JML Software Solutions Limited

Chronicle for Regulatory Compliance and Practitioners

Enables professional service providers to ensure their practitioners are properly accredited to deliver the complex and high-quality outcomes demanded by clients and regulatory bodies. Ensures competence and compliance against any structured set of skills/specialisms and allows the organisation to manage distribution, succession planning and investment in training & equipment.


  • Central/remote management of assets
  • Management of maintenance schedules
  • Association of required skill level for an asset
  • Real-time validation at point of issue
  • Reporting on future demand and asset usage
  • Stock control and consumable management
  • Expiry and notification of overdue assets with escalation levels
  • Accurate real-time reports
  • Utilises latest RFID technology
  • Fully configurable system


  • Ensures compliance with organisational policies and external regulations
  • Notifications for unauthorised access attempts
  • Full audit of historical transactions with non-repudiation for investigation support
  • Accurate and complete picture of asset landscape
  • Interface enabled to obviate double keying
  • Protection of investment in Training and Assets
  • Single source of truth, protects the organisation and employees
  • Informs capital investment programmes
  • Reduces chance of accreditation lapses through timely training planning


£2.20 to £14.49 per user per month

Service documents

G-Cloud 10


JML Software Solutions Limited

Russell Osborne


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Chronicle offerings can be combined into a Single Instance and extended to meet a variety of business needs.
Cloud deployment model Public cloud
Service constraints If required - Door Access Control requires a physical device to be installed to call the cloud hosted web service.
Deployments are planned and communicated a month in advance and will include planned system downtime.
System requirements
  • Windows 7 or above
  • Windows 7 or above PC door access control

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times Support is offered Monday to Friday (ex Public Holidays) from 09:00 to 17:30.

We aim to respond to any ticket within 20 minutes.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Assured Support
Cost is included in monthly per user amount.
Access to Phone and Email Support with responses in less than an hour to all enquiries.
Email & Phone Working Days, Business Hours
Scheduled deployments during working hours.

Enhanced Support is available on request.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Chronicle provides comprehensive on boarding services which can be applied against a small number of departmental users or an organisation as a whole. The on boarding process enables the end user to collate the required information from multiple sources into a single excel sheet. The collated information is then imported to Chronicle to enable a single view of the data obtained from multiple sources, enabling advantage to be taken of Chronicle in a matter of a few days. Support from a Services Manager is provided throughout this process, ensuring that appropriate data is captured and subsequently imported to Chronicle with minimal disruption to the end user.
Training can be provided on-site or via video link and JML provides user guides, quick reference guides and training videos through the Support Portal on our website.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats
  • DOCX
  • PPTX
End-of-contract data extraction Database can be exported and imported into any appropriate system which conforms to the same standard and can support the audit trail provided by Chronicle.
End-of-contract process All customer data and configuration is extracted and delivered by secure medium to a single nominated location.
On receipt of the extracted data, the Chronicle database is cleared and erased using industry standard tools. Confirmation of data and configuration erasure is provided to the end user.
Finally the virtual hardware utilised is destroyed with source files erased.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service As long as user is able to access the environment - including over a secure network then they will be able to access Chronicle.
Accessibility standards None or don’t know
Description of accessibility The system would be hard for a vision impaired user as it is not optimised for a screen reader.
Accessibility testing We use browser based tool to highlight WCAG issues.
Customisation available Yes
Description of customisation Users with the right level of permission can define organisational role profiles for skill accreditation and compliance.


Independence of resources Resource separation is done via VMWare Hypervisor to ensure that resources are dedicated for each instance.
Additional resources are provisioned to ensure that each instance significantly exceeds the requirements for a Chronicle deployment.


Service usage metrics Yes
Metrics types Login Volume,
Bandwidth and Machine Usage,
Up-Time over a Time Period.
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency Less than once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Web Front End provides functionality to export a breakdown of information.
Data export formats
  • CSV
  • Other
Other data export formats
  • Rtf
  • Xls
Data import formats
  • CSV
  • Other
Other data import formats
  • Rtf
  • Xls

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability JML provides Assured Service Level Agreement as standard with uptime of no more than 2 hours of unavailability between 9am and 5:30pm on Working Days.

For every full 90 minutes of additional downtime above this a Service Credit equal to 1% of the annual amount, up to a maximum of 7% in any given month will be provided.

JML can provide Enhanced Service Levels including extended hours and out of hours call out Support which can be arranged on a customer by customer basis.
Approach to resilience Full details available on request.

Data is replicated across physical sites and each Datacentre has built in redundancy of n+1 in Cooling, Power Generation and Hardware.
Outage reporting The solution includes automatic up time monitoring and Email alerts are sent in the event of an outage.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels The Chronicle Control Panel provides an interface to the configuration and management of the Chronicle application. The Control Panel is restricted to authorised users and controlled by user ID and password.
Access restriction testing frequency At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 British Assessment Bureau
ISO/IEC 27001 accreditation date 20/07/2018
What the ISO/IEC 27001 doesn’t cover N/A
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • PASF
  • Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We expect to have ISO 27001 certification by July 2018.

All staff are SC cleared and hosting provider has ISO 27001 certification
in place already.
Information security policies and processes We have a Senior Information Controller (SIC) who has overall responsibility for Information Security. Reporting to the SIC is an Information Security Manager (ISM), who is responsible for setting and monitoring adherence to Policy. Information Security Officers report to the ISM and are responsible for the day to day implementation of the Policy, its recording and monitoring.
We are working towards ISO 27001 compliance and our processes are aligned to our Statement of Applicability for both ISO 9001 and 27001

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We have an ISO 27001 ready Change and Configuration Management Policy which covers changes made to Software and Systems.
Security impact is quantified in line with this policy.
Vulnerability management type Undisclosed
Vulnerability management approach Environment is patched within 14 days of "Critical or High" patch releases.
Threats are assessed based on a Common Vulnerability Scoring System (CVSS).
Potential threats are taken from a Common Vulnerabilities and Exposures list.
Protective monitoring type Supplier-defined controls
Protective monitoring approach 24/7 Monitoring on boundary.
Alerts sent via email within next working day of any potential compromise.
Incident management type Supplier-defined controls
Incident management approach Incidents are raised directly with our support via email or phone. They are then classified and follow our ITIL process.
The reporter is given regular status updates and the SLA against each item is tracked.
Critical or Major incidents a root cause analysis and remedial action plan will be provided to the reporter.
Incidents are not made public.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £2.20 to £14.49 per user per month
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Terms and conditions document View uploaded document
Return to top ↑