Services Works Global

CAFM Hosted Services

Service Works provides a variety of flexible Hosting and Cloud packages to ensure our clients benefit from a comprehensive, reliable CAFM / IWMS software application combined with peace of mind that the software is professionally managed in a secure, stable, environment.


  • Help Desk & Reactive Maintenance
  • Planned Maintenance
  • Resource Scheduling
  • Asset Management, Linear Assets, Asset Lifecyle
  • Bookings Management & Self-Service
  • Mobile Work Management
  • Space Management
  • Property Management
  • SLA & Contract Management
  • Stock Management


  • Improves service quality and availablitiy.
  • Provides enterprisewide visibilty of critical performance information.
  • Aids compliance with audit trails for H&S and statutory requirements.
  • Optimises asset value through reduced downtime and lower ownership costs.
  • Provides sustainable reductions in operational costs.
  • Mobile solution supports improved communications between office-based and remote staff.
  • Audit tools provide quality assurance capability
  • Enhances availability of property and assets
  • Enhanced contractor management from a cost and performance basis


£6,000.00 to £250,000.00 a unit

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

4 5 2 6 4 1 9 4 6 3 9 3 9 2 8


Services Works Global SWG Sales Team
Telephone: 02088774080

Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
System requirements
Supported on most browsers

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 15 minutes, 8am - 6pm, business days depending on case priority.

24/7 support available
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
At SWG we strive on providing expert technical support to our clients across the globe. We have Support teams located in the UK, Australia, Sweden and Canada allowing us to provide 24 / 7 cover across all time zones, if customers wish to choose this optional enhanced coverage. The SWG Support Centre provides the ability for clients to make contact 24/7/365 via phone, email and secure web portal.
We provide two levels of support; standard and enhanced. The cost varies according to the contract and services provided.
SWG provides an Account Manager who provides operational day-to-day management. Technical support provides clients with a single point of contact for the management of customer queries relating to the use of QFM software.
Support available to third parties

Onboarding and offboarding

Getting started
SWG offers a range of training courses for QFM software. Courses are designed to offer the best combination of product knowledge and hands on training, carried out by professional and approachable trainers. Training courses can be provided either at SWG’s offices, on a client site or via a webinar online service. The ethos of the organisation’s training arm is one of quality and flexibility, so we will always endeavour to meet client requirements. Documentation is provided during training courses and software release notes and user guides are also available.
Service documentation
Documentation formats
End-of-contract data extraction
At all times the data is owned by the respective customer. At any time reports and lists can be run and exported to Excel/CSV. This facility provides data extraction capability to all the data that is usually requested by customers.

If required tailored data exporting and formatting services can be provided.
End-of-contract process
Standard self service exports are included at no extra cost, but custom data extraction and formatting may be chargeable depending on precise requirements.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
QFM app is designed for use on handheld devices, providing both wireless and offline functionality for field-based contractors, technicians and auditors by allowing them to receive, update and close jobs on the move. The application interfaces seamlessly with QFM Resource Scheduling tools which provides task allocation to the most appropriate operatives based on skill, location and capacity.
The main QFM web-enabled application provides a far greater range of functionality, as the QFM mobile app is designed primarily for the distribution and management of maintenance tasks, tagging assets (scanning bar/QR codes) and carrying out customised audits and inspections.
Service interface
Description of service interface
To complement the help desk support provided by Service Works’ Client Support team, the Client Portal includes online self-service support, offering the ability to log and track QFM support requests, at any time, from any location. The Client Portal is highly secure, meaning that details of support cases are only visible to relevant stakeholders within their organisation.
Accessibility standards
None or don’t know
Description of accessibility
The Client Portal is available to SWG clients. It includes online self-service support and is highly secure, meaning that details of support cases are only visible to relevant stakeholders within their organisation. Users are able to quickly and easily log new requests and view the progress of existing support cases in real time. As soon as a case is updated or resolved by SWG's Support team, users are automatically notified. In addition, the online Client Portal provides a resources library, containing information about new software releases, latest feature videos, training videos, an FAQ library and support documentation.
Accessibility testing
SWG is upgrading its internal CRM system and Client Portal (the two systems are linked). As part of this upgrade SWG has worked with a selection of clients to test a beta version of the new system.
What users can and can't do using the API
The QFM product suite is designed to support bi-directional data interfacing with a wide range of systems. These include open, standardized interfaces and bespoke propriety interfaces exposed by some vendors. The system integrates with a broad array of third-party systems and data feeds to improve building management.

This can include but is not limited to:-
Finance Systems
Other CAFM systems
Procurement System
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
Software enhancement requirements can be raised as a feature request. These are then added to the road map to be developed at a scheduled time in the future. Customisation requests are chargeable and can be developed and implemented on an individual basis.

All QFM applications offer a high degree of user configurable functionality; allowing users to tailor the system to their specific requirements. Many field labels and UI text can also be changed so that organisational infrastructure terminology can be applied. Customised data views and reports can be saved and lists of ‘favourites’ added. QFM provides a vast number of controls for System Administrators to control who uses the system and how they can use it.


Independence of resources
Our service is provided in a Microsoft Azure environment and as such is highly elastic. Continuous monitoring is in place which highlights any aspect of the infrastructure that could potentially cause a bottleneck and this is expanded incrementally as required.


