Shelton Development Services Limited

SDS ProVal

SDS ProVal is a market leading financial viability model for appraising housing developments. Specifically designed for the social housing sector, it can quickly appraise schemes with unlimited dwelling types, and provide summary results for each tenure type plus overall scheme viability. Includes reporting functionality to tailor reports to your organisation.


  • Set global defaults for key development assumptions
  • Define cashflow period up to 100 years
  • Discount future cashflows using Present Value methodology (NPV)
  • Model assumption changes using scenarios
  • Define templates for dwelling, tenure, scheme
  • Consolidate and report on multiple ProVal appraisals
  • Includes standard reporting suite, bespoke reports for extra charge
  • Automatically calculate residual land value, IRR, interest cover, etc
  • Real time Integration with SDS Sequel (Project Management software)
  • Unlimited combination of tenure types and dwellings in single appraisal


  • Improves financial rigour, provides a more robust approach to viability
  • Centralises the repository for all appraisal related data
  • Frees up staff time to focus on value add activities
  • Speeds up process of appraising schemes using defaults and templates
  • Standardises the appraisal process within the organisation
  • Tailor reporting to any level in your organisation
  • Reduces compliance risk, speeds up IDAs and Audits
  • Improves team credibility via better management of appraisal process
  • Measure actual results vs plan when synchronised with SDS Sequel
  • Established solution with ~65% market share in social housing sector


£2250 to £5000 per licence per year

Service documents


G-Cloud 11

Service ID

4 4 2 8 1 5 8 7 2 3 1 0 7 1 4


Shelton Development Services Limited

Rob Shelton


Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
System requirements
  • Remote Desktop
  • ...with bidirectional file transfer enabled

User support

Email or online ticketing support
Email or online ticketing
Support response times
Support is provided during business hours.

Critical support tickets we have a 4 hour initial response SLA with a 5 day resolution unless it involves a fix to be implemented in the application in which case it's a 20 day resolution.

Lower support levels vary with the lowest importance having an 3 day response and 20 day resolution unless it involves a fix to be implemented in the application in which case it's 2 months
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Currently we offer the same level of support to all customers. If a customer logs a call it defaults to 'Urgent' which requires a 4 business hours response.

Initial support tickets are created via email to, via a phone call to 01483 278444 or existing users can create their own ticket in our Support application Freshdesk.

Support calls are dealt with in the order they arrive by the next available support team member enabling calls to be triaged and prioritised accordingly.

We do not provide a technical account manager for an organisation but we do allocate technical managers for specific projects - system upgrades etc.
Support available to third parties

Onboarding and offboarding

Getting started
On-site training is provided for any number of individuals, run on a day basis for up to 6 people at a time.

We also provide an E-Learning solution which offers a virtual classroom experience where up to 8 users can attend over a number of 1.5 hour sessions.

End user documentation is provided on our website.
Service documentation
Documentation formats
End-of-contract data extraction
This can be downloaded using either reports or exported via CSV by the client from their user interface
End-of-contract process
The price will be determined by the service required. There will be the rental cost of the software. Typically there will also be an initial training cost and potentially (depending on the size and requirement of the client), consulting costs to provide implementation support. At the end of the contract the client will have the option to extend the software rental on an annual basis. This pricing will be determined at the time of renewal.

Using the service

Web browser interface
Application to install
Compatible operating systems
Designed for use on mobile devices
Service interface
Description of service interface
Remote Desktop Connection
Accessibility standards
None or don’t know
Description of accessibility
Text size can be easily changed.
High Contrast setting in operating system (user preferences) is enabled.
Assistive readers compatible with Remote Desktop sessions can be used.
Colour coding can be changed in system settings.
Accessibility testing
Customisation available
Description of customisation
System administrators can configure the software in a number of ways, such as:-
1) create dwelling archetypes which any user can quickly pull into an appraisal
2) Save an appraisal as a templates for new appraisals
3) specify which user roles can (a) see and (b) edit appraisal sections, and individual inputs and calculated outputs
4) create custom inputs
5) create custom calculated results
6) change the organisation logo that appears on reports
7) install new custom reports which any user can run on an appraisal or group of appraisals
8) define investment criteria as benchmark results, which enables a quick at-one-glance report
9) define sensitivity scenarios
10) define inflation assumptions by product type
11) manage users, license assignments, and roles


Independence of resources
Each client organisation rents a separate server (or cluster of servers), thus isolating them from other clients. One of the servers in the cluster will run an instance of SQL Server to host the database for that organisation. This can be migrated to a separate server if the organisation's usage is intense enough to justify the expense. Similarly more servers can be added to the cluster as usage increases.


Service usage metrics
Metrics types
Each user's activity is logged. Administrators can thus identify inactive (or non-productive) user accounts, and spot anomalous behaviour by looking at the frequency and pattern of actions performed by users.
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users export their Application or Scheme data by using a button and field filter which generates an XML file. A schema file is on our website.

Reports are written in XSLT and produce either HTML or Excel files.

Any report can be previewed before printing, exporting to PDF, HTML, Word or Excel.
Data export formats
Other data export formats
  • XML
  • XLSX
  • PDF
  • HTML
  • DOCX
Data import formats
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Agreed SLA for 99.98% availability / uptime. Currently have not needed to refund any customers for availability related issues. Would approach this on a case by case basis.
Approach to resilience
The Data Centre is aligned to the Uptime Institute Tier III standard. Data Centre infrastructure is configured to provide N+1 redundancy. Power is UPS and Generator backed with two live feeds. The Network connection feed is resilient by design with redundant switching and routes over two providers re-rerouting connection via points at two remote DC sites in addition to the primary. There are two diverse entry points for networks to enter the Data Centre routing via two separate telephone exchanges. Internal network routing is kept separated at all point up to the point of entry into the rack
Outage reporting
Outage is notified as part of the Major Incident Response Process. Specific details of outage and response to that outage is given within 7 days.

Identity and authentication

User authentication needed
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Your administrators authorise which of your users can take action on specific resources, giving you full control and visibility.

Support services are only provided to authenticated users. SDS access has to be granted by the user for each incident and is logged for auditing purposes. This log is available to your administrators.
Access restriction testing frequency
At least once a year
Management access authentication
Identity federation with existing provider (for example Google Apps)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
SGS United Kingdom Ltd accredited our ISO/IEC 27001:2013
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
The Recruitment Services part of Sovereign.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
ISO27017 currently undergoing implementation

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Currently undergoing the process of aligning to ISO27017:2013 for certification to the standard
Information security policies and processes
Accredited to ISO27001:2013. This is audited via a process of internal and external audits. Our internal auditing is carried out by an independent consultancy to aid in the impartiality of the process. This ensures that internal auditing isn’t just a tick in the box routine. Compliance external auditing is carried out by SGS UK Limited. Reporting is carried out by the “Information Security Team” who meet once a month for security management review meetings to ensure a continual improvement methodology to the process is maintained. The auditing highlights any issues and these are addressed by the IST to ensure policies are followed. Regular staff engagement is carried out and new staff members educated as part of the induction process

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our source code is managed in GIT version control system. Committing new/changed code the repository triggers a build, test and deploy (if tests pass) process. Security of changes are assessed and managed in the design phase.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
All threats are monitored via Qualys for vunerability and potential threats and patches are deployed as required within 1 hour.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Multiple layer – Sophos, qualys, av
Within 1 hour if critical and down to 48 hours for non critical changes.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Predefined process for common events. Incidents are logged via email to the helpdesk. All reporting is via the Helpdesk manage engine

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£2250 to £5000 per licence per year
Discount for educational organisations
Free trial available

Service documents

Return to top ↑