Arcus Global Limited

Arcus Pest Control

Arcus Pest Control is a cloud based, mobile-by-default, all-in-one solution for local authority pest control officers. Arcus Pest Control helps teams do their jobs efficiently and effectively with flexible workflows for the handling of complaints, reports, contracts, enforcement, treatment, and creation of related follow-on processes.


  • Browser User Interface: No installation needed, no server hardware needed.
  • Documented, published Open API included as standard
  • Drag and Drop Reporting
  • User Interface is highly customisable
  • ‘Google style-search’ - single box to search all data
  • Integrated with wider Arcus Place system
  • All Comms Channels available: create documents, emails, SMS from templates
  • Data driven workflow of core processes
  • Automated notifications, escalations and service breaches, both internally and externally
  • Designed in partnership with UK LA Pest Control teams


  • Enables collaboration with other services and agencies within the system.
  • Enables officers access to live data to make enforcement decisions
  • Reduces cost of ownership for IT.
  • Enables everyone to make informed decisions
  • Less training required. Excellent user experience.
  • All relevant information shared within the system to inform decisions.
  • Reduces effort of routine comms tasks.
  • Provides customers with a consistent experience across all comms channels.
  • Lower cost of processing. Enables the best use of resources.
  • Improved customer service. Improved public protection. Reduces corporate risk.


£55 a user a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

3 0 3 9 5 7 2 3 8 8 0 7 6 2 8


Arcus Global Limited Karen Humphreys
Telephone: +44 (0)1223 911841

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
This service is part of the Arcus platform, including but not limited to CRM, Gazetteer, Housing, Regulatory Services and Built Environment, FOI and Waste Management. Further expansion of customer-facing functionality such as self-service, customer accounts and public registers are available through the Arcus Digital Services Hub.
Cloud deployment model
Public cloud
Service constraints implements a release schedule of 3 major versions per-year, this is done outside of business hours and with minimal five-minute disruption to instances.
Significant new features are implemented on a continuous cycle of improvement along with scheduled maintenance of service and underlying systems. Maintenance events usually scheduled to occur outside normal hours-of-business (assumed 08:30-17:30). Details of Arcus release schedules available as part of on-boarding process.
Significant customisation possible subject to separate quotation. Customer-specific branding of software is included with a 12-month contract. Additional customisation features can be configured by the customer – Arcus Global will then provide guidance.
System requirements
  • Arcus software just requires an computer with a internet connection
  • Arcus software is supported by a range of internet browsers
  • For all browsers, enable JavaScript, cookies, and TLS 1.2

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response times depend on how critical the issue / question is: Critical <4 hrs, High <8 hrs, Medium <16 hrs, Low <40 hrs. These are intended for the purpose of guarantees related to Service Credits. The actual response time will generally be much faster.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Following on from the customers 1st line trained support team, Arcus Global aim to seamlessly work with our customers to seamlessly assist in those areas which require more expertise. Second and third line support is included in the price of the proposal. Triaging, Telephone Support, Email/Ticket Support (24 / 7 web based support call logging), Remote Access Support and On-site Support. Standard support includes: Perpetual bug-fixes, Software updates to support all legislative changes, Assistance with customisation and reporting. Enhanced Second line support option also available at extra cost including: Management of role hierarchy, User management, Assisting with reporting and dashboard configuration, Management of email and letter templates and supporting static resources (logo’s).
Support available to third parties

Onboarding and offboarding

Getting started
Your team will be introduced to the product through Workshops, Training sessions and User Tests. Shortly after project kick off, and following provision of the Master Configuration information, Arcus will make the implementation environment available to the Council’s delivery team and provide training on how to configure the system themselves. In this way they will become very familiar with the product.
We knowledge transfer the customisation of our model configurations to these super-users; including training on maintaining processes, reports, templates and other advanced areas for them to be able to set up ‘cascade’ training sessions tailored for your users.
Our approach is ‘train the trainer’, where the user representatives consulted for system configuration receive training on using the functionality to become the core trainers.
In addition, Salesforce as a base platform is well established and has online training materials for users in regard to standard features and functions and how to navigate around screens. These are freely available to all customers and accessed through a standard web browser as video tutorials:
To help users get started we have created a recommended set of modules as a ‘Trailmix’.
Service documentation
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
Within our support portal
End-of-contract data extraction
Documentation for our products is provided via our support portal, for which we aim for WCAG2.1 AA accessibility. This documentation can also be provided in other formats upon request. Further high-quality resources are available from third parties, the format of which Arcus is not responsible for.
End-of-contract process
Upon receiving notification of termination of contract your account will be closed based on either the requested termination date or upon expiration of your G-Cloud contract. If there is no subsequent extension or new contract formed then the customer will be entitled to extract all of their data from the cloud environment using a standard set of tools provided within the salesforce platform that underpins the Arcus product range.

Your Arcus data will be available for 30 days from the date of termination and can be exported from the Arcus system in standard CSV files by the customer using standard data management tools including the SalesForce Dataloader application. The data can be securely downloaded and, if necessary, Arcus can perform intermediary services to extract the data in a specific CSV format at an additional cost (which will vary according to the volume and complexity of the data itself).

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The Salesforce Mobile app allows users to access the platform from any mobile device enabling agile working practises to be achieved. The app is downloadable for free from various app stores. Limited offline capabilities are present allowing for data to be cached.
Service interface
Description of service interface
Arcus’s Software is built on the Salesforce Platform who is committed to accessible solutions to all individuals. This includes working with assistive technology like speech recognition software and screen readers. Salesforce follows the recognized best practices of the Web Content Accessibility Guidelines (WCAG) 2.0 Level AA.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
Third-party vendors have completed an accessibility assessment of salesforce core products and have documented their accessibility status using these VPATs. Further details can be found on
What users can and can't do using the API
The platform is provided with several fully versioned open APIs in REST and SOAP formats, all protected by role-based security. The Metadata and Tooling APIs can be used to alter elements of the configuration, for example, modify database tables, or the layout of UI elements. The Data API and Bulk Data APIs allow Create, Read, Update, and Delete operations to be performed against any table. The Compound Data API allows easier manipulation of several related tables/records in one API operation. The Streaming API provides an event-driven model for tracking certain data changes. Certain business routines are also exposed via dedicated APIs.

There are many existing integrations and open source tools available that make utilising the APIs easier.

Almost any basic operation that can be performed by the UI can be performed by API.
API documentation
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
System administrators can modify almost any part of the system. This includes (but is not limited to):
- Extensions to the database schema to add new fields to existing tables, and to add whole new tables if required.
- Changes to screen layouts to support new fields and / or new screens to the UI to support new tables and fields, or to remove unwanted / unused fields and tables.
- Addition of data validation rules to ensure data quality.
- Addition of pre- and post-commit logic workflow steps to trigger other updates and actions when changes are made to data
- User permissions and User management
- Modification and extension of all document and email templates
All changes are made using an intuitive UI that requires “clicks not code” to make changes.

All users can further customise their view of the system, for example re-ordering UI elements and selecting defaults. All users can create ad-hoc reports and dashboards, unless this has been disabled by a system administrator.


Independence of resources
The Arcus solution is built on the Salesforce platform which works to a target time for platform availability of 99.999%, measured 24/7/365. The number of users on this service does not effect it's availability or quality. Some less critical elements of our solution are built on Amazon Web Services which operate to a 99.9% or 99.95% guaranteed availability which is again independent of number of users.


Service usage metrics
Metrics types
Arcus Software is built on the Salesforce platform and can take advantage of its standard reporting and dashboard functionality. This allows users to build their own individual reports that allow reports of different types to be built. Ranging from real-time snapshots through to yearly summaries.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
Other data at rest protection approach
Salesforce is compliant with a number of standards which require protection of data at rest (ISO 27001/27018, SSAE 16/ISAE 3402, SOC-1, SOC 2, SOC 3, PCI-DSS, TRUSTe Certified Privacy Seal, CSA STAR)
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data can be extracted by the user or Arcus. If Arcus is commissioned to extract/deliver data, the project must clearly specify how/where data should be extracted, format required, where it should be delivered. Arcus offers clients fixed cost solution using published SFIA rates.

