Services Works Global

CAFM Hosted Services

Service Works provides a variety of flexible Hosting and Cloud packages to ensure our clients benefit from a comprehensive, reliable CAFM / IWMS software application combined with peace of mind that the software is professionally managed in a secure, stable, environment.

Features

• Help Desk & Reactive Maintenance
• Planned Maintenance
• Resource Scheduling
• Asset Management, Linear Assets, Asset Lifecyle
• Bookings Management & Self-Service
• Mobile Work Management
• Space Management
• Property Management
• SLA & Contract Management
• Stock Management

Benefits

• Improves service quality and availablitiy.
• Provides enterprisewide visibilty of critical performance information.
• Aids compliance with audit trails for H&S and statutory requirements.
• Optimises asset value through reduced downtime and lower ownership costs.
• Provides sustainable reductions in operational costs.
• Mobile solution supports improved communications between office-based and remote staff.
• Audit tools provide quality assurance capability
• Enhances availability of property and assets
• Enhanced contractor management from a cost and performance basis

£6,000.00 to £250,000.00 a unit

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Framework

G-Cloud 12

Service ID

452641946393928

Contact

SWG Sales Team
02088774080
info@swg.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: No
• System requirements: Supported on most browsers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 15 minutes, 8am - 6pm, business days depending on case priority.; ; 24/7 support available
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: At SWG we strive on providing expert technical support to our clients across the globe. We have Support teams located in the UK, Australia, Sweden and Canada allowing us to provide 24 / 7 cover across all time zones, if customers wish to choose this optional enhanced coverage. The SWG Support Centre provides the ability for clients to make contact 24/7/365 via phone, email and secure web portal.; We provide two levels of support; standard and enhanced. The cost varies according to the contract and services provided.; SWG provides an Account Manager who provides operational day-to-day management. Technical support provides clients with a single point of contact for the management of customer queries relating to the use of QFM software.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: SWG offers a range of training courses for QFM software. Courses are designed to offer the best combination of product knowledge and hands on training, carried out by professional and approachable trainers. Training courses can be provided either at SWG’s offices, on a client site or via a webinar online service. The ethos of the organisation’s training arm is one of quality and flexibility, so we will always endeavour to meet client requirements. Documentation is provided during training courses and software release notes and user guides are also available.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: At all times the data is owned by the respective customer. At any time reports and lists can be run and exported to Excel/CSV. This facility provides data extraction capability to all the data that is usually requested by customers.; ; If required tailored data exporting and formatting services can be provided.
• End-of-contract process: Standard self service exports are included at no extra cost, but custom data extraction and formatting may be chargeable depending on precise requirements.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: QFM app is designed for use on handheld devices, providing both wireless and offline functionality for field-based contractors, technicians and auditors by allowing them to receive, update and close jobs on the move. The application interfaces seamlessly with QFM Resource Scheduling tools which provides task allocation to the most appropriate operatives based on skill, location and capacity.; The main QFM web-enabled application provides a far greater range of functionality, as the QFM mobile app is designed primarily for the distribution and management of maintenance tasks, tagging assets (scanning bar/QR codes) and carrying out customised audits and inspections.
• Service interface: Yes
• Description of service interface: To complement the help desk support provided by Service Works’ Client Support team, the Client Portal includes online self-service support, offering the ability to log and track QFM support requests, at any time, from any location. The Client Portal is highly secure, meaning that details of support cases are only visible to relevant stakeholders within their organisation.
• Accessibility standards: None or don’t know
• Description of accessibility: The Client Portal is available to SWG clients. It includes online self-service support and is highly secure, meaning that details of support cases are only visible to relevant stakeholders within their organisation. Users are able to quickly and easily log new requests and view the progress of existing support cases in real time. As soon as a case is updated or resolved by SWG's Support team, users are automatically notified. In addition, the online Client Portal provides a resources library, containing information about new software releases, latest feature videos, training videos, an FAQ library and support documentation.
• Accessibility testing: SWG is upgrading its internal CRM system and Client Portal (the two systems are linked). As part of this upgrade SWG has worked with a selection of clients to test a beta version of the new system.
• API: Yes
• What users can and can't do using the API: The QFM product suite is designed to support bi-directional data interfacing with a wide range of systems. These include open, standardized interfaces and bespoke propriety interfaces exposed by some vendors. The system integrates with a broad array of third-party systems and data feeds to improve building management.; ; This can include but is not limited to:-; Finance Systems; Other CAFM systems; Procurement System; BIM; BMS; .......
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Software enhancement requirements can be raised as a feature request. These are then added to the road map to be developed at a scheduled time in the future. Customisation requests are chargeable and can be developed and implemented on an individual basis.; ; All QFM applications offer a high degree of user configurable functionality; allowing users to tailor the system to their specific requirements. Many field labels and UI text can also be changed so that organisational infrastructure terminology can be applied. Customised data views and reports can be saved and lists of ‘favourites’ added. QFM provides a vast number of controls for System Administrators to control who uses the system and how they can use it.

Scaling

• Independence of resources: Our service is provided in a Microsoft Azure environment and as such is highly elastic. Continuous monitoring is in place which highlights any aspect of the infrastructure that could potentially cause a bottleneck and this is expanded incrementally as required.

