Elf Software Ltd

Asset, Property & Compliance Management Software and Oracle and IBM Cloud solutions. copy

elf Software Ltd specialise in developing software solutions and comprehensive support services in Property, Asset & Compliance specifically to support Local Authorities, Academies, Schools & Outsourcing Companies.
In addition elf Software ltd can now offer Oracle and IBM cloud software solutions.


  • Asset Management Planning
  • Estates Management
  • Facilities Management (Helpdesk & PPM)
  • Management of Cyclical Compliance Activities (Statutory Testing & Inspections)
  • Plant & Equipment Servicing
  • Surveying & Assessments (Asbestos, Condition, DDA, Fire Risk)
  • Oracle Cloud offerings
  • IBM Cloud offerings


  • Anytime, Anywhere