FSI (FM) Solutions Ltd

Concept Evolution CAFM/IWMS

Concept Evolution is a browser-based CAFM/IWMS software solution. Easy and cost-effective to deploy and maintain, it offers a scalability from a single-property to an enterprise basis, and is used globally by many major service providers and direct organisations.


  • CAFM/IWMS solution for owners, occupiers, and service providers
  • Browser based solution offering ease of deployment and scalability
  • Extensive OOTB functionality incorporated in core system offering
  • Comprehensive suite of additional modules in a single integrated solution
  • COTS solution allowing end user configuration without programming
  • Asset management, helpdesk, and planned maintenance including supplier/resource management
  • Extensive management information through user defined reports and dashboards
  • Mobility solution for end users, direct labour and supplier resources
  • iOS and Android support offering a mixed device landscape
  • BIM integration providing FM "soft landings"


  • Industry leading CAFM/IWMS solution from established UK company
  • COTS functionally rich product suite providing maximum client benefit
  • OOTB deployment reduces implementation and maximises ROI
  • Single scalable integrated solution providing statutory and legislative compliance
  • Extensive business intelligence enabling informed business decisions
  • Configurable solution reducing paper handling and manual processes
  • Manage facilities and asset information in a single consolidated fashion
  • Ensure statutory and legislative compliance across the portfolio
  • Improve information quality, consistency and improve efficiencies
  • Secure UK based Cloud service with many existing clients


£25 per licence per month

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 11

Service ID

1 6 2 5 4 3 5 7 8 5 7 6 6 3 4


FSI (FM) Solutions Ltd

Sales Enquiry

01708 251900


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints All work for the purpose of maintenance or support as part of planned outages will take place outside business hours. The client will be provided with at least ten (10) working days prior notice of any planned outage unless otherwise agreed or in case of an emergency planned outage. FSI shall wherever possible ensure that there are no more than two (2) planned outages each calendar month. Normal business hours are 08:00 – 18:00 Monday to Friday. FSI carries out all planned outages between 23:00 and 02:00 on the second and last Friday of each month.
System requirements
  • Workstation, Windows 7+
  • Web browser, Chrome 37+, Firefox 31+, Internet Explorer 9+, Edge
  • Mobile device, iOS 8+, Android 5+
  • 3rd Party Workstation, Adobe Reader

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response times based on the severity of an issue. Standard response for low priority issues is 2 hours and business critical issues 15 minutes. For business critical issues, FSI recommends customers call the dedicated UK support line for a live call response. Standard customer support hours are 08:30 to 18:00 (GMT) Monday to Friday, excluding UK Bank holidays. Customers also have 24/7 access to our customer support portal for the logging and tracking of cases. In the unlikely case of a SaaS outage or a system down the customer will be able to contact our after-hours emergency team for assistance.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels FSI offer a standard level of support by default. Customer support is provided on a 1st, 2nd, and 3rd line basis. Support costs are included in the annual fee.

FSI do offer an Out of Hours service outside the standard operating times. Calls during this period will transfer to the on-call FSI Support Analyst. This is a dedicated service for business critical issues only. Issues
will be dealt with by the on-call 1st line support analyst until the issue is resolved as agreed by the customer. If the issue persists, it will be escalated to the support team leader or head of technical services.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started For the FSI professional services department, it is no longer just about installing software. FSI, has long recognised this shift from the standard provision of an operations framework to the need for a fully-fledged range of complementary professional services, based on a thorough understanding of our customer’s requirements and expectations starting from the initial discovery phase through to the post-delivery review of the project as a whole.

With the implementation of any new software application within a customer, it is imperative for the users of the application to be in receipt of a rewarding and information rich training programme to enable them to fully utilise the system as intended. At FSI we recognise the value that our training delivers to our customers and the importance that they place upon it. Professional training and support is delivered by FSI’s own highly skilled instructors, empowering and providing confidence and skills to make a Concept solution work for your business. All FSI Training consultants are actively involved in the on-going development of the Concept range and many have worked across both FM and IT industries. As such they understand the reasons for implementing our solution and the benefits it will bring.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Microsoft Word
  • Hard copy
End-of-contract data extraction All data within the system can be exported into CSV, HTML, PDF and Excel formats. This can then be imported into other systems.
End-of-contract process Following termination of the contract (for whatever reason), the customer shall certify, if appropriate, that it has returned or destroyed all copies of the applicable software and confidential information of FSI and acknowledge that its rights to use the same are relinquished. Furthermore, the customer shall use its commercially reasonable efforts to remove all customer data from any software or SaaS service prior to termination of the contract. The customer may engage, at its own discretion, FSI to assist in the removal of such data at FSI’s standard rates applying from time to time. If any customer data remains in the software or SaaS service more than thirty (30) calendar days after the effective date of termination, FSI may, at its sole discretion and without notice, delete any and all customer data.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service FSI GO and Concept Advantage are native applications delivering specific functionality to end users or technical resources. This includes but is not limited to call logging, desk or room booking, task management, asset verification, cleaning and portering services. The applications are not designed to mimic, or replicate the desktop service.
Service interface No
What users can and can't do using the API There are four types of web services exposed by FSI for use with its Concept Evolution product suite.

Basic: The basic services can be accessed over encrypted or unencrypted HTTP, using plain text authentication. They are meant to be used by consumers that cannot access the standard services.

Standard: The standard set of services can be reached from any client able to communicate in SOAP messages over SSL. The services use a WS-Enhancements HTTPS binding, following the standard versions of reliable sessions and security protocols as defined by OASIS.

Federated: these services use federated authentication.

Windows: these services use windows login.
API documentation Yes
API documentation formats PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation FSI allows the end user to “configure” rather than customise. Typically customisation includes product development. All changes can be made by the customer’s system administrator without the need for programming. The following are examples of where the configuration of the system can be modified:
- Adding / removing users
- Changing user access permissions
- Editing menu and field terminology
- Defining field rules such as mandatory, unique, etc.
- Configuring default screen layouts and sort orders
- Adding / editing reports
- Adding / editing workflows
- Adding / editing dashboard sla/kpi metrics


Independence of resources FSI SaaS utilises VMware to provide a high availability architecture using clustered hosting resources (vCPU, RAM, Storage). Continual monitoring and analysis ensures resources are available to support current and future growth of customer systems. Each customer has dedicated virtual images (Application and Database Server) with appropriate resource reservations (vCPU, RAM, Storage) according to user and business process needs.


Service usage metrics Yes
Metrics types FSI can also produce reports on different elements of the SaaS environment. The reports are produced through Solarwinds and can provide in-depth information on how a customers environment is performing.
Reporting types
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Data can be easily exported from any table grid contained within the user interface. The data is in CSV or Excel format by default. The workflow module can also be used to export data in XML format. System report output can also be exported in a variety of formats including Excel, PDF and HTML.
Data export formats
  • CSV
  • Other
Other data export formats XML
Data import formats
  • CSV
  • Other
Other data import formats XML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability FSI offer 99.95% uptime guarantee on infrastructure. However, from an application perspective, FSI provide 99.9%

Downtime is calculated from the time of notification of a fault by either the customer or FSI and ends when the service is restored to full working order as determined and certified by both FSI and the customer or a suitable workaround has been agreed.

Downtime, excludes any planned outages from either our data centre partner or FSI initiated scheduled downtime for software, operating system upgrades and or patching. Any partner related planned maintenance is scheduled out of hours. Normal business hours is 08:00 to 18:00 Monday to Friday. FSI carries out all planned maintenance between 23:00 and 02:00 on the second and last Friday of each month. FSI will provide at least 10 working days’ notice of any planned outages.

FSI operates a service credit scheme details of which are provided when a customer and FSI enter into a contract.
Approach to resilience Available on request
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels FSI supports robust role based access, and manages access to information for each individual user down to field level. FSI provides all of its customers system administration training covering the establishment of user roles/user account definition and management. This also includes specific guidance on how to restrict access to specific application functional areas and interfaces as part of the implementation process.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Lloyd's Register Quality Assurance Limited
ISO/IEC 27001 accreditation date 05/12/2018
What the ISO/IEC 27001 doesn’t cover The scope of the approval is applicable to Development, implementation, hosting, maintenance and support of Facilities Management (FM) software products and solutions. Provision of associated product training. Provision of Managed Service Infrastructure, Software Support and Maintenance. Statement of Applicability vn2 (ISO27001 only).
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Data centre Infrastructure and associated services are managed according to ISO 27001:2013 controls and processes. Concept Evolution security and processes are used to manage the application platform.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach The FSI SaaS service is managed according to ISO 27001:2013 including platform patching (e.g. non-production testing, sign off), risk assessment and corrective action tracking. The Concept Evolution product suite is developed using a code vault , allowing code changes to be tracked at line level. Executables are built from the code vault and subjected to separate development and system test cycles within dedicated non-customer environments. Releases to customer environments are authorised by the customer via a release notice and sign-off test plan. External penetration testing is undertaken frequently and the Concept product suite is undergoes penetration testing regularly.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Vulnerabilities to the datacenter are managed according to ISO 27001:2013 controls and processes which allows the risk to be tracked throughout its lifecycle (identification, assessment and treatment). Regular scheduled maintenance is undertaken to ensure that the technical platform is routinely patched to the latest available security guidelines/ patches. Essential maintenance may be undertaken at short notice subject to a risk assessment, to ensure that critical vulnerabilities are addressed in a timely fashion and outside of regular scheduled maintenance as and when required.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Protective monitoring and the associated responses are managed according to ISO 27001:2013 controls and processes utilising a mixture of automated features at device level (e.g. automated blocking) and manual interaction based on alerts (e.g. investigation prior to intervention).
Incident management type Supplier-defined controls
Incident management approach Incidents are managed according to ISO 27001:2013 controls and processes that include a defined "Security data breached and Incident Response Plan" including reporting mechanisms for both Information Technology and physical security incidents, incident logging, communication to internal and external parties, escalation, reporting, implementation of preventative actions, and ongoing improvement.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £25 per licence per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial FSI offers potential customers access to demonstration environment for an initial period of 30 days. Functionality available, and users allowed access during the trial are agreed prior to the commencement of the trial. Access to the FSI GO mobility solution can also be incorporated for limited users.

Service documents

Return to top ↑