Elf Software Ltd

Asset, Property & Compliance Management Software and Oracle and IBM Cloud solutions. copy

elf Software Ltd specialise in developing software solutions and comprehensive support services in Property, Asset & Compliance specifically to support Local Authorities, Academies, Schools & Outsourcing Companies.
In addition elf Software ltd can now offer Oracle and IBM cloud software solutions.


  • Asset Management Planning
  • Estates Management
  • Facilities Management (Helpdesk & PPM)
  • Management of Cyclical Compliance Activities (Statutory Testing & Inspections)
  • Plant & Equipment Servicing
  • Surveying & Assessments (Asbestos, Condition, DDA, Fire Risk)
  • Oracle Cloud offerings
  • IBM Cloud offerings


  • Anytime, Anywhere, on any device
  • Real-time information flow that enhances visibility
  • Enhanced efficiency in business processes, improving productivity
  • Use land and property more effectively
  • It delivers the necessary knowledge to support better decision making
  • Overcome compliancy issues in keeping the estate safe
  • Transforms your approach to remove wasteful duplication of data
  • Integration of all property management information needs
  • One data repository to store property information


£9000 to £30000 per unit per year

  • Education pricing available

Service documents


G-Cloud 11

Service ID

4 5 8 1 1 2 5 6 7 7 0 1 7 0 3


Elf Software Ltd

Christopher Lloyd

01952 676929


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints Our service has no constraints for the buyer, however, if the buyer wants to host the software internally they will need to adhere to our system architecture model.
System requirements None unless client is hosting the software

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Based on a business day, questions are replied to within 24 hours.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Support is provided by elf's internal Service Desk.
The level provided is support between Monday - Friday 09:00am - 17:00pm.
Each support issue is dealt with according to the agreed SLA's.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Elf provide leading secure, accurate, efficient and effective front and back office business services and solutions to a range of public and private sector organisations. Delivered through the application of innovative technology, proficient processes and flexible resource models; providing excellent value for money. This service enables customers to meet and exceed service levels, in an efficient and cost effective manner delivered through a unique mixture of knowledge, skills and proven secure technology.

On award of a contract, elf will immediately instigate a Project Initiation Meeting (PIM) to ensure the timescales are met. The PIM will identify amongst other matters, the project reporting and quality assurance and performance monitoring requirements of the client.

elf’s data services offering is backed up by the knowledge and expertise to help provide a comprehensive review of all data sources, systems and structures in order to allow clients to use information effectively.

Customers have the option of tailored, on-site training or formal courses at elf’s training centre. elf hosts a range of comprehensive training solutions for new and advanced users of the software suite.
Service documentation No
End-of-contract data extraction Customers are able to work with ourselves to extract all of the data at the end of the contract if this is required.
End-of-contract process If customers wish to use our expertise in extracting all of their data at the end of the contract, there are additional costs involved and this will depend on the volume and complexity of the data.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
  • Safari 9+
Application to install Yes
Compatible operating systems Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The main application is accessed via IE11 requiring Windows OS. The interactive portal applications are designed as a light weight front-end for clients, contractors and staff.
Service interface No
Customisation available Yes
Description of customisation The service is modular based, which allows customers to choose what applications they want.


Independence of resources We operate though a Tier 3 level data centre utilising a market leading supplier who is able to meet our scalable demands to ensure that our clients services are not affected.


Service usage metrics Yes
Metrics types We are able to offer two different types of service metrics which are as follows:

Ticket volume, ticket backlog, resolution rate, average reply time, average first response time, customer satisfaction, average handle time, first contact resolution rate, net promoter score and replies per ticket.

Uptime SLA of the hosted solution.
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Users can export data into several different formats i.e. PDF, CSV, Excel, Word and XML.

Data can be extracted directly from the SQL database if users have the relevant expertise.
Data export formats
  • CSV
  • Other
Other data export formats
  • Excel
  • Word
  • XML
Data import formats
  • CSV
  • Other
Other data import formats
  • Excel
  • XML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Our hosting supplier provides an SLA which incorporates a 99.9% service uptime. Any refunds due to availability issues would be on a client by client basis in line with their contract.
Approach to resilience This information is available on request.
Outage reporting Our hosting supplier notifies us by Email if there are any server outages.
We in turn, will Email our clients directly.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Within the application a system administrator is responsible for user access and privileges. With the 2 factor authentication the first point of access is controlled via internal hosting IT.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 SN Registrars (Holdings) Limited
ISO/IEC 27001 accreditation date 28/02/2016
What the ISO/IEC 27001 doesn’t cover All aspects of our system infrastructure and product offerings are covered by our ISO certification.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Compliance with ISO27001 is a written requirement of employment at our company and is regularly assessed by our in-house auditing team as well as through six monthly externally led audits. We also operate through the premise of least available privilege for all system users, including a named and vetted system team whose higher level access to systems is fully monitored and subject to 2FA throughout. The systems team report to the Technical Director who is entirely responsible as a Board member for the technical infrastructure. We also operate our entire company systems on the same infrastructure - fully separated from client instances - and as such our company DR and BCP apply to the same infrastructure.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All system components are subject to 24/7 monitoring for performance and tracked issues, and are proactively replaced if their performance shows signs of future degradation. We also operate an N+N redundant system in most areas, with a fallback to N+1 to avoid a single failure impacting on system availability. Changes are fully assessed for security impact in line with ISO27001 security controls and tested on internal development systems before rollout.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our technical team are alerted to potential threats directly by our hardware and software partners, and will deploy threat responses immediately based on industry information or detected issues within our infrastructure. Patches are deployed based on the level of threat and impact on our infrastructure - as we operate a fully redundant series of systems, we can inspect the performance as patches are deployed and continue rollout or roll back as needed.
Protective monitoring type Supplier-defined controls
Protective monitoring approach As with all system level impacts, we monitor the system 24/7 to ensure that all operating parameters are within expected levels, and our automated monitoring systems will raise an alert to our systems team if this is not the case. Patches and updates to the system are communicated to all affected users directly and also published on our status page for our cloud servers.
Incident management type Supplier-defined controls
Incident management approach Incidents can be reported to our systems team through our ticketing system and will automatically be raised to priority 1 if a cloud based system is affected. Our team also apply standard processes for the resolution of system issues against a known good backup and rollback procedure. Incident reports - both ongoing and previous - are available through our status page at status.academia.co.uk.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £9000 to £30000 per unit per year
Discount for educational organisations Yes
Free trial available No

Service documents

Return to top ↑