VRM Tech

VRM Certify

VRM Certify is a unique cloud-based refurbishment platform, enabling Large Housing Stock Owners: Local Authorities, government bodies and their supply chains to seamlessly manage all refurbishment, repair and maintenance activities. VRM Certify provides real-time quality assurance and compliance direct from the field via mobile apps, viewable through a management dashboard.

Features

  • Customisable workflow, document control management and audit trail solution
  • Cloud and mobile enabled Software Solution
  • Digital Twins of real world assets
  • Personalised connected dashboard
  • Measurement and Verification tool
  • Evidence of Use generated audit trail
  • Grant and compliance management tool
  • Real-time quality assurance and compliance
  • Intuitive design for non-technical users
  • Centralisation of documentation incl. warranties, O+M manuals etc.

Benefits

  • Improves collaboration and visibility across the construction process
  • Significantly reduces costs
  • Improved resident engagement and satisfaction
  • Mitigates compliance risks via a digital audit trail
  • Improves quality of work delivered
  • Deflects calls from call centres
  • Integration with existing systems
  • Multilingual customer portal
  • Mitigates risk within the supply chain
  • Enhanced management oversite

Pricing

£10000 per licence per year

  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

2 3 7 1 5 4 5 0 6 7 8 2 8 6 8

Contact

VRM Tech

Neill Ryan

+44 2077215031

neill@vrmtech.co.uk

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
VRM Refurbify
VRM IoT
Cloud deployment model
Public cloud
Service constraints
No constraints identified
System requirements
  • Compatible browser
  • Access to saas.vrmtech.co.uk

User support

Email or online ticketing support
Email or online ticketing
Support response times
Different support options available ranging from 6 hours response to 24 hours. Weekend and out of office hours support is an optional extra.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
We use a train the trainer approach to support users, as well as providing access to online videos.

Onsite support is available during onboarding as well as throughout the contract term.

Onsite visits cost £800 per facilitator per day. Onsite visits can be provided on a half-day or full day basis.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
1 onsite training day is provided as part of any contract under our standard agreement. Subsequent days are charged at £800 per facilitator per day, half days are available.

Training is based on a train the trainer approach, including user documentation and videos.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
Mp4
End-of-contract data extraction
An authorised person contacts VRM via phone or email to request a data extraction
End-of-contract process
Option to renew. License expires. Data retained for 12 months then backed up. Offboarding is charged at £2000 which includes data extraction.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Depends on modules enabled and access given to users.
Service interface
No
API
No
Customisation available
Yes
Description of customisation
Users can customise the service to adhere to their organisation’s processes and standards Support is provided to scope out these requirements and any further development may be charged.

Scaling

Independence of resources
Elastic Cloud Environment with load balancing

Analytics

Service usage metrics
Yes
Metrics types
Depending on license type, Service metrics such as number of jobs or number of assets are provided.
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
An authorised contact calls and emails request for data export.
Data export formats
  • CSV
  • Other
Other data export formats
  • SQL
  • .zip
  • XML
Data import formats
  • CSV
  • Other
Other data import formats
XML

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
Amazon IAM and VPC policies

Availability and resilience

Guaranteed availability
99.95% availability
Approach to resilience
Within our cloud infrastructure, we use a number of fail-safes to ensure scalability and availability. We use elastic load balancing, multi-zone(UK) auto-scaling groups.
Outage reporting
We alert our customers of outages via email alerts

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Username and Passwords with minimum 8 characters. Passwords are hashed with a salt.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
We have an ISO 27001 based security policy and conduct regular penetration tests and monitoring of all services. We also have extensive security auditing tools including anti-virus, rootkit detection, IDS, and service hardening.
Information security policies and processes
We have an ISO 27001 based security policy available on request.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Change request is presented, produced by a problem / change in the system/customer requirements. Classification and registration - the product team evaluates the change request if approved; the technical effort, possible side-effects, global impact over system functions and the delivery date will be estimated and approved. The change is assigned to an engineer. On completion it is tested using automatic tests and pair revision, the change is deployed to a staging server replicating the production server to check if the change doesn’t affect the functionality / data integration of the system. It is deployed into the production infrastructure once passed.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Notifications of patches from application and database vendors will be reviewed and the patches applied as appropriate. Where notifications are not automatically sent, the suppliers' website will be reviewed on a regular basis. Patches identified as a result of vulnerability scanning will be implemented as appropriate. Any weaknesses identified will be rectified as soon as possible.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
We use and monitor an extensive number of security auditing tools including anti-virus, rootkit detection, IDS, and service hardening.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
All events that could result in the actual or potential loss of data, breaches of confidentiality, unauthorised access or changes to systems should be reported immediately. The IT Service Desk must be contacted by email or telephone. They will log the incident on the Incident Report form and notify relevant employees to investigate the incident and take appropriate actions. The IT Service Desk will notify the Information Owner and escalate the incident to the appropriate responsible officer as defined in the risk impact matrix.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£10000 per licence per year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
A free trial is offered for 1 month which includes to VRM Tech's basic modules. It excludes any customisation.
Please contact info@vrmtech.co.uk for more information.

Service documents

Return to top ↑