Levett Consultancy Ltd

Parago Asset Management

Levett Consultancy provides out Parago,a powerful IT and Software Asset Management system controlled through an intuitive visual interface. Designed to be easy to use, yet providing the flexibility and features demanded by high-end systems.


  • Asset, IT & Inventory
  • Dashboards & Reports
  • e-sign Document Manager
  • Asset Discovery
  • Contract Management
  • Centralise contract management for cost savings


  • Push dashboard templates to all accounts in your schools
  • Fully customisable dashboards using simple rules and conditions
  • Easily export your dashboard to Excel and CSV files
  • Restrict user permissions by categories to allow or deny access
  • Monitor the use of IT equipment and software
  • Link contracts to specific assets (e.g. boiler)
  • Manage and oversee multiple sites
  • Sub groups for regions/hubs within MATs and districts
  • MAT/District central office account
  • Securely manage user access and permissions


£500 per unit

  • Education pricing available

Service documents


G-Cloud 11

Service ID

1 7 3 5 9 6 6 4 9 7 8 2 7 4 4


Levett Consultancy Ltd

Joanne Levett

01279 799256


Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Cloud deployment model
Public cloud
Service constraints
System requirements
A modern web browser is required

User support

Email or online ticketing support
Phone support
Web chat support
Onsite support
Support levels
Parago provides a single level of support for Parago Asset Management in line with other enterprise service providers, the terms of support can be found here: https://www.paragosoftware.com/terms-and-conditions/. Additional Levett Consultancy reseller support is available at an additional cost.
Support available to third parties

Onboarding and offboarding

Getting started
On boarding services are covered within the Parago software license provided by Levett Consultancy. If required, at an additional cost, Levett Consultancy provides a fully comprehensive asset management service that includes consultancy, deployment, training, and support.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Customers have this 90 day period to extract their data from the account using our reporting engine to export from whatever module they would like.

After the contract has expired, users have 1 month to request their data.
End-of-contract process
90 Days before the end of a contract, customers are informed that the account will expire by our accounts team.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
A dedicated Parago mobile app is available both for iOS and Android which provides a bespoke user experience tailored to the operating system to each operating system.
Service interface
Description of service interface
Parago Asset Management Software is accessed using a modern web browser from any device. Parago Asset Management Software is also available on Android from the Google Play store and iOS devices from the Apple App store.

The Parago dashboard gives you a visual representation of your organisation's asset data extracted from the integrated reporting system across Premises & Compliance, IT & Inventory, Contract Management and helpdesk modules.
Accessibility standards
None or don’t know
Description of accessibility
Accessibility testing
What users can and can't do using the API
Parago provides a rest api to the asset management area to push and pull information into the system.
API documentation
API sandbox or test environment
Customisation available


Independence of resources


Service usage metrics


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
With all reports, you can view them in your browser, export to excel/csv/plain text, or you can simply print. There is also a data importer for bringing in new data or merging with existing data, and this supports a wide field of formats: .xlsx, .xml, .xls, .ods, Gnumeric and .csv
Data export formats
  • CSV
  • Other
Other data export formats
Data import formats
  • CSV
  • Other
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
There is no guarantee for a level of availability, however, we have a 99.95% uptime. The only downtime we have is for system updates for an average of 20 minutes on a monthly basis. These updates are carried out outside of working hours.
Approach to resilience
Outage reporting
Parago gives at least 8 hours’ notice for outages for updates and to schedule these updates out of working hours. In an emergency, we still try to give at least a few hours’ notice and schedule to limit the impact on users but those in time zones away from Europe/London may be affected.

Identity and authentication

User authentication needed
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Depending on administrator preference, users can be signed in via a federated identity service, including Active Directory, LDAP as their identity provider. Administrative access privileges are granted separately to individual users or groups.
Access restriction testing frequency
At least once a year
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
No audit information available
Access to supplier activity audit information
No audit information available
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
EY CertifyPoint
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
  • ISO 9001
  • ISO 27017
  • ISO 27018

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Information security policies and processes

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Parago currently uses SVN to track change management in the system. All changes are assessed by the development team beforehand for security impact.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Vulnerabilities are assessed on an ad-hoc basis. Patches can also be pushed ad hoc. They are usually deployed after business hours. Information regarding potential threat comes from ad-hoc research by the development team.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Compromises are identified and responded to on an ad-hoc basis. Due to the level of security, we are yet to encounter a compromise and we are yet to need to respond to an incident.
Incident management type
Supplier-defined controls
Incident management approach
We deal with incidents on an ad-hoc basis. Users can report incidents to customersupport@parago.co.uk where the support team will escalate all cases to level 3 for immediate assessment. We do not provide incident reports to external sources.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£500 per unit
Discount for educational organisations
Free trial available

Service documents

Return to top ↑