Bentley Systems (UK) Limited


ComplyPro is a SaaS-based solution that ensures progressive programme assurance, encapsulating processes such as Requirements Management, Assumptions Management and Hazards. The solution is delivered on major projects as an intrinsic part of the design and delivery phases, significantly improving engineering and cost efficiency.


  • Configurable workflow
  • Zero infrastructure Saas model
  • Highly scalable and can be used anywhere via Internet
  • Ease of use, typically 2-3 hours end-user training required
  • Role-based multi-user secure access
  • Dashboards providing real-time view of progressive assurance
  • Many users can update the system simultaneously
  • Interface with 3rd party systems
  • Simple, intuitive interface for non-expert users
  • Project collaboration


  • Help deliver progressive programme assurance
  • Effectively manage project complexity
  • Reduce corporate risk
  • Enable management by exception
  • Single source of truth
  • Traceability through linking of multiple records
  • Promote collaborative working across projects
  • Reduce project contingency
  • Reduce project delay and overspend, typically 2-4% project savings
  • Provide evidence of progress against project objectives


£133 per user per month

Service documents


G-Cloud 11

Service ID

1 9 5 6 4 6 8 9 7 9 8 2 0 7 5


Bentley Systems (UK) Limited

Simon Horsley


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to - Connected Data Environment (CDE)
- ProjectWise
- ComplyPro - Lot 3
- Bentley Success Plans - Lot 3
Cloud deployment model Private cloud
Service constraints Patching and maintenance windows are scheduled every month to ensure the security and reliability of the service. A notice will be provided and some service disruption may occur during these out-of-hours windows.
System requirements
  • Windows 10 (64-bit)
  • Windows 8.1 (32 and 64-bit)
  • Windows 8 (32 and 64-bit)
  • Windows 7 (32 and 64-bit)
  • Citrix receiver latest version

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response times are covered by an SLA and are based on priority.
P1 - Availability Support 24x7 - Response 1 hour - Resolution Worked continuously until resolved - Update Interval - 1 hour
P2 - Availability Support 24x5 - Response 2 Business Hours - Resolution 1 Business Day – Update Interval 4 hours
P3 - Availability Support 24x5 - Response 4 Business Hours - Resolution 10 Business Days - Update Interval 1 Business Day
P4 - Availability Support 24x5 - Response 8 Business Hours - Resolution Mutually Agreed - Update Interval Mutually Agreed
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Included with the subscription is a standard SLA providing 24x7 uptime, support, RPO and RTO and product upgrades. Bentley offers a Success Plan which is a tailored offering to achieve your ever-evolving desired business outcomes by advancing your digital workflows using Bentley applications. With this plan you also get a designated Success Manager to act as your single point of contact for the execution of the service and to assist you to overview the Prioritised Incident Support and Response to any issues that may arise.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started After the cloud service is enabled Bentley will engage with the users (stakeholders, representatives from various departments) to define configuration details. Once the system is finally configured, Bentley will perform on-site or remote training sessions for each group/role. There are options to share videos, training material, prepare custom training material.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Upon termination of your ComplyPro Subscription, Bentley will deactivate any remaining user accounts and provide an export of the Subscriber’s data in a standard, generally accepted electronic form within ten (10) business days, and places no restrictions on its use by the Subscriber. Unless otherwise requested, Bentley will delete all copies of the Subscriber’s data from its servers within two (2) weeks of being notified that the Subscriber has successfully read the files, or within four (4) weeks of the data being provided if no confirmation or associated Service Request is received.
End-of-contract process Upon termination of your ComplyPro Subscription, Bentley will deactivate any remaining user accounts and provide an export of Subscriber’s data as stated above. Unless otherwise requested, Bentley will delete all copies of Subscriber’s data from its servers within two (2) weeks of being notified that the Subscriber has successfully read the files, or within four (4) weeks of the data being provided if no confirmation or associated Service Request is received. If required, Bentley can provide Professional Services to assist in the migration of the data to a new service provider for an additional fee which will be determined based on the scope of requirements.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices No
Service interface No
Customisation available Yes
Description of customisation ComplyPro System Administrator users have access to standard customisation tools within the database for defining workflows, attributes and their definitions, screen layouts, and dashboards.


Independence of resources Systems are logically separated in a virtual cloud environment. All systems are monitored in real time for performance and availability.


Service usage metrics Yes
Metrics types Monthly usage report, emailed to nominated users.
Reporting types
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Data export is simple, with standard features configurable to support arbitrarily formatted documents.
Data export formats
  • CSV
  • Other
Other data export formats
  • MS Excel (xls and xlsx)
  • PDF
  • Image file (stack bar dashboard)
Data import formats
  • CSV
  • Other
Other data import formats
  • MS Excel (xls and xlsx)
  • MS Word
  • XML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 99.9%, assured by contractual commitment. Service credits when service availability drops below SLA level in a month.
Approach to resilience All services deployed in a fully redundant configuration within fully redundant data centres meaning that any failure of equipment, service provider or software service will result in zero, or minimal, impact to the overall service.
Outage reporting Planned and unplanned outage notification emails are sent to registered users for affected systems.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Username and strong password
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications ISO 9001:2008

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach The services are provided from ISO27001 certified data centres. While this service is not yet under the Bentley ISO 27001 certification scope, many of the same governance processes and procedures are in place.
Information security policies and processes Information Security policies are designed utilising the ISO 27001:2013 framework.  Policies are reviewed and audited by a 3rd party on an annual basis.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Configuration and Change Management follow the ITIL framework and policies and procedures are documented with various security standards. All SaaS offerings go through a cloud approval process and are scanned for vulnerabilities prior to production.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Vulnerability management is conducted through various technologies internal and external to the Bentley network. Threats are identified using industry standard listings and patches/updates are applied at least monthly or as needed based on criticality.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Active IDS and numerous other third-party security tools operational on the network perimeter and selected systems under the scope for ISO 27001 and SOC2 certifications. Compromises are analysed and put through the incident management process for investigation. Response time depends on the severity of the compromise.
Incident management type Supplier-defined controls
Incident management approach The Incident Management process covers all aspects of a potential incident from start to finish with defined procedures and colleague involvement. Common events are handled depending on severity, users have multiple methods of reporting and reports are provided as part of the incident management procedure.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £133 per user per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Bentley can provide a chargeable Pilot/proof of concept solution using user data which is run against agreed success criteria for typically 60-90 days.
Link to free trial Access to the pilot/proof of concept environment will be setup to meet the requirements of each user.

Service documents

Return to top ↑