OnGen Ltd


OnEfficiency is an asset management platform used to plan energy performance improvements in commercial and public sector property portfolios.

OnEfficiency is the one software platform which allows you to manage energy performance and MEES compliance across large and diverse property portfolios.


  • Managing energy data across large and diverse portfolios
  • Planning energy improvement strategies
  • Engaging stakeholders in building improvement opportunities
  • Full listing of energy efficiency improvement measures
  • Impact on EPC rating


  • efficient assessment of muiltiple energy effciency options
  • return on investment calculations
  • Dashboard to prioritise asset improvements and retrofit strategies


£200 per unit

Service documents

G-Cloud 11


OnGen Ltd

Christopher Trigg


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to OnGen Expert
Cloud deployment model Public cloud
Service constraints None known
System requirements Any web browser, ideally chrome (IE v.9 or later)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Within 24 hours
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Email support provided
dedicated account manager
telephone support
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started A dedicated instance is created for the user or it can be accessed through the Managed Service.

Onsite and off site training can be supplied (via a webinar).
Service documentation No
End-of-contract data extraction Users can request that data added to the platform is exported as a .csv file
End-of-contract process The cost of the licence includes the created of a dedicated URL, database and training.
The Managed Service is an additional cost.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices No
Service interface No
Customisation available No


Independence of resources Huge contingency built into Amazon Web Services cloud.
We can vertically scale the service to meet demand and we
can also provide dedicated instances to specific customers.


Service usage metrics No


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Arbnco

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Via .csv or via the inbuilt reporting features
Data export formats CSV
Data import formats
  • CSV
  • Other
Other data import formats .iml

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Servers is hosted with Amazon Web Services and SLAs
are consistent with their uptime. Releases are scheduled
and notified 24 hours in advance
Approach to resilience In line with AWS. Data is backed up every 5 minutes and
stored for 2 weeks.
Outage reporting Email alerts Twitter alerts Website

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels We do not expose management interfaces or support channels to the public internet. Elevated permissions are granted only where there is a job
requirement to do so.
Access restriction testing frequency Less than once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information No audit information available
Access to supplier activity audit information No audit information available
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Data is encrypted in transit using SSl and HTTPs, passwords encrypted at rest. Access to the data is limited to master credentials for AWS.
Information security policies and processes 2 developers have access to data in UAT and report to the Senior Developer. The Senior developer reports directly to the CTO and CEO.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Change is captured in a ticketing system. Change is grouped into sprints with planned releases. We perform full regression testing before live releases. The security impact of any change is assessed at design and implementation time.
Vulnerability management type Undisclosed
Vulnerability management approach Operating system patches and service packs are deployed as they become available. The frameworks used to develop the software are updated and the relevant patterns used to protect against common vulnerabilities. We source threat information for OWASP
Protective monitoring type Undisclosed
Protective monitoring approach We monitor and log traffic in AWS. We can rapidly change firewalls and access controls on the component parts of the software to mitigate compromise. We respond to incidents as our highest priority.
Incident management type Undisclosed
Incident management approach Users can report incidents through the web site, API, twitter and email. We aim to restore normal service as fast as possible and communicate with our users through all unaffected channels.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £200 per unit
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