nessus), biannual internal penetration tests on the application later and externally managed annual penetration tests. (This would include a NetSparker scan, BurpSuite scan and Nessus scan) at both the infrastructure and the application layers. Findings from each assessment are reviewed, risk ranked, and assigned to the responsible team for remediation. The penetration test is provided by an external accredited provider and we are happy to share the results upon having a signed NDA. For further information Ideagen can share policies on our penetration testing, vulnerability and patch management.

Protective monitoring type

Supplier-defined controls

Protective monitoring approach

Ideagen have a managed SIEM that collates events from a large number of sources (E.g. next gen end point EDR, Network OS etc). There are UEBA tools in use that also feed into the SIEM and raise alerts. Alerts are raised with the Cloud Operations Team. There is 24 hour , 365 days a year monitoring in place.

Time to respond is based on severity of issue, issues go through a risk-based triage process and are classified as a Priority 1 to Priority 4 based on the impact to end users and also the severity/urgency of the issue.

Incident management type

Supplier-defined controls

Incident management approach

We have in place a Cyber Security Operations Centre consisting of dedicated team members, responsible for managing, investigating and resolving all areas relating to information security. We also have a Cyber Emergency Response Team made up from domain experts across the Ideagen business, the members of the CERT would change dynamically to respond to different incidents. The CERT is responsible for working alongside the SOC, extending the technical triage, investigation, resolution and communications. Ideagen staff are required and encouraged to report identified information security events and weaknesses.

Secure development

Approach to secure software development best practice

Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks

Yes

Connected networks

NHS Network (N3)

Social Value

Fighting climate change

Fighting climate change

The Environment subject that has always been important to us at Ideagen. We have had ISO14001:2015 Environmental accreditation since 2015 in the UK for which we monitor our energy consumption. As required by law we complied to ESOS Phase II and in 2020 and this year we have adhered to the requirement of the Streamline Energy and Carbon Reporting (SERC) requirement which requires that Ideagen’s carbon footprint is communicated at the end of each financial year via Directors’ Report.

As a software company our strategy re hosted products is based on Social Responsibility. Products are moved onto Amazon and Microsoft Cloud who have sustainable operations which include carbon footprint, renewal energy and a commitment to Corporate Social Responsibility.

We are also presently working on our Net Zero Commitment Project. This means we will balance the whole amount of greenhouse gas (GHG) released and the amount removed from the atmosphere. We are looking at the key actions to take within our supply chain emissions, business travel – encouraging non-air transport modes and only travelling when absolutely necessary. Note at present all Ideagen employees are either homebased or have an option to work from home/office certain days of the week.

Also looking at the adoption of renewables across our sites, we will assess the current and expected relevant market availability of renewable energy tariffs or other renewable energy instructions (RECs,EACs etc.) and SBTi submission.

Our community lead is delivering to local schools learning about responsible business and a student challenge to create a service, event or activity that Ideagen could create that will be good for the community and/or the environment.

Ideagen has also decided to use the guidance provided by ISO 26000 as in the current environment we are becoming increasingly aware of the need and benefits of socially responsible behavior.

Covid-19 recovery

Covid-19 recovery

Early and decisive actions were taken by senior management to focused on protecting team members, supporting our customers and positioning for the future.
As a software development company most of staff were already set up to work from home, and the remaining measures were quickly put in place to also work from home. Daily communication by line managers and between team members was encouraged and support and relevant measures put in place for those not able to work from home.
Social dialogue was maintained through online language, Yoga and Dance classes. Healthcare sessions e.g., Health Heart by British Heart Foundation are offered. Online meet up with other departments encouraged not just for work but through ‘coffee and chat’ sessions and book clubs.
Further measures implemented can be found within Ideagen’s COVID-19 Statement

Equal opportunity

Equal opportunity

Ideagen is an equal opportunities employer. Our policy is to treat all employees, job applicants, customers and suppliers equally regardless of their age, disability, gender reassignment, marital status, pregnancy, race (including nationality, ethnic or national origins), region or religious beliefs, sex or sexual orientation. Ideagen is committed to providing equal opportunities in employment and to avoiding unlawful discrimination in employment and against its customers or suppliers.

We have a designated talent development team within our People team. We have a significant budget allocated to the ongoing development of talent. This includes apprenticeship opportunities from level 2 to degree level and a detailed development prospectus for all colleagues. Each apprentice is allocated a workplace mentor, in addition to line management support.
Ideagen have built the Think Big community education programme with Nottingham Forest Community Trust. It is aimed at disadvantaged young people in secondary schools with a mission of ‘Motivating young people to be excited by Tech - inspiring them to think big about future employment in the Tech industry.’ All learning has mainstream and SEND versions. 50 Think Big Ambassadors (role models from Ideagen) have been trained to share their career stories; this includes sharing disability access and social mobility stories.
Ideagen have a relationship with Autism East midlands, providing extended work experience projects with the purpose of reducing barriers beneficiaries face securing jobs and developing skills for the tech industry.
Ideagen are a Cornerstone Employer. This is a national network of 300 businesses that connect through Local Enterprise Partnerships to support the local skills strategy. Inclusivity and SEND are key pillars in this work.
Ideagen are an ‘enterprise adviser’ to Nottingham College. This includes training teachers and advisers on the tech sector, supporting students with their transition to work, curriculum industry insight, advice on employability skills and careers.

Wellbeing

Wellbeing

Ideagen offers a varied engagement plan from exercise classes, to health and wellbeing workshops. We have carried out Financial Wellbeing, British Heart workshops,, Mindfulness and most recently Mental Health Training for Line Managers. Ideagen have added mental health onto our AXAC Policy, we have distributed mental health posters with contact numbers on to each office and we have a wellbeing room at our head office and in the New build in Kuala Lumper.
Ideagen have created a TEAMs page for Health and Wellbeing related literature. We have distributed literature on mental health via emails as well. We have created a mental health vision detailing how we will support our employees for this financial year with regards to mental health. We recently held a Time to Talk and Mental Health coffee and cake morning for employees in our Head office.
Ideagen offer flexible working and working from home. We have recently carried out volunteering as part of National Volunteering week.
We use Peakon as an anonymous employee survey to see how our employees feel about every aspect of their life at Ideagen from office to line manager and career prospects. We have the new recognition scheme to encourage employees to show a public recognition and cross departmental nominations for working together. This scheme offers monetary and non-monetary forms of recognition.

Pricing

Price

£4,200 an instance a year

Discount for educational organisations

Yes

Free trial available

No