Service usage metrics
Metrics types
Numerous usage metrics can be tracked based on requirements. These can include high level information monitoring login/ access but can also be configured to monitor most aspects of what a user actually does in the system.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
A Reporting Schema tool provides easy access to key data, without directly accessing underlying QFM tables. The Schema delivers connector facilities to Excel which provides excellent connections with SQL databases and also offers a range of Business Intelligence capabilities, however it can be used with most reporting packages.

QFM also has a dedicated administrator Import/Export facility for general data uploads and downloads. This covers a wide range of QFM data types and enables imports and exports via Excel in unicode text and comma delimited file types.

In addition, many individual functions throughout the system provide on-screen data export facilities.
Data export formats
  • CSV
  • Other
Other data export formats
Web Services
Data import formats
  • CSV
  • Other
Other data import formats
Web Services

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks
All data is encrypted at rest and in transit.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
For availability SLAs this is dependent on the user requirements and can be implemented between 99% and 99.99%.

Service credits can be agreed but this is dependent up the configuration agreed.
Approach to resilience
The resilience built in to the MS Azure platform is extremely flexible and can be determined by the configuration agreed with each customer.

This ranges from a base level of removing any single point of failure within a single data centre to Multi data centre high availability with automated fail-over if required.
Outage reporting
MS Azure has a published dashboard of system outages, but SWG support will provide email notification where relevant.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
SWG provides user authentication via username and password for all QFM systems. To access any part of the system the user must have correctly supplied their username and password to log in. 2 factor authentication can be configured if required. User accounts can be locked out if multiple incorrect attempts to login are detected. To further restrict access, the database user is limited to those tables and views required for them to operate via their licensed modules. Additionally, to protect operational data, QFM ensures that key fields are encrypted using industry standard, Microsoft Windows encryption technology.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
The British Assessment Bureau. Certificate Number 208360.
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Service Works is accredited with the ISO 9001 and ISO 27001 international quality management standards. These were awarded for the company’s commitment to excellence in quality management systems and information security management. Both establish a model for continuous improvement and are reassessed each year by an independent professional body, providing a proven and consistent high level of service and security that our customers can rely on.
ISO 28000:2007 certification
CSA STAR certification
CSA STAR accreditation date
Originally in 2016
CSA STAR certification level
Level 3: CSA STAR Certification
What the CSA STAR doesn’t cover
This covers all client hosting environment servisces
PCI certification
Other security certifications
Any other security certifications
  • ISO 27001
  • SOC 1
  • SOC 2
  • SOC 3
  • CIS Benchmark
  • PASF - Police Assured Secure Facility
  • Various other ISO 20000,22300, 27017, 27018,......

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
The range of policies/controls includes the following areas:-

Information Security Policies,
Organisation of Information security,
Human Resource Security,
Asset Management,
Access Control,
Physical and environmental security,
Operations Security,
Communications Security,
System acquisition, development and maintenance,
Supplier relationships,
Information security incident management,
Information security aspects of business continuity management,

These all all contained in our ISO 9001 Quality Manual and our ISO 2700 1 Manual. These policies and procedures are audited regularly internally and annually by external auditors.

SWG is ISO 9001 and ISO 27001 accredited.

MS Azure is also accredited with a large range of security standards see - This includes ISO 27001.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
This is managed by Microsoft Azure and as such we rely on their accreditations and certifications along with published audit report found at
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
SWG utilise a specialist C-SIRT team concentrated on mitigating potentially serious effects of security-related issues and on coordinated security incident handling.
C-SIRT stays up-to-date on any potential known vulnerabilties and weaknesses, by monitoring various information sources (e.g. security news, blogs and vulnerability feeds).
C-SIRT assesses information security events and helps in the decision making on whether these events are classified as Security Incidents.
Incident Resolution and Remediation can be initiated according to the service level assigned. 15 minute first response SLA is available.

By default patches are applied monthly, urgent patch may be applied immediately if recommended by C-SIRT team.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
SWG has monitoring baseline configuration which is applied when services are onboarded. The baseline covers most typical incidents and compromises. This applies to both availability monitoring, utilization monitoring and security monitoring. Monitoring baselines are configured using cloud best practices, platform vendor recommendations and 3rd party tooling (such as known incident databases of 3rd party tools).
Automatic monitoring creates incidents from potential compromises (ticket) and alerts the on-duty engineer, who acknowledges the ticket in ITSM system and initiates the remediation.
1st response SLAs available for incident management (MTTA) include: 15 min, 30 min, 60 min and best effort.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Yes there are pre-defined processes for known events listed in Runbooks (for customer specific typical events) and in general instructions (for generic known events).

Users can report incidents via SWG Portal, Phone or Email

Incident reports are provided as part of monthly hosing service reporting including nature of incident, action/resolution and all SLA related timescales.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£6,000.00 to £250,000.00 a unit
Discount for educational organisations
Free trial available
Description of free trial
Access is provided via a web URL to a demonstration database of QFM. The database has standard configurations and is populated with generic data sets to allow Users to trial QFM. The trial will not include any client specific workflows. Typically, the trial period is 2 weeks.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.