Analytics

• Service usage metrics: Yes
• Metrics types: Numerous usage metrics can be tracked based on requirements. These can include high level information monitoring login/ access but can also be configured to monitor most aspects of what a user actually does in the system.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: A Reporting Schema tool provides easy access to key data, without directly accessing underlying QFM tables. The Schema delivers connector facilities to Excel which provides excellent connections with SQL databases and also offers a range of Business Intelligence capabilities, however it can be used with most reporting packages.; ; QFM also has a dedicated administrator Import/Export facility for general data uploads and downloads. This covers a wide range of QFM data types and enables imports and exports via Excel in unicode text and comma delimited file types.; ; In addition, many individual functions throughout the system provide on-screen data export facilities.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Web Services
• Data import formats:
  • CSV
  • Other
• Other data import formats: Web Services

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection between networks: All data is encrypted at rest and in transit.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: For availability SLAs this is dependent on the user requirements and can be implemented between 99% and 99.99%.; ; Service credits can be agreed but this is dependent up the configuration agreed.
• Approach to resilience: The resilience built in to the MS Azure platform is extremely flexible and can be determined by the configuration agreed with each customer.; ; This ranges from a base level of removing any single point of failure within a single data centre to Multi data centre high availability with automated fail-over if required.
• Outage reporting: MS Azure has a published dashboard of system outages, but SWG support will provide email notification where relevant.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: SWG provides user authentication via username and password for all QFM systems. To access any part of the system the user must have correctly supplied their username and password to log in. 2 factor authentication can be configured if required. User accounts can be locked out if multiple incorrect attempts to login are detected. To further restrict access, the database user is limited to those tables and views required for them to operate via their licensed modules. Additionally, to protect operational data, QFM ensures that key fields are encrypted using industry standard, Microsoft Windows encryption technology.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: The British Assessment Bureau. Certificate Number 208360.
• ISO/IEC 27001 accreditation date: 02/09/2016
• What the ISO/IEC 27001 doesn’t cover: Service Works is accredited with the ISO 9001 and ISO 27001 international quality management standards. These were awarded for the company’s commitment to excellence in quality management systems and information security management. Both establish a model for continuous improvement and are reassessed each year by an independent professional body, providing a proven and consistent high level of service and security that our customers can rely on.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: Originally in 2016
• CSA STAR certification level: Level 3: CSA STAR Certification
• What the CSA STAR doesn’t cover: This covers all client hosting environment servisces
• PCI certification: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO 27001
  • SOC 1
  • SOC 2
  • SOC 3
  • CIS Benchmark
  • PASF - Police Assured Secure Facility
  • Various other ISO 20000,22300, 27017, 27018,......
  • https://www.microsoft.com/en-us/trustcenter/compliance/complianceofferings

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: The range of policies/controls includes the following areas:-; ; Information Security Policies,; Organisation of Information security,; Human Resource Security,; Asset Management,; Access Control,; Cryptography,; Physical and environmental security,; Operations Security,; Communications Security,; System acquisition, development and maintenance,; Supplier relationships,; Information security incident management,; Information security aspects of business continuity management,; Compliance.; ; These all all contained in our ISO 9001 Quality Manual and our ISO 2700 1 Manual. These policies and procedures are audited regularly internally and annually by external auditors. ; ; SWG is ISO 9001 and ISO 27001 accredited.; ; MS Azure is also accredited with a large range of security standards see - https://www.microsoft.com/en-us/trustcenter/cloudservices/azure. This includes ISO 27001.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: This is managed by Microsoft Azure and as such we rely on their accreditations and certifications along with published audit report found at https://www.microsoft.com/en-us/trustcenter/cloudservices/azure
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: SWG utilise a specialist C-SIRT team concentrated on mitigating potentially serious effects of security-related issues and on coordinated security incident handling. ; C-SIRT stays up-to-date on any potential known vulnerabilties and weaknesses, by monitoring various information sources (e.g. security news, blogs and vulnerability feeds). ; C-SIRT assesses information security events and helps in the decision making on whether these events are classified as Security Incidents.; Incident Resolution and Remediation can be initiated according to the service level assigned. 15 minute first response SLA is available. ; ; By default patches are applied monthly, urgent patch may be applied immediately if recommended by C-SIRT team.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: SWG has monitoring baseline configuration which is applied when services are onboarded. The baseline covers most typical incidents and compromises. This applies to both availability monitoring, utilization monitoring and security monitoring. Monitoring baselines are configured using cloud best practices, platform vendor recommendations and 3rd party tooling (such as known incident databases of 3rd party tools).; Automatic monitoring creates incidents from potential compromises (ticket) and alerts the on-duty engineer, who acknowledges the ticket in ITSM system and initiates the remediation.; 1st response SLAs available for incident management (MTTA) include: 15 min, 30 min, 60 min and best effort.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Yes there are pre-defined processes for known events listed in Runbooks (for customer specific typical events) and in general instructions (for generic known events).; ; Users can report incidents via SWG Portal, Phone or Email; ; Incident reports are provided as part of monthly hosing service reporting including nature of incident, action/resolution and all SLA related timescales.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £6,000.00 to £250,000.00 a unit
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Access is provided via a web URL to a demonstration database of QFM. The database has standard configurations and is populated with generic data sets to allow Users to trial QFM. The trial will not include any client specific workflows. Typically, the trial period is 2 weeks.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF