kykloud ltd


VFA Facility allows stakeholders and executives to effectively manage and maintain facilities data and to leverage it in making optimal decisions about facility spending and capital planning. VFA Auditor is a mobile solution which leverages Accruent’s extensive assessment experience to empower customers to perform their own facility condition assessments.


  • Hierarchical real estate portfolio database
  • Facility condition tracking and indexing
  • Capital project tracking
  • Cost estimation of replacement value and capital projects
  • Goal-oriented capital and budget forecasting
  • Facility and equipment lifecycle planning
  • Rule-based capital project prioritisation
  • Library of standard reports & dashboards, available ad-hoc reporting
  • Mobile utility for inventory and condition assessments
  • Data validation and workflow control


  • Centralise Information about facility assets, including condition, costs, type, etc.
  • Project the cost of construction, repairs, and renewals
  • Forecast your budget based on strategic organisational needs
  • Apply goals to identify capital projects with the highest priority
  • Identify when it is time to replace equipment before failure
  • Create defensible evidence for required budget and resources
  • Share the right data with the right stakeholders when needed
  • Create reports and dashboards unique to your needs
  • Create surveys that feed data directly into the database
  • Surveys to capture photos and other evidence of needed repairs


£3,700 a instance a year

Service documents


G-Cloud 12

Service ID

2 2 1 0 8 2 0 5 9 4 1 4 5 3 6


kykloud ltd

Andrew Schafer


Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
Accruent performs maintenance releases for VFA solutions on a monthly cycle or as needed. The construction cost estimation database is updated annually at the end of Q1. All releases are preceded by email notification two weeks prior to release. Releases typically require a 24-hour downtime period.
System requirements
  • (VFA Facility) use of a secure, supported Internet browser
  • (VFA Auditor) Apple, Google, Android, or Windows mobile device

User support

Email or online ticketing support
Email or online ticketing
Support response times
1: Critical issue resulting in a complete system outage/major application failure, preventing a critical business process that has immediate impact. There is no workaround available = 1 business hour

2: Serious issue preventing execution of a critical business process, causing disruption of a major business function = 4 business hours

3: Issue that does not prevent the execution of a critical business process and does not impact data integrity = 2 business days

4: An inquiry and/or low system/business process impact issue = 3 business days.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Support levels
Accruent’s standard Support services are available in three forms: 1) Online Customer Portal: easy to use online access, available 24/7/365 for submitting and/or reviewing cases, provides capabilities to track and update case history; 2) Email: support is available via email addresses specific to VFA; 3) Telephone: support is available via phone 24/7/365 with support personnel manning the phones from 8am to 8pm CST and after hours on-call support for high severity issues.

Other options are available for an additional cost. Accruent Support offers Technical Account Managers for an added cost. Technical Account Managers are responsible for understanding the client's business process in the context of our applications and providing the customer with subject matter expertise in both the application and their use of it.
Support available to third parties

Onboarding and offboarding

Getting started
Our Professional Services team offers a broad range of both standard and bespoke services for getting our clients up and running on the VFA Facility and VFA Auditor solutions. These include software implementation and training as well as a diverse set of additional managed services such as consulting, data maintenance, process mapping, and custom training. Online and in-person training is available for all of our solutions, and the solutions feature embedded in-appication help. We also offer tutorials for specific actions.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Customers can utilise VFA Facility's export utility to export their data in a flat file format.
End-of-contract process
All customer accounts for the site will be suspended. The site and the data will remain intact for an agreed upon period of time. As described in the previous question, all data will be returned in a client-consumable format.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Chrome
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
VFA Auditor is VFA.facility's mobile data collection tool. VFA Facility View is VFA.facility's executive read-only dashboard view of the portfolio. Both these applications are designed specifically to operate on iOS and Android platforms.
Service interface
Description of service interface
Users can use our web applications to interact with product. Interface is either directly via VFA.facility's graphical user interface or via the mobile application VFA Auditor. Additionally, data updates are achieved via flat file transfers using excel templates.
Accessibility standards
None or don’t know
Description of accessibility
At a minimum, we ensure that foreground and background combinations provide sufficient contrast when viewed by someone having colour deficits.
Accessibility testing
Customisation available
Description of customisation
VFA.facility has the capability to organise asset data into numerous levels and create customised fields and drop-down lists on the fly, and allow sorting, grouping and filtering of asset information based on specific criteria (e.g. by location, site, building type, size, ownership, etc.). VFA.facility has the capability to create custom reports and dashboards on the fly using a simple drag-and-drop interface.


Independence of resources
Network, application, and database tiers are all fully redundant, and our environments are designed to be scalable over time. Load balancers direct customer traffic to nodes that have enough available resources to handle incoming requests.


Service usage metrics
Metrics types
Service uptime is reported through our automated monitoring tools. Service uptime is calculated based on a myriad of dynamic monitors, including both event-oriented and synthetic transaction data sources.
Reporting types
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Data can be exported as XLS or CSV from the Export Utility.
Data export formats
  • CSV
  • Other
Other data export formats
  • XLS
  • Text
  • PDF
  • Excel
Data import formats
  • CSV
  • Other
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
SLAs are provided in the product Terms and Conditions Document, which we have uploaded with our submission.
Approach to resilience
Uptime statics for the service are public and show a pattern of high uptime and resilience. The service includes redundancy at all levels of the architecture to ensure high uptime and availability for both operational issues and natural disasters. Further details are available upon request.
Outage reporting
Accruent maintains an internal dashboard with service availability reports that provide great detail and insight into potential causes for outages. A simplified, external dashboard is available to clients.

Identity and authentication

User authentication needed
User authentication
Other user authentication
Access restrictions in management interfaces and support channels
Access to functionality, modules, and data regions can be defined at an individual account level.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Lloyd's Register Quality Assurance
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
The platform itself, and associated development practices, are not covered under the ISO 27001 certification.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Annual risk assessments are performed against the platform, based on the NIST 800-30 guidelines. The platform is continuously tested for security vulnerabilities, and any risks identified are triaged with the VFA product team.
Information security policies and processes
Accruent has developed internal information security policies and processes aligned with industry standards. All Accruent employees are required to read and acknowledge our security policies, as well as complete Information Security and Privacy training in the Accruent Learning Management System (LMS) on an annual basis.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Requests are prioritised and documented by product development teams. When the development is completed, it is passed on to testing via a workflow tool. Only approved/tested changes are committed to release candidates. Further release testing occurs and, at the time of release, only approved/tested code is released. Continual web app security assessments are performed on the service to ensure new vulnerabilities are not introduced.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Vulnerabilities are evaluated based on CVSS ratings. Accruent maintains remediation targets for identified vulnerabilities based on criticality and standards for evaluating security fixes alongside feature requests and other development activities. Patch management is included in our release cycle (current patches are tested in DEV environments alongside new code, and released to production all at once).
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Security related events (AV, IDS, dynamic monitors) are collected and reported upon using centralised interfaces. Alerts generated from these tools are treated as security incidents and trigger Accruent's Incident Response Plan.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Accruent maintains formalised Incident Management procedures. All employees that work in a role scoped for platform maintenance, monitoring, or support are trained on this process at least annually.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£3,700 a instance a year
Discount for educational organisations
Free trial available

Service documents

Return to top ↑