Frequently Asked Questions¶
- User Management
- Usability
- Performance
- Integration
- Support
- Data Integrity
- Data Validation
- Security
- Encryption Protocols
- Accreditation
- Mobility
User Management¶
Question | Answer |
---|---|
Are there definable and configurable User Roles and Permissions? | We provide fully configurable Security Groups and associated permissions defined at table level. |
How does security event logging work? | Audit log tracks sessions, create, update and delete actions. Read actions are not tracked, but logins and logouts are. |
What is the general system availability/uptime? |
|
How does user authentication take place: local AD domain (for example, integration with Purchaser’s environment)/cloud domain (for example, Azure AD)/other? | Wood provides the service of managing user accounts and responding to password reset requests. Integration with customer AD is not presently available, but it is on the development roadmap. |
Does the system enable enforcing password complexity? If so, what parameters can the Purchaser control and what are the standard/initial settings? | Yes, per Microsoft Azure AD standards. |
Usability¶
Question | Answer |
---|---|
Can the NEXUS suite be used offline? |
|
What help tools and information are available? Are they database-specific or generic to all databases? |
|
Is the software for mobile use or desktop use? |
|
Performance¶
Question | Answer |
---|---|
How is software performance affected by customer configuration changes? |
|
Where are the reports and RBI calculations done, are they performed in the Client or in the DB? | Calculations are performed in the Client, not in the database. |
Does the solution have the ability to refresh information, run reports and calculation updates quickly without causing system crashes or long delays? | Performance of the calculations depend on calculation complexity. |
Integration¶
Question | Answer |
---|---|
Does the system have integration APIs? | NEXUS has a published REST API for data-level integration with third-party systems. For more information, see REST Service Specifications v2.0. |
What ports are required to provide the service? | Port 443 (using HTTPS). |
What’s the process for CMMS PM/MM integration? | Experience has shown us that the most effective system connectors are implemented in a collaborative partnership between the company technical experts and NEXUS technical experts. The scope of the CMMS integration will be guided by company requirements, which may or may not include two-way communication. Our standard approach for creating system connectors is the following:
See Example: Creating Connectors for an example of the workflow. |
Support¶
Question | Answer |
---|---|
On solution upgrades, can the process be performed without vendor participation, unless requested? |
|
How are support tickets sent by clients processed? | There are 2 tiers of support:
|
What is the escalation process of a sustainment ticket? |
|
Is there a regular release cycle? |
|
What support hours do you offer your global customer base? | The Support Portal is monitored office hours 9:00am to 5:00pm by personnel in 4 main regions:
|
What type of support is provided? | Support is typically provided via email, screen share, or phone where necessary. |
How long does it take to get a response and a resolution for an issue that we are experiencing? | Normal response time is within 24 hours, with a target maximum resolution time of 72 hours. User management requests and other high priority issues are usually addressed within 24 hours. |
Data Integrity¶
Question | Answer |
---|---|
How do you ensure zero data loss system failure/data redundancy? | MS SQL database backend stores all data after commit. SaaS via MSAzure provides levels of redundancy and recovery. The hosted service is resilient to single server failures through the use of redundant Azure infrastructure and provides coverage in the event that a data centre goes offline. Wood replicates database backups to other geographical regions. |
Where is my data stored? | SaaS hosting is deployed in MS Azure, at data centres appropriate to the client solution. Wood currently has deployments in UK South, South Central US and Australia East. See Data residency in Azure. |
How are actions logged for auditing? | Audit log tracks sessions, create, update and delete actions. Read actions are not tracked. |
How is the backup task executed? | Database backups are taken automatically each business day. |
Who can configure a backup task? | End users with appropriate permissions can initiate a backup from within the application on demand. |
How long is the backup stored? | Backups are retained for 14 calendar days. Additional backups for longer term retention can be held by agreement or transmitted to customer. This may have a cost impact. |
How are backups secured? | All backups are retained in dedicated storage secured for each customer. Storage is encrypted using AES256-based encryption keys. |
Are there separate development, testing and production environments available? | Yes. We provide a test database by default. Development environment is available upon request. This may have a cost impact. |
What is the backup/data restoration methodology? Are disaster recovery tests conducted regularly? | Yes, tests are performed at least annually. The service level objectives are:
|
What is the procedure for managing client data after the termination of a SaaS contract? | Upon the conclusion of a SaaS contract, we adhere to a stringent data management protocol to ensure the security and integrity of client data. The process is as follows:
|
Data Validation¶
Question | Answer |
---|---|
What data is validated? | All input data is validated for type consistency (numeric, Boolean, and so on). Field-specific validation rules can be defined. |
Import utilities must provide logging or an audit trail of both success and errors encountered during import. How do you ensure this? | Import engine performs test import before modifying data. If errors are found, the import process is aborted and user must rectify errors before data will be modified. |
What data export utilities are available to extract data in standard formats (that is, Excel or CSV)? | Almost anything in the database can be dumped to CSV, or push/pulled from REST calls, provided users have appropriate permissions. |
Security¶
Question | Answer |
---|---|
What is your application security model that ensures avoiding unauthorized access and/or deletion of data? | Users are assigned to security groups. Security groups have permissions to tables allowed/restricted. Users can only access or edit tables permitted by their security permissions. |
Is the solution able to lock down fields coming from Maximo interface? | Specific fields can be configured to be Read-Only, regardless of the data source. |
Can NEXUS track changes within the database for reporting and audit purposes? | The Audit log in NEXUS logs every change to every field in the database. |
Does the solution have the ability to secure data modifications on specific fields to only Admin or defined User Roles? | Specific fields can be configured to be Read-Only based on a pre-defined workflow logic. This includes the logged-in user. |
How do you ensure Incident Response Compliance? |
|
How are systems patched to avoid system downtime? | Under SaaS deployment, the application and/or server infrastructure may be patched automatically as required. The window for daily automated maintenance of servers is typically out of hours (for example, 0200 to 0400) and will NOT always result in service downtime. This maintenance window allows critical security issues to be addressed promptly after the release of a relevant patch. Any necessary ‘non-routine’ downtime during business hours is scheduled and approved with client contact. |
What is the average patch time for systems and service applications? | Typically patches are applied within maintenance window and takes 10-15 minutes. |
Do you offer network segmentation to protect individual services and databases? | Every customer has its own dedicated server cluster to ensure data security. |
Can users be authenticated against an external identity management system? For example, Microsoft Active Directory (AD) for on-premise, Azure Active Directory (AAD) via SAML2 for cloud hosted, Single Sign-On (SSO). | SaaS deployment presently does not offer SSO. This feature is on the development roadmap. |
Encryption Protocols¶
Question | Answer |
---|---|
What data encryption practices do you follow? | All data is encrypted in motion and at rest. Data will likely be travelling over public networks and is protected from unauthorised viewing and tampering. Web app and hosted solution (RemoteApp) both use HTTPS, which encrypts data in flight. Our Azure VMs are encrypted using Azure Platform Managed Keys. These are encryption keys that are generated, stored, and managed entirely by Azure. Customers do not interact with platform-managed keys (PMKs). |
How is data encrypted in motion? | Data transmitted over public networks is protected from unauthorised viewing and tampering. Our web and desktop apps use HTTPS, which encrypts data in flight using the cryptographic protocol TLS 1.2 or higher. |
How is data encrypted at rest? | Data at rest is stored in Microsoft Azure virtual machines using Server Side Encryption (SSE) with Platform Managed Keys (PMKs). Data on Azure-managed disks is encrypted transparently using 256-bit AES encryption, which is compliant with Federal Information Processing Standards (FIPS) 140-2. By default, managed disks use PMKs, which are managed by Microsoft. All managed disks, snapshots, images, and data written to existing managed disks are automatically encrypted-at-rest with PMKs. Customers do not have to interact with these keys. |
Accreditation¶
Question | Answer |
---|---|
What certification or accreditation of the solution is maintained? | The NEXUS team is currently working towards obtaining ISO27001:2022 accreditation for the NEXUS solution. |
Are there independent audits of security practises? | Third-party threat detection tools are used as an automated part of the build process to provide security scorecard and vulnerability detection. Any newly identified risks are promptly reviewed and mitigated. Additionally, both internal and independent audits and penetration testing are carried out to maintain the ISO27001:2022 accreditation. |
Mobility¶
Question | Answer |
---|---|
Can you describe the mobility capabilities of your solution? Can tablets be used as Read/Write vehicles? |
|
What platforms are supported for using IC-Inspector? | iPad, Windows tablet, Android tablet |