BIMobject Platform as a Service

The BIMobject Cloud presents a service to clients to represent their information, technology has been adapted to a project based configuration.

Platform as a Service (PaaS) is a cloud based Content Management System. Content is a mix of geometry and data, the solution provides a means of storing this.


  • Real time access from anywhere in the world
  • Real time up to date information
  • Real time analytics
  • Data creation on demand
  • Geometry creation on demand
  • Data and geometric version control
  • Private and/or public secure access to this information
  • Single source of truth


  • Data accuracy ensures to reduction of risk
  • Sharing of information ensures everyone knows more
  • Creation of geometry without expensive special softwares
  • Creation of data using simple uploading services
  • All reduce risk


£250 per user per year

Service documents

G-Cloud 10



David Jellings

+44 7961 364886

Service scope

Service scope
Service constraints N/A
System requirements
  • Internet Browser
  • Internet Connection

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We aim to answer all questions within 24hours
User can manage status and priority of support tickets No
Phone support No
Web chat support No
Onsite support Yes, at extra cost
Support levels To manage users support requests we have an internal web based system. For clients running services we can support using a number of web based tools including screen sharing, web-conferencing and chat functions as well as on site support
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started BIMobject are a partner not a provider. We provide services to enable the clients to have self determination and control over their platform.

Training is provided online and onsite.

Information is also presented in an access only BIMobject Wiki
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction All content is accessible using the same tools to maintain it, from there information can be extracted
End-of-contract process All information is archived and made available to the client administrators only

Using the service

Using the service
Web browser interface Yes
Using the web interface Users and clients have complete access to a web interface via any internet browser software
Web interface accessibility standard None or don’t know
How the web interface is accessible Users can edit and control information, data, geometry and access to groups of people.

Users can have full or limited access depending on their allowances
Web interface accessibility testing N/A
What users can and can't do using the API We provide the clients with a set of end points which allow clients to consume the data as we see fit
API automation tools Other
API documentation Yes
API documentation formats
  • PDF
  • Other
Command line interface No


Scaling available Yes
Scaling type Automatic
Independence of resources We run a virtual load balancing system which guarantees service levels
Usage notifications No


Infrastructure or application metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency Never
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up Everything that is hosted within the platform
Backup controls BIMobject perform all incremental daily backups across the database outside of the users control. BIMobject perform full backup on Sundays.
Datacentre setup Single datacentre with multiple copies
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Legacy SSL and TLS (under version 1.2)
Data protection within supplier network Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability 99.8%
Approach to resilience Available upon request
Outage reporting A public dashboard
an API
email alerts

Identity and authentication

Identity and authentication
User authentication Other
Other user authentication Single factor authentication
Access restrictions in management interfaces and support channels Using a web interface we/you are able to control both users and their access
Access restriction testing frequency At least every 6 months
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Devices users manage the service through Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information No audit information available
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Microsoft Azure
ISO/IEC 27001 accreditation date June 2017
What the ISO/IEC 27001 doesn’t cover N/A
ISO 28000:2007 certification Yes
Who accredited the ISO 28000:2007 Microsost Azure
ISO 28000:2007 accreditation date June 2017
What the ISO 28000:2007 doesn’t cover N/A
CSA STAR certification Yes
CSA STAR accreditation date June 2017
CSA STAR certification level Level 5: CSA STAR Continuous Monitoring
What the CSA STAR doesn’t cover N/A
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Responsibility for all security policies are held with and reported to the companies CTO

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Changes to a configuration are made by the supplier in line with the clients requirements
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach To understand threats we use third parties advice to understand how to be able to deliver safe services and understand new threats

To deploy patches we have a strong internal team who carry out this work
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach We use expert third parties to assist with all monitoring approaches. With a strong internal team we can respond to incidents instantly.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach We have a reporting system for both internal systems and for users. We can provide incident reports upon request

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used Hyper-V
How shared infrastructure is kept separate We are not the only tenants on a physical machine. This is on a hardware level that no one except Microsoft has access to. You can refer to this documentation about tenant separation

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £250 per user per year
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