MRI Software Limited

ProLease

MRI ProLease is a true SaaS solution designed to help organisations manage their real estate and equipment leases while staying compliant with the latest IFRS 16 regulations.
Assists with lease management, lease accounting, maintenance and space management requirements.

Features

  • Property Management, Lease Management, Lease Accounting, Document management,
  • IFRS 16 Lease Accounting Compliance for property & equipment leases
  • Audited to SOC 1 Type 2
  • Portfolio Mapping through Google maps integration
  • Facilities management (CAFM, CMMS)
  • Fully integrated leasing, property and facilities management functionality
  • Configurable Dashboard and Reporting
  • Asset level accounting
  • Space Management, Workplace Management (IWMS)
  • Service Charge Management

Benefits

  • User Friendly Intuitive straightforward screens, data entry, maintenance and reporting
  • Manage and never miss key dates
  • See results and returns quickly with our fast implementation methodology
  • Cost effective solution based on requirements and size
  • Streamline business processes
  • Greater transparency and auditability
  • Evidence based decision making drill down into data
  • Improve occupancy utilisation
  • Reduced costs identify overspend and erroneous or duplicate charges
  • Safety First mitigate risks with in-depth facilities management features

Pricing

£8,000 to £34,000 a licence a year

  • Education pricing available

Service documents

Framework

G-Cloud 12

Service ID

2 3 9 4 7 4 1 4 0 0 3 7 4 1 1

Contact

MRI Software Limited Steven Fox
Telephone: 020 3861 7171
Email: tenders@mrisoftware.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
Planned maintenance is typically scheduled outside of regular business hours.
System requirements
  • Microsoft Internet Explorer 8 or higher
  • Apple Safari (Mac or iPad)
  • Google Chrome (Mac or PC)
  • ProLease App on Google Play Store (Android)

User support

Email or online ticketing support
Email or online ticketing
Support response times
MRI’s Global Client Support group will make every reasonable effort to ensure that submitted cases are assigned the proper level of Severity. Submitted cases will be responded to in the order in which they are received, with consideration given for higher Severity levels. Response Time is the time it takes before a Global Client Support agent makes initial contact with the individual who submitted case. Bundled Service (Normal Priority 6 Hours, Serious Priority 3 hours, Critical Priority Live Call Only) Concierge Standard (Normal Priority 4 Hours, Serious Priority 2 hours, Critical Priority Live Call Only)
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
We include support within our annual fee. Support includes a named Account Manager and a Client Support Helpdesk. The Client Support Helpdesk also serves as the contact for all cloud support requests for trained users. Cases and incidents can be recorded and viewed in the myMRI portal on a 24/7 basis. The myMRI Portal provides clients with information on support cases, regardless of whether a call is logged via a phone call or via the portal. Various information, documentation, forums and resources are also available on the portal.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Our training program is designed to help you achieve the maximum return on investment. Our in-house team of professional trainers have extensive knowledge of our solutions. During the implementation phase we will train your core project team to have a strong understanding of the system. Your project team will learn how data is structured in ProLease, the available configuration options within the standard product and how the specific processes operate. This process involves reviewing your business processes as they are mapped to system functionality. It is your decision whether we deliver end user training or if you would prefer to adopt the ‘Train the Trainer’ approach. The implementation process will provide your core project team with a strong foundation to train co-workers. Our end user training services are delivered by our in-house team and tailored to suit your needs. We offer both classroom and webinar training. After commencement of live use of ProLease you will have access to our client portal for user guides, video clips, forums and helpdesk support.
Service documentation
No
End-of-contract data extraction
Clients have full access to data and can export using reporting tools. Alternatively, we can provide a SQL Server backup file and a copy of all uploaded documents.
End-of-contract process
Following termination of the contract (for whatever reason), buyer shall certify that it has returned or destroyed all copies of the applicable software and confidential information of supplier and acknowledges that its rights to use the same are relinquished. Buyer shall use its commercially reasonable efforts to remove all buyer data from any software or SaaS service prior to termination of the contract. Buyer may engage supplier to assist buyer in removing such buyer data at supplier''s then standard rates. If any buyer data remains in the software or SaaS service more than thirty (30) calendar days after the effective date of termination, supplier may, in its sole discretion and without notice, delete any and all buyer data.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Chrome
  • Safari 9+
Application to install
Yes
Compatible operating systems
Android
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
There is an android app available to access the full system via your mobile. A lightweight interface is available allowing access to key functionality on a tablet (e.g. iPad). Full system functionality is available via a supported browser on a desktop/laptop/tablet device.
Service interface
No
API
No
Customisation available
Yes
Description of customisation
Systems Administrators can configure various parts of the software using the system, site and employee level parameters. Access to data can be restricted according to an individual's access rights via role and branch security

Scaling

Independence of resources
Continuous monitoring and optimization, predictable usage.

Analytics

Service usage metrics
No

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
EU-US Privacy Shield agreement locations
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Data can be exported in multiple ways including Excel, csv and xml.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We use commercially reasonable efforts to ensure availability twenty -four (24) hours a day, seven (7) days a week, except for: (a) planned downtime (of which we provide adequate notice and will schedule to the extent practicable during the weekend hours), or (b) any unavailability caused by circumstances beyond our reasonable control, including without limitation, Force Majeure events or internet service provider failures or delays. We host our solution in a UK-based Tier 3 data centre that is designed to deliver high availability.
Approach to resilience
Available on request.
Outage reporting
Webpage and notification subscriptions for email and text.

Identity and authentication

User authentication needed
Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Each client is assigned one or more Administrator users who can add/modify/delete user logins, set access rights and create Security Groups. Standard access levels include: Administrator, Edit, Read/Report Only and Report Only. Custom Security Groups can be created with definable access rights. Within the ProLease application, each user has profile. The user profile includes a username, password, contact information and access rights. Administrators can set defaults from a series of strict Password controls such as eight-character minimum and at least one letter and one number. The password must be changed by the user after first receiving. ProLease employs password hashing
Access restriction testing frequency
At least once a year
Management access authentication
Dedicated link (for example VPN)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Data centre infrastructure and associated services are managed according to ISO 27001:2013 controls and processes. The application is audited to SOC 1 Type 2.
Information security policies and processes
Data centre infrastructure and associated services are managed according to ISO 27001:2013 controls and processes. Security and processes are used to manage the Application Platform, we follow ISO27001 principles, and the requirements of SOC 1 Type 2 auditing.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Secure Software Development Lifecycle
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Critical and Important updates are applied automatically upon release. Other updates are checked for relevance to software/operating system installation and are installed as part of the scheduled maintenance where relevant.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Analysis of logs, instant alerting systems to identify changes from normal use, response as appropriate within commercially reasonable standards.
Incident management type
Supplier-defined controls
Incident management approach
MRI has a robust Incident Management program.
The incident response plan outlines team member roles, such as Incident Commander, Subject Matter Experts, Scribes for documentation and creating timelines, Liaisons with stakeholders, and roles for potential external consultants.

Incidents are managed by the support desk from investigation to resolution. Clients receive an e-mail alert for notification and a follow up report for resolutions.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£8,000 to £34,000 a licence a year
Discount for educational organisations
Yes
Free trial available
No

Service documents