Kaarbon Technology Ltd


A Tree management system allowing mobile users to add or download tree inventory data and download geo-referenced mapping for offline use. The mobile application uploads updated asset data to the kaarbontech cloud system. We include the ability to complete an arb inspection, record defects, repair and maintenance or service requests.


  • Field data capture on iOS, Android and Windows devices.
  • Council specific spatial datasets used for greater clarity.
  • Trees marked for attention are clearly identified.
  • Arboricultural Data displayed on OS Mastermap with offline use.
  • Create tree arb management programme based on risk.
  • Integration with existing corporate systems possible.
  • Arboriculture defect recording with service request facility.
  • Comprehensive reporting suite with export functionality.
  • Manage inventory for individual and groups of trees
  • Create risk model by species, location, vulnerability and full consultancy


  • Provides accurate, complete and reliable data.
  • Ensures compliance with legislation and codes of practice.
  • Easy access to inventory data and simple export and reporting.
  • Intuitive user interface, easy to use and low training needs.
  • Enables fast response to public and Councillor Arb data requests.
  • One touch interactive KPI reporting.
  • Effective solution for managing arboricultural tree stocks.
  • Tree valuations using CAVAT functional value and QTRA (if licensed).
  • Planned management of Chalara - Ash Dieback action plan
  • Data collected by tree inspector conforms to requirements of BS5837:2012


£1715 to £2325 per licence per year

Service documents


G-Cloud 11

Service ID

4 1 4 8 5 8 2 1 8 5 7 9 8 9 1


Kaarbon Technology Ltd

Mark Entwistle



Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints There are no service constraints.
System requirements
  • Web browser, Google Chrome, Mozilla Firefox, Edge or Internet Explorer
  • Internet connection, minimum 10Mbps and latency less than 100ms

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Monday to Friday 8am to 6pm - response within 60 minutes, out of hours SLA can be specified, further details on request
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Our support services are delivered by online ticket, email or telephone and are operational 0800 until 1800 UK time, Monday to Friday excluding bank and public holidays. We do provide a dedicated account manager for each customer but this is not specifically a technical or cloud support engineer.

We offer onsite support at a day rate of £750 to include travel time.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide detailed training video's, telephone support and offer on site training for an additional fee
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats Video Tutorials
End-of-contract data extraction All data can be exported at any time during the contract period.
End-of-contract process No additional charges are due at the end of the contract.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Windows Phone
  • Other
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Mobile service can have offline maps for use when a mobile signal is not available.
Service interface No
What users can and can't do using the API Our API is not part of our standard G Cloud offering, Please contact us to discuss your requirements
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Asset collection process has questions based on BS5837, answers to these questions can be personalised by buyer once an order has been received.


Independence of resources We limit the amount of customers hosted on a single server and monitor demand to ensure system is optimised at all times


Service usage metrics Yes
Metrics types Real-time management and login information provided
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Data can be exported in from the operations tab on the main menu or from many of the reporting screens within the system.
Data export formats
  • CSV
  • Other
Other data export formats Esri Shapefile
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Legacy SSL and TLS (under version 1.2)
Data protection within supplier network Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability 99% service availablility
Approach to resilience Detailed resilience information available on request
Outage reporting Email alert of service outages.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels We use Puppet as our core user control system. Access can be restricted via an access control dashboard, restricted access and version control access is also applied to reduce the possibility of unauthorised access to the system
Access restriction testing frequency At least once a year
Management access authentication Public key authentication (including by TLS client certificate)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Operate a system based on ISO 27001 and working towards full accreditation to ISO 27001
Information security policies and processes Our policies around information security are held within the companies ‘software overview’ document and are reviewed every six months. All queries or issues with regard to information security should be reporting to line manager and then passed directly to the managing director who has ultimate authoritiy over IT governance, any fail safe’s to ensure policy adherence can be viewed on request. We are currently working towards full ISO 27001 accreditation.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach We ensure that any changes to the system are properly tested and authorised with close attention to any that might alter security properties. Our penetration testing process and vulnerability processes would identify security issues in constituent components. We operate failover software which currently poles the live and development server status every 10 minutes. To avoid false alerts due to internet consistency the program increases its checks to 1 minute if there is no initial response and reports the status to two of our developer’s and KaarbonTech managing director via text and email.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach A vulnerability assessment is carried out monthly and any potential threats are assessed using the Common Vulnerability Scoring System (CVSS). Those that are deemed in need of a fix are given a priority (1-4) and dealt with accordingly with high or critical vulnerabilities having a target patch time of 24 hours. Potential threats are communicated to us by our failover software supplier and we monitor the weekly threat report from the National Cyber Security Centre.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Server logs are used to monitor any errors which are emailed to the developers as and when they occur. This includes the line of code and all the detail about the system. Once received, the error is prioritised and the log is examined. This proactive approach allows us to catch abnormalities before the customer notices them. All logs are stored for retrieval and assessment for up to 12 months. The statistics of compromises form part of the weekly developer meeting agenda.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Errors are communicated to the development team as and when they occur, the error is prioritised and the log is examined in detail either:
• Immediately
• The following morning.
Analytics are used to monitor timings and crash reports in a similar way. This information is also prioritised for action within the following timescale:
• Immediately
• Within 24 hours
• Within 7 days
• Before the next natural release
The incident report statistics form part of the weekly developer meeting agenda.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £1715 to £2325 per licence per year
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