Bentley Systems (UK) Limited


ComplyPro is a SaaS-based solution that ensures progressive programme assurance, encapsulating processes such as Requirements Management, Assumptions Management and Hazards. The solution is delivered on major projects as an intrinsic part of the design and delivery phases, significantly improving engineering and cost efficiency.


  • Configurable workflow
  • Zero infrastructure Saas model
  • Highly scalable and can be used anywhere via Internet
  • Ease of use, typically 2-3 hours end-user training required
  • Role-based multi-user secure access
  • Dashboards providing real-time view of progressive assurance
  • Many users can update the system simultaneously
  • Interface with 3rd party systems
  • Simple, intuitive interface for non-expert users
  • Project collaboration


  • Help deliver progressive programme assurance
  • Effectively manage project complexity
  • Reduce corporate risk
  • Enable management by exception
  • Single source of truth
  • Traceability through linking of multiple records
  • Promote collaborative working across projects
  • Reduce project contingency
  • Reduce project delay and overspend, typically 2-4% project savings
  • Provide evidence of progress against project objectives


£133 per user per month

Service documents


G-Cloud 11

Service ID

1 9 5 6 4 6 8 9 7 9 8 2 0 7 5


Bentley Systems (UK) Limited

Simon Horsley


Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
- Connected Data Environment (CDE)
- ProjectWise
- ComplyPro - Lot 3
- Bentley Success Plans - Lot 3
Cloud deployment model
Private cloud
Service constraints
Patching and maintenance windows are scheduled every month to ensure the security and reliability of the service. A notice will be provided and some service disruption may occur during these out-of-hours windows.
System requirements
  • Windows 10 (64-bit)
  • Windows 8.1 (32 and 64-bit)
  • Windows 8 (32 and 64-bit)
  • Windows 7 (32 and 64-bit)
  • Citrix receiver latest version

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response times are covered by an SLA and are based on priority.
P1 - Availability Support 24x7 - Response 1 hour - Resolution Worked continuously until resolved - Update Interval - 1 hour
P2 - Availability Support 24x5 - Response 2 Business Hours - Resolution 1 Business Day – Update Interval 4 hours
P3 - Availability Support 24x5 - Response 4 Business Hours - Resolution 10 Business Days - Update Interval 1 Business Day
P4 - Availability Support 24x5 - Response 8 Business Hours - Resolution Mutually Agreed - Update Interval Mutually Agreed
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
Included with the subscription is a standard SLA providing 24x7 uptime, support, RPO and RTO and product upgrades. Bentley offers a Success Plan which is a tailored offering to achieve your ever-evolving desired business outcomes by advancing your digital workflows using Bentley applications. With this plan you also get a designated Success Manager to act as your single point of contact for the execution of the service and to assist you to overview the Prioritised Incident Support and Response to any issues that may arise.
Support available to third parties

Onboarding and offboarding

Getting started
After the cloud service is enabled Bentley will engage with the users (stakeholders, representatives from various departments) to define configuration details. Once the system is finally configured, Bentley will perform on-site or remote training sessions for each group/role. There are options to share videos, training material, prepare custom training material.
Service documentation
Documentation formats
End-of-contract data extraction
Upon termination of your ComplyPro Subscription, Bentley will deactivate any remaining user accounts and provide an export of the Subscriber’s data in a standard, generally accepted electronic form within ten (10) business days, and places no restrictions on its use by the Subscriber. Unless otherwise requested, Bentley will delete all copies of the Subscriber’s data from its servers within two (2) weeks of being notified that the Subscriber has successfully read the files, or within four (4) weeks of the data being provided if no confirmation or associated Service Request is received.
End-of-contract process
Upon termination of your ComplyPro Subscription, Bentley will deactivate any remaining user accounts and provide an export of Subscriber’s data as stated above. Unless otherwise requested, Bentley will delete all copies of Subscriber’s data from its servers within two (2) weeks of being notified that the Subscriber has successfully read the files, or within four (4) weeks of the data being provided if no confirmation or associated Service Request is received. If required, Bentley can provide Professional Services to assist in the migration of the data to a new service provider for an additional fee which will be determined based on the scope of requirements.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices
Service interface
Customisation available
Description of customisation
ComplyPro System Administrator users have access to standard customisation tools within the database for defining workflows, attributes and their definitions, screen layouts, and dashboards.


Independence of resources
Systems are logically separated in a virtual cloud environment. All systems are monitored in real time for performance and availability.


Service usage metrics
Metrics types
Monthly usage report, emailed to nominated users.
Reporting types
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data export is simple, with standard features configurable to support arbitrarily formatted documents.
Data export formats
  • CSV
  • Other
Other data export formats
  • MS Excel (xls and xlsx)
  • PDF
  • Image file (stack bar dashboard)
Data import formats
  • CSV
  • Other
Other data import formats
  • MS Excel (xls and xlsx)
  • MS Word
  • XML

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
99.9%, assured by contractual commitment. Service credits when service availability drops below SLA level in a month.
Approach to resilience
All services deployed in a fully redundant configuration within fully redundant data centres meaning that any failure of equipment, service provider or software service will result in zero, or minimal, impact to the overall service.
Outage reporting
Planned and unplanned outage notification emails are sent to registered users for affected systems.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Username and strong password
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
ISO 9001:2008

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
The services are provided from ISO27001 certified data centres. While this service is not yet under the Bentley ISO 27001 certification scope, many of the same governance processes and procedures are in place.
Information security policies and processes
Information Security policies are designed utilising the ISO 27001:2013 framework.  Policies are reviewed and audited by a 3rd party on an annual basis.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Configuration and Change Management follow the ITIL framework and policies and procedures are documented with various security standards. All SaaS offerings go through a cloud approval process and are scanned for vulnerabilities prior to production.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Vulnerability management is conducted through various technologies internal and external to the Bentley network. Threats are identified using industry standard listings and patches/updates are applied at least monthly or as needed based on criticality.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Active IDS and numerous other third-party security tools operational on the network perimeter and selected systems under the scope for ISO 27001 and SOC2 certifications. Compromises are analysed and put through the incident management process for investigation. Response time depends on the severity of the compromise.
Incident management type
Supplier-defined controls
Incident management approach
The Incident Management process covers all aspects of a potential incident from start to finish with defined procedures and colleague involvement. Common events are handled depending on severity, users have multiple methods of reporting and reports are provided as part of the incident management procedure.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£133 per user per month
Discount for educational organisations
Free trial available
Description of free trial
Bentley can provide a chargeable Pilot/proof of concept solution using user data which is run against agreed success criteria for typically 60-90 days.
Link to free trial
Access to the pilot/proof of concept environment will be setup to meet the requirements of each user.

Service documents

Return to top ↑