VRM Tech

VRM Certify

VRM Certify is a unique cloud-based refurbishment platform, enabling Large Housing Stock Owners: Local Authorities, government bodies and their supply chains to seamlessly manage all refurbishment, repair and maintenance activities. VRM Certify provides real-time quality assurance and compliance direct from the field via mobile apps, viewable through a management dashboard.


  • Customisable workflow, document control management and audit trail solution
  • Cloud and mobile enabled Software Solution
  • Digital Twins of real world assets
  • Personalised connected dashboard
  • Measurement and Verification tool
  • Evidence of Use generated audit trail
  • Grant and compliance management tool
  • Real-time quality assurance and compliance
  • Intuitive design for non-technical users
  • Centralisation of documentation incl. warranties, O+M manuals etc.


  • Improves collaboration and visibility across the construction process
  • Significantly reduces costs
  • Improved resident engagement and satisfaction
  • Mitigates compliance risks via a digital audit trail
  • Improves quality of work delivered
  • Deflects calls from call centres
  • Integration with existing systems
  • Multilingual customer portal
  • Mitigates risk within the supply chain
  • Enhanced management oversite


£10000 per licence per year

  • Free trial available

Service documents


G-Cloud 11

Service ID

2 3 7 1 5 4 5 0 6 7 8 2 8 6 8


VRM Tech

Neill Ryan

+44 2077215031


Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
VRM Refurbify
Cloud deployment model
Public cloud
Service constraints
No constraints identified
System requirements
  • Compatible browser
  • Access to saas.vrmtech.co.uk

User support

Email or online ticketing support
Email or online ticketing
Support response times
Different support options available ranging from 6 hours response to 24 hours. Weekend and out of office hours support is an optional extra.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
We use a train the trainer approach to support users, as well as providing access to online videos.

Onsite support is available during onboarding as well as throughout the contract term.

Onsite visits cost £800 per facilitator per day. Onsite visits can be provided on a half-day or full day basis.
Support available to third parties

Onboarding and offboarding

Getting started
1 onsite training day is provided as part of any contract under our standard agreement. Subsequent days are charged at £800 per facilitator per day, half days are available.

Training is based on a train the trainer approach, including user documentation and videos.
Service documentation
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
End-of-contract data extraction
An authorised person contacts VRM via phone or email to request a data extraction
End-of-contract process
Option to renew. License expires. Data retained for 12 months then backed up. Offboarding is charged at £2000 which includes data extraction.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices
Differences between the mobile and desktop service
Depends on modules enabled and access given to users.
Service interface
Customisation available
Description of customisation
Users can customise the service to adhere to their organisation’s processes and standards Support is provided to scope out these requirements and any further development may be charged.


Independence of resources
Elastic Cloud Environment with load balancing


Service usage metrics
Metrics types
Depending on license type, Service metrics such as number of jobs or number of assets are provided.
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
An authorised contact calls and emails request for data export.
Data export formats
  • CSV
  • Other
Other data export formats
  • SQL
  • .zip
  • XML
Data import formats
  • CSV
  • Other
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
Amazon IAM and VPC policies

Availability and resilience

Guaranteed availability
99.95% availability
Approach to resilience
Within our cloud infrastructure, we use a number of fail-safes to ensure scalability and availability. We use elastic load balancing, multi-zone(UK) auto-scaling groups.
Outage reporting
We alert our customers of outages via email alerts

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Username and Passwords with minimum 8 characters. Passwords are hashed with a salt.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
We have an ISO 27001 based security policy and conduct regular penetration tests and monitoring of all services. We also have extensive security auditing tools including anti-virus, rootkit detection, IDS, and service hardening.
Information security policies and processes
We have an ISO 27001 based security policy available on request.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Change request is presented, produced by a problem / change in the system/customer requirements. Classification and registration - the product team evaluates the change request if approved; the technical effort, possible side-effects, global impact over system functions and the delivery date will be estimated and approved. The change is assigned to an engineer. On completion it is tested using automatic tests and pair revision, the change is deployed to a staging server replicating the production server to check if the change doesn’t affect the functionality / data integration of the system. It is deployed into the production infrastructure once passed.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Notifications of patches from application and database vendors will be reviewed and the patches applied as appropriate. Where notifications are not automatically sent, the suppliers' website will be reviewed on a regular basis. Patches identified as a result of vulnerability scanning will be implemented as appropriate. Any weaknesses identified will be rectified as soon as possible.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
We use and monitor an extensive number of security auditing tools including anti-virus, rootkit detection, IDS, and service hardening.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
All events that could result in the actual or potential loss of data, breaches of confidentiality, unauthorised access or changes to systems should be reported immediately. The IT Service Desk must be contacted by email or telephone. They will log the incident on the Incident Report form and notify relevant employees to investigate the incident and take appropriate actions. The IT Service Desk will notify the Information Owner and escalate the incident to the appropriate responsible officer as defined in the risk impact matrix.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£10000 per licence per year
Discount for educational organisations
Free trial available
Description of free trial
A free trial is offered for 1 month which includes to VRM Tech's basic modules. It excludes any customisation.
Please contact info@vrmtech.co.uk for more information.

Service documents

Return to top ↑