Quality assurance and quality control software solutions offering a single source of truth to organisations across a broad selection of industries. Key areas include secure document management, internal audit management, supplier management, customer management, incident management, corrective actions, ISO compliance, training and competence, asset and equipment management and software validation.
Features
- Incident reporting management system including incident analysis and incident workflow
- Secure document management to categorise and control business information
- Operational management and internal audit reports, planning and implementation
- CAPA management, corrective action tracking and preventative action recording
- Competence management for staff training records and staff qualification
- Asset integrity management for equipment maintenance tracking and equipment safety
- Manage vendor performance management, vendor compliance management and supplier management
- Third-party relationship management including customer complaints management and feedback response
- Risk and opportunities management to contribute towards operational excellence strategy
- Remote quality management functionality by implementing mobile native applications
Benefits
- Compliance demonstrations, regulation compliance and standards compliance
- Non-compliance risk reduction and risk exposure reduction, identify recurring issues
- Operational management that aligns key business areas and promotes centralisation
- Non-conformance management and root cause management to swiftly identify issues
- Paperless auditing to reduce manual processes and increase process efficiency
- Staff competency management and staff development management to upskill employees
- Business asset management and external supplier management to ensure cohesion
- Full operational oversight to allow for insightful decision making
- Risk prevention with bowtie functionality and quality risk management
- Streamlined administration processes, between team collaboration and stakeholder collaboration
£4,200 an instance a year
- Education pricing available
Service documents
-
Pricing document
PDF
-
Skills Framework for the Information Age rate card
PDF
-
Service definition document
PDF
-
Terms and conditions
PDF
-
Modern Slavery statement
ODT
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at G-Cloud@ideagenplc.com. Tell them what format you need. It will help if you say what assistive technology you use.
Framework
G-Cloud 13
Service ID
1 4 5 8 9 8 4 0 2 7 0 8 3 2 4
145898402708324
Contact
IDEAGEN LIMITED Jen Pemberton
Telephone: 01629 699100
Email: G-Cloud@ideagenplc.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- For customers using the Q-Pulse hosted SaaS service, updates are pushed at pre-advised times. For other levels environment, maintenance patches and upgrades of the software are scheduled at a convenient time as agreed with the customer.
- System requirements
-
- Reliable and fast internet connection
- Requires Chrome, Edge and Firefox
- Offline reviewing capabilities require Microsoft Windows
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Ideagen operate support on 4 Priority Levels
Urgent – P1
Example: System Outage
We aim to respond within 1 hour
We aim to provide a resolution plan within 4 hours
High – P2
Example: Critical Component Failure
We aim to respond within 2 hours
We aim to provide a resolution plan within 8 hours
Normal – P3
Example: Problematic Behaviour
We aim to respond within 8 hours
We aim to provide a resolution plan within 24 hours
Low – P4
Example: Non-Critical Failure/Query
We aim to respond within 12 hours
We aim to provide a resolution plan within 48 hours
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- No
- Support levels
- We have a dedicated Ideagen Support Team that operates a risk-based triage process in order to prioritise all support requests. This is based on the impact to end users and also the severity of the issue as defined by the customer reporting the issue. This risk assessment will produce a priority level. Software issues (e.g. bugs, defects) are reviewed and verified by Ideagen’s Test and QA Teams. Once reviewed, the issue is given a severity which controls the time of a fix. Support is provided as part of annual maintenance cost. https://gael.secure.force.com/Support_SLA
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Ideagen works with the customer through the implementation process. This includes deployment of software, product user documentation, and e-learning content. End user training and configuration are available for an additional cost.
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- This would be managed through a data extraction/export service via our Technical Services Division. This would be managed at no additional cost. Data extraction within 30 days after the effective date of termination.
- End-of-contract process
- Where Ideagen hosts client data, upon request by the client within 30 days after the effective date of termination or expiration of the agreement. Ideagen will make the relevant client data available to the client for export or download. After that 30 day period Ideagen will have no obligation to maintain client data.
Additionally, upon termination or expiry of the agreement, the customer is entitled to transfer assistance within the running notice period and until up to 14 days after the termination of the agreement. This service comes at no additional cost to the customer.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- Windows
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Our native mobile app is designed to allow users to perform selected functionality deemed appropriate for the mobile workforce. Giving access to read and acknowledge receipt of controlled documents; Ability to complete Audit checklists and report Incidents. Documents and Audits can be taken off-line to assist in areas of poor internet connectivity. Our app is available on both Android and iOS devices. The desktop service covers all Q-Pulse functionality including these aspects but cannot operate off-line.
- Service interface
- Yes
- User support accessibility
- None or don’t know
- Description of service interface
- The user interfaces are designed primarily to allow end-users to access to the records and information stored and controlled within the management system and complete any required tasks. For example, read a document, complete an audit, investigate an issue. Additional interfaces are also provided for the configuration and administration of the software, business analysis and task management
- Accessibility standards
- None or don’t know
- Description of accessibility
- Q-Pulse (web components) is partially conformant with WCAG 2.1 level
- Accessibility testing
- None
- API
- Yes
- What users can and can't do using the API
- Web service APIs support SOAP, REST and JSON programming styles and allow for reading or creation of records in the Q-Pulse application. It will be challenging to replicate the layout of design forms within the Occurrence module due to the proprietary format utilised however, all field definition and data is accessible to create your own forms. Once committed, only a limited set of Records can be edited via the Service API.
- API documentation
- Yes
- API documentation formats
-
- HTML
- ODF
- Other
- API sandbox or test environment
- No
- Customisation available
- Yes
- Description of customisation
- Custom fields and workflows, Reports, notifications and labels can be customised. This is included in the price.
Scaling
- Independence of resources
- Hardware is initially provisioned to meet the expected demand of the customer. Our Q-Pulse product scales both vertically and horizontally depending on the load and thresholds. This is monitored by our cloud operations team.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Metrics types User Session logons/offs and availability
- Reporting types
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Encryption of all physical media
- Other
- Other data at rest protection approach
- The virtual hard disks (VHD) are encrypted to AES256 bit encryption.
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Simple record(s) export options exist within the reporting functionality of the application (export to csv, pdf, xls, etc.) Large data exports are an additional cost.
- Data export formats
-
- CSV
- Other
- Other data export formats
- XML
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- Other
- Other protection within supplier network
- Encryption at rest (AES256)
Availability and resilience
- Guaranteed availability
- Our SLA provides a 99. 7% financially backed uptime guarantee.
If the Monthly Uptime Percentage falls below 99.7% for any given month, you may be eligible for the following Service Credit:Monthly Uptime PercentageService Credit
< 99.7%10%
< 99.5%20%If Ideagen fails to meet the minimum Monthly Uptime Percentage described above for a Service, you may submit a claim for a Service Credit;
Client must submit a claim to customer support at Ideagen that includes: (i) a detailed description of the Incident; (ii) information regarding the duration of the Downtime; (iii) the number and location(s) of affected Users (if applicable); and (iv) descriptions of your attempts to resolve the Incident at the time of occurrence;
- Approach to resilience
- Extensive fault tolerance technologies used, no single point of failure. Detailed information is available on request.
- Outage reporting
- Automated active monitoring system and alerts are in place. If an outage is detected, clients will be informed via email or telephone depending on the severity
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- Username or password
- Other
- Other user authentication
- Username and Password, SSO.
- Access restrictions in management interfaces and support channels
- Ideagen have product specific as well as corporate access control policies that are assessed as part of our ISO accreditations. Ideagen operate on a least privilege basis. Access to servers containing client data are restricted to individuals demonstrating an appropriate need via an access request form. Only when access approval is granted, a token is sent to the requesters email address and only they can authenticate for a predefined amount of time. Even Ideagen "privileged" users in our cloud operations team are subject to the access control process described in the above statement.
- Access restriction testing frequency
- Less than once a year
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Dedicated link (for example VPN)
- Username or password
- Other
- Description of management access authentication
- All access to client environments requires an electronic form to be completed and authorized. The form must demonstrate the need for access and should be accompanied with client approval (e.g. support investigation, technical services project). The form is reviewed and if authorized a token is issued to the requestee. Only the individual making the request can use the token to gain access to the client hosted environments. MFA is leveraged from our Azure AD and will test the identity of the individual via Microsoft Authenticator App. The VPN to client environments is only accessible from the Ideagen internal network.
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- United Registrar of Systems
- ISO/IEC 27001 accreditation date
- 21/09/2021
- What the ISO/IEC 27001 doesn’t cover
- Statement of applicability - All applied
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- Self Validated by Worldpay
- PCI DSS accreditation date
- 10/12/2021
- What the PCI DSS doesn’t cover
- Ideagen use a system called Worldpay to process all of our credit card payments.
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- Ideagen follow and are externally audited against the ISO27001 Information Security Management Standard. Ideagen are happy to share an overview of our policies through our Information Security Policies Overview document and will also share our ISO27001 certificate and Statement of Applicability. Furthermore, information on GDPR can be found by following this link https://www.ideagen.com/gdpr-commitment
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- All changes are subject to Ideagen's change management policies and procedures that are audited as part of our ISO certifications. Risk is measured and appropriate mitigations defined as part of the change approval process. Each change is properly assessed to ensure that operational risk is reduced and measures are in place for back-out plans should an issue occur. Any high-risk change must be authorised by a senior manager.
Development adheres to a documented SDLC. From design to code to test through to release . Development and test strategies consider security aspects in both application and deployment activities.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Ideagen undertake ‘at least’ monthly internally managed vulnerability scans (Nessus), biannual internal penetration tests on the application later and externally managed annual penetration tests. (This would include a NetSparker scan, BurpSuite scan and Nessus scan) at both the infrastructure and the application layers. Findings from each assessment are reviewed, risk ranked, and assigned to the responsible team for remediation. The penetration test is provided by an external accredited provider and we are happy to share the results upon having a signed NDA. For further information Ideagen can share policies on our penetration testing, vulnerability and patch management.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Ideagen have a managed SIEM that collates events from a large number of sources (E.g. next gen end point EDR, Network OS etc). There are UEBA tools in use that also feed into the SIEM and raise alerts. Alerts are raised with the Cloud Operations Team. There is 24 hour , 365 days a year monitoring in place.
Time to respond is based on severity of issue, issues go through a risk-based triage process and are classified as a Priority 1 to Priority 4 based on the impact to end users and also the severity/urgency of the issue.
- Incident management type
- Supplier-defined controls
- Incident management approach
- We have in place a Cyber Security Operations Centre consisting of dedicated team members, responsible for managing, investigating and resolving all areas relating to information security. We also have a Cyber Emergency Response Team made up from domain experts across the Ideagen business, the members of the CERT would change dynamically to respond to different incidents. The CERT is responsible for working alongside the SOC, extending the technical triage, investigation, resolution and communications. Ideagen staff are required and encouraged to report identified information security events and weaknesses.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
- NHS Network (N3)
Social Value
- Fighting climate change
-
Fighting climate change
The Environment subject that has always been important to us at Ideagen. We have had ISO14001:2015 Environmental accreditation since 2015 in the UK for which we monitor our energy consumption. As required by law we complied to ESOS Phase II and in 2020 and this year we have adhered to the requirement of the Streamline Energy and Carbon Reporting (SERC) requirement which requires that Ideagen’s carbon footprint is communicated at the end of each financial year via Directors’ Report.
As a software company our strategy re hosted products is based on Social Responsibility. Products are moved onto Amazon and Microsoft Cloud who have sustainable operations which include carbon footprint, renewal energy and a commitment to Corporate Social Responsibility.
We are also presently working on our Net Zero Commitment Project. This means we will balance the whole amount of greenhouse gas (GHG) released and the amount removed from the atmosphere. We are looking at the key actions to take within our supply chain emissions, business travel – encouraging non-air transport modes and only travelling when absolutely necessary. Note at present all Ideagen employees are either homebased or have an option to work from home/office certain days of the week.
Also looking at the adoption of renewables across our sites, we will assess the current and expected relevant market availability of renewable energy tariffs or other renewable energy instructions (RECs,EACs etc.) and SBTi submission.
Our community lead is delivering to local schools learning about responsible business and a student challenge to create a service, event or activity that Ideagen could create that will be good for the community and/or the environment.
Ideagen has also decided to use the guidance provided by ISO 26000 as in the current environment we are becoming increasingly aware of the need and benefits of socially responsible behavior.
- Covid-19 recovery
-
Covid-19 recovery
Early and decisive actions were taken by senior management to focused on protecting team members, supporting our customers and positioning for the future.
As a software development company most of staff were already set up to work from home, and the remaining measures were quickly put in place to also work from home. Daily communication by line managers and between team members was encouraged and support and relevant measures put in place for those not able to work from home.
Social dialogue was maintained through online language, Yoga and Dance classes. Healthcare sessions e.g., Health Heart by British Heart Foundation are offered. Online meet up with other departments encouraged not just for work but through ‘coffee and chat’ sessions and book clubs.
Further measures implemented can be found within Ideagen’s COVID-19 Statement - Equal opportunity
-
Equal opportunity
Ideagen is an equal opportunities employer. Our policy is to treat all employees, job applicants, customers and suppliers equally regardless of their age, disability, gender reassignment, marital status, pregnancy, race (including nationality, ethnic or national origins), region or religious beliefs, sex or sexual orientation. Ideagen is committed to providing equal opportunities in employment and to avoiding unlawful discrimination in employment and against its customers or suppliers.
We have a designated talent development team within our People team. We have a significant budget allocated to the ongoing development of talent. This includes apprenticeship opportunities from level 2 to degree level and a detailed development prospectus for all colleagues. Each apprentice is allocated a workplace mentor, in addition to line management support.
Ideagen have built the Think Big community education programme with Nottingham Forest Community Trust. It is aimed at disadvantaged young people in secondary schools with a mission of ‘Motivating young people to be excited by Tech - inspiring them to think big about future employment in the Tech industry.’ All learning has mainstream and SEND versions. 50 Think Big Ambassadors (role models from Ideagen) have been trained to share their career stories; this includes sharing disability access and social mobility stories.
Ideagen have a relationship with Autism East midlands, providing extended work experience projects with the purpose of reducing barriers beneficiaries face securing jobs and developing skills for the tech industry.
Ideagen are a Cornerstone Employer. This is a national network of 300 businesses that connect through Local Enterprise Partnerships to support the local skills strategy. Inclusivity and SEND are key pillars in this work.
Ideagen are an ‘enterprise adviser’ to Nottingham College. This includes training teachers and advisers on the tech sector, supporting students with their transition to work, curriculum industry insight, advice on employability skills and careers. - Wellbeing
-
Wellbeing
Ideagen offers a varied engagement plan from exercise classes, to health and wellbeing workshops. We have carried out Financial Wellbeing, British Heart workshops,, Mindfulness and most recently Mental Health Training for Line Managers. Ideagen have added mental health onto our AXAC Policy, we have distributed mental health posters with contact numbers on to each office and we have a wellbeing room at our head office and in the New build in Kuala Lumper.
Ideagen have created a TEAMs page for Health and Wellbeing related literature. We have distributed literature on mental health via emails as well. We have created a mental health vision detailing how we will support our employees for this financial year with regards to mental health. We recently held a Time to Talk and Mental Health coffee and cake morning for employees in our Head office.
Ideagen offer flexible working and working from home. We have recently carried out volunteering as part of National Volunteering week.
We use Peakon as an anonymous employee survey to see how our employees feel about every aspect of their life at Ideagen from office to line manager and career prospects. We have the new recognition scheme to encourage employees to show a public recognition and cross departmental nominations for working together. This scheme offers monetary and non-monetary forms of recognition.
Pricing
- Price
- £4,200 an instance a year
- Discount for educational organisations
- Yes
- Free trial available
- No
Service documents
-
Pricing document
PDF
-
Skills Framework for the Information Age rate card
PDF
-
Service definition document
PDF
-
Terms and conditions
PDF
-
Modern Slavery statement
ODT
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at G-Cloud@ideagenplc.com. Tell them what format you need. It will help if you say what assistive technology you use.