Data can be extracted by the user at any time before the contract ends. There are several UI tools provided, depending on the specific needs. These tools provide data in CSV format, files are provided in their original formats. Open APIs also allow a variety of open-source tools to be used to extract data into other formats.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
Standard HTTPS TLS/SSL encryption is used for data in transit protection.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
Agreements in place for data security / handling that ensure compliance with the Data Protection Act. All staff will have Government SC status or be supervised by people who do. All staff involved will be DBS checked. Arcus has ISO27001 certification ensuring the internal environment is secure and appropriately controlled.

Availability and resilience

Guaranteed availability
Arcus solution is built upon Salesforce technology. Response times are published: with an availability target of 99.999% 24/7/365. Historically, Salesforce has had an excellent record of very high uptime. Salesforce have configured all networking components, SSL accelerators, load balancers, Web servers and application servers in a redundant configuration. Measures in place for providing high availability include:
1. Facilities with reliable power, cooling, and network infrastructure
2. High-availability infrastructure: networking, server infrastructure, and software
3. N+1 redundancy
4. Detailed historical availability data on the entire service, not just on individual servers

Some less critical elements of our solution are built on Amazon Web Services which operate to a 99.9% or 99.95% guaranteed availability.
Approach to resilience
The service is delivered via the Salesforce platform and AWS, both of which use highly redundant networking. Data held in Salesforce is stored and processed in a primary server and replicated to a second site. Each server has multiple active clusters and use highly redundant carrier-class disk storage.
Outage reporting
Arcus Solution is built on the Salesforce platform. Salesforce provides current and historical (the preceding month) data on service availability for each of their instances at
A swagger-format API is available, as is an email notification system.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication
A valid email is required which becomes the unique username, and a password reset email is sent to this address. This ensures that the email address is valid. The user is then required to set a new password with a definable structure complexity - for example, uppercase/lowercase plus a number.
Access restrictions in management interfaces and support channels
The role-based security model only permits specified users to modify the configuration of the system. Access can be further restricted to only permit certain operations in 'high-assurance sessions', i.e. where two-factor authentication has been completed.

Support from Arcus Global is provided via a separate portal with independent role-based access.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Description of management access authentication
All users are required to have a username and password to access the system with the option of adding 2-factor (token-based) authentication as required. Password complexity and expiry can be configured by the customer to ensure appropriate controls are in place.

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
24 September 2018
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
  • ISO 9001 : 2015
  • Cyber Essentials

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Arcus hold ISO 9001: Quality Management Standard
Information security policies and processes
Arcus is ISO27001:2013 and ISO9001 accredited and audited annually. Arcus implements an ITILv3 approach to support delivery that integrates with our security processes. Information security reports are arranged by the SIRO as part of a five-part response to any weakness, event, incident, or breach.

Salesforce's Information Security Management System and information security policies are based on ISO27002 best practices and ISO27001 certified. Salesforce maintains details of security processes at

Amazon Web Services' information security policies are ISO 9001, ISO 27001, ISO 27017, and ISO 27018 compliant. Further details are maintained at

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Arcus will maintain a change log of environmental controls and operate releases through our release manager.

All changes to software components are tracked via industry-standard source control systems which facilitate reviews of each change in line with our secure development policy. Versions of our products are tagged with a major-minor-patch system that allows easy tracking of changes.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Arcus uses industry-standard tools to automatically review elements of our solution. In addition, all modifications are reviewed against the OWASP guidelines and we carry out period re-reviews of our products.

Non-critical patches to our products can be applied to customer environments as soon as the fix is available, as can remedies for insecure environment configurations.

Salesforce and AWS operate with multiple tiers of vulnerability management which include directive, preventive, detective, and responsive controls. Critical patches to the infrastructure are, whenever possible, deployed during off-peak hours, without downtime and are typically seamless to customers.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Records all login attempts: originating IP address, time and success/fail against each user account. Information can be extracted for analysis against organisational policies. Configurable settings: enforce logins from an approved IP range and/or at certain times of day, maximum session length and automatic account locking after x failed login attempts.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Standard incident management ensures that all recorded incidents are triaged and routed to the appropriate resolver groups and, where necessary, escalated. In specific cases, it may be necessary to escalate incidents directly to the provider. We have a standard handoff process to ensure that end-to-end communication is maintained.

Users should report incidents by our standard support mechanisms i.e. by phone, support portal, or email depending on severity. For major incidents of any kind, regular telephone contact is then established until resolution.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£55 a user a month
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.