Frequently Asked Questions

User Management

Question

Answer

Are there definable and configurable User Roles and Permissions?

We provide fully configurable Security Groups and associated permissions defined at table level.

How does security event logging work?

Audit log tracks sessions, create, update and delete actions. Read actions are not tracked, but logins and logouts are.

What is the general system availability/uptime?

  • SaaS hosting is deployed in MS Azure and has a proven history of greater than 99.9% uptime.

  • Access to NEXUS via SaaS may be temporarily unavailable for scheduled maintenance or for unscheduled emergency maintenance due to causes beyond Wood’s control. The window for daily automated maintenance of servers is typically out of hours (for example, 0200 to 0400) and will NOT always result in service downtime. This maintenance window allows critical security issues to be addressed promptly after the release of a relevant patch. Any necessary ‘non-routine’ downtime during business hours is scheduled and approved with client contact.

How does user authentication take place: local AD domain (for example, integration with Purchaser’s environment)/cloud domain (for example, Azure AD)/other?

Wood provides the service of managing user accounts and responding to password reset requests. Integration with customer AD is not presently available, but it is on the development roadmap.

Does the system enable enforcing password complexity? If so, what parameters can the Purchaser control and what are the standard/initial settings?

Yes, per Microsoft Azure AD standards.

Usability

Question

Answer

Can the NEXUS suite be used offline?

  • A number of applications in the NEXUS suite are specifically designed for offline use - for example, IC-Inspection and IC-Inspector.

  • Web-based applications require an internet connection to function.

  • For field-based campaigns a “subscriber” database can be used as an offline copy that can be synced into the master on return to base.

What help tools and information are available? Are they database-specific or generic to all databases?

  • Typically training material is customised to the final configuration of the customer database.

  • This is provided in the form of hover-hints and labels for fields.

  • Generic application help is available online via the online documentation and accessible from within the app.

Is the software for mobile use or desktop use?

  • NEXUS IC and IC-Web are primarily designed for desktop use.

  • IC-Inspector is our mobility app which is specifically designed for field-based data acquisition in tablet-sized screens.

  • There are no apps designed for smartphone-sized devices.

Performance

Question

Answer

How is software performance affected by customer configuration changes?

  • Performance optimisation is a key element of testing and development.

  • Complexity of customer-specific configuration can have a performance impact. Wood will work with the client to ensure reasonable system performance.

Where are the reports and RBI calculations done, are they performed in the Client or in the DB?

Calculations are performed in the Client, not in the database.

Does the solution have the ability to refresh information, run reports and calculation updates quickly without causing system crashes or long delays?

Performance of the calculations depend on calculation complexity.

Integration

Question

Answer

Does the system have integration APIs?

NEXUS has a published REST API for data-level integration with third-party systems. For more information, see REST Service Specifications v2.0.

What ports are required to provide the service?

Port 443 (using HTTPS).

What’s the process for CMMS PM/MM integration?

Experience has shown us that the most effective system connectors are implemented in a collaborative partnership between the company technical experts and NEXUS technical experts. The scope of the CMMS integration will be guided by company requirements, which may or may not include two-way communication. Our standard approach for creating system connectors is the following:

  • Workshop workflows and data flows between systems

  • Identify each connector and their requirements

  • Implement any required changes in NEXUS and/or other system (for example, SAP)

  • Collaboratively define, configure and test the connector script (with each expert team writing the appropriate section of the connector)

See Example: Creating Connectors for an example of the workflow.

Support

Question

Answer

On solution upgrades, can the process be performed without vendor participation, unless requested?

  • For on-premise deployments: The upgrade process is performed by running the new setup file. The setup process will automatically handle all changes needed including database schema updates.

  • For SaaS deployments: The NEXUS infrastructure team will handle the upgrades with minimal interruption to operations.

How are support tickets sent by clients processed?

There are 2 tiers of support:

  1. Tier 1 - Regional office support: The regional Wood office can be supported any time (via phone, or email) to provide support.

  2. Tier 2 - Global support system: Tickets are raised and managed in a central tracking system that is monitored by Wood’s NEXUS team globally. This allows prompt response.

What is the escalation process of a sustainment ticket?

  • Support requests are logged into central tracking system and monitored by global support personnel.

  • Support tickets are triaged and either addressed, or assigned to relevant person/team for investigation.

Is there a regular release cycle?

  • Typical release cycle sees a minor point release every 6 to 12 months.

  • Major releases are typically issued every 3 to 5 years.

What support hours do you offer your global customer base?

The Support Portal is monitored office hours 9:00am to 5:00pm by personnel in 4 main regions:

  • Perth - GMT +8

  • Brisbane - GMT +10

  • Aberdeen - GMT

  • Houston - GMT -6

What type of support is provided?

Support is typically provided via email, screen share, or phone where necessary.

How long does it take to get a response and a resolution for an issue that we are experiencing?

Normal response time is within 24 hours, with a target maximum resolution time of 72 hours. User management requests and other high priority issues are usually addressed within 24 hours.

Data Integrity

Question

Answer

How do you ensure zero data loss system failure/data redundancy?

MS SQL database backend stores all data after commit. SaaS via MSAzure provides levels of redundancy and recovery. The hosted service is resilient to single server failures through the use of redundant Azure infrastructure and provides coverage in the event that a data centre goes offline. Wood replicates database backups to other geographical regions.

Where is my data stored?

SaaS hosting is deployed in MS Azure, at data centres appropriate to the client solution. Wood currently has deployments in UK South, South Central US and Australia East. See Data residency in Azure.

How are actions logged for auditing?

Audit log tracks sessions, create, update and delete actions. Read actions are not tracked.

How is the backup task executed?

Database backups are taken automatically each business day.

Who can configure a backup task?

End users with appropriate permissions can initiate a backup from within the application on demand.

How long is the backup stored?

Backups are retained for 14 calendar days. Additional backups for longer term retention can be held by agreement or transmitted to customer. This may have a cost impact.

How are backups secured?

All backups are retained in dedicated storage secured for each customer. Storage is encrypted using AES256-based encryption keys.

Are there separate development, testing and production environments available?

Yes. We provide a test database by default. Development environment is available upon request. This may have a cost impact.

What is the backup/data restoration methodology? Are disaster recovery tests conducted regularly?

Yes, tests are performed at least annually. The service level objectives are:

  • Restore Point Objective: maximum 24 hours

  • Restore Time Objective: maximum 48 hours

What is the procedure for managing client data after the termination of a SaaS contract?

Upon the conclusion of a SaaS contract, we adhere to a stringent data management protocol to ensure the security and integrity of client data. The process is as follows:

  1. Transmit final database backup and any video files to customer.

  2. Confirm receipt.

  3. Delete all virtual machines and client data.

Data Validation

Question

Answer

What data is validated?

All input data is validated for type consistency (numeric, Boolean, and so on). Field-specific validation rules can be defined.

Import utilities must provide logging or an audit trail of both success and errors encountered during import. How do you ensure this?

Import engine performs test import before modifying data. If errors are found, the import process is aborted and user must rectify errors before data will be modified.

What data export utilities are available to extract data in standard formats (that is, Excel or CSV)?

Almost anything in the database can be dumped to CSV, or push/pulled from REST calls, provided users have appropriate permissions.

Security

Question

Answer

What is your application security model that ensures avoiding unauthorized access and/or deletion of data?

Users are assigned to security groups. Security groups have permissions to tables allowed/restricted. Users can only access or edit tables permitted by their security permissions.

Is the solution able to lock down fields coming from Maximo interface?

Specific fields can be configured to be Read-Only, regardless of the data source.

Can NEXUS track changes within the database for reporting and audit purposes?

The Audit log in NEXUS logs every change to every field in the database.

Does the solution have the ability to secure data modifications on specific fields to only Admin or defined User Roles?

Specific fields can be configured to be Read-Only based on a pre-defined workflow logic. This includes the logged-in user.

How do you ensure Incident Response Compliance?

  • Wood has developed its security infrastructure using industry standards and guidelines to be complaint with ISO27001/27002, cyber essentials, NIST, government, and department of defense information technology and European union (EU) general data protection regulations (GDPR).

  • Wood has a global procedure for crisis and emergency management, which supports a robust IT and information security incident response process that covers all levels of security incident or data breaches scenarios. Wood has third-party forensics capabilities, ERS and incident response resources and will ensure that the customer is notified of any breach and the following actions.

How are systems patched to avoid system downtime?

Under SaaS deployment, the application and/or server infrastructure may be patched automatically as required. The window for daily automated maintenance of servers is typically out of hours (for example, 0200 to 0400) and will NOT always result in service downtime. This maintenance window allows critical security issues to be addressed promptly after the release of a relevant patch. Any necessary ‘non-routine’ downtime during business hours is scheduled and approved with client contact.

What is the average patch time for systems and service applications?

Typically patches are applied within maintenance window and takes 10-15 minutes.

Do you offer network segmentation to protect individual services and databases?

Every customer has its own dedicated server cluster to ensure data security.

Can users be authenticated against an external identity management system? For example, Microsoft Active Directory (AD) for on-premise, Azure Active Directory (AAD) via SAML2 for cloud hosted, Single Sign-On (SSO).

SaaS deployment presently does not offer SSO. This feature is on the development roadmap.

Encryption Protocols

Question

Answer

What data encryption practices do you follow?

All data is encrypted in motion and at rest. Data will likely be travelling over public networks and is protected from unauthorised viewing and tampering. Web app and hosted solution (RemoteApp) both use HTTPS, which encrypts data in flight. Our Azure VMs are encrypted using Azure Platform Managed Keys. These are encryption keys that are generated, stored, and managed entirely by Azure. Customers do not interact with platform-managed keys (PMKs).

How is data encrypted in motion?

Data transmitted over public networks is protected from unauthorised viewing and tampering. Our web and desktop apps use HTTPS, which encrypts data in flight using the cryptographic protocol TLS 1.2 or higher.

How is data encrypted at rest?

Data at rest is stored in Microsoft Azure virtual machines using Server Side Encryption (SSE) with Platform Managed Keys (PMKs).

Data on Azure-managed disks is encrypted transparently using 256-bit AES encryption, which is compliant with Federal Information Processing Standards (FIPS) 140-2. By default, managed disks use PMKs, which are managed by Microsoft. All managed disks, snapshots, images, and data written to existing managed disks are automatically encrypted-at-rest with PMKs. Customers do not have to interact with these keys.

Accreditation

Question

Answer

What certification or accreditation of the solution is maintained?

The NEXUS team is currently working towards obtaining ISO27001:2022 accreditation for the NEXUS solution.

Are there independent audits of security practises?

Third-party threat detection tools are used as an automated part of the build process to provide security scorecard and vulnerability detection. Any newly identified risks are promptly reviewed and mitigated. Additionally, both internal and independent audits and penetration testing are carried out to maintain the ISO27001:2022 accreditation.

Mobility

Question

Answer

Can you describe the mobility capabilities of your solution? Can tablets be used as Read/Write vehicles?

  • IC-Inspector is the fully integrated mobility solution. IC-Inspector is a tablet application optimised for inspection data collection using an iPad.

  • IC-Inspector communicates with a NEXUS REST server to receive tasks and drawings, and to upload inspection data. It can be used for inspection with no Internet connectivity, although it does require connectivity to initially receive tasks and finally sync inspection data back to the master database.

What platforms are supported for using IC-Inspector?

iPad, Windows tablet, Android tablet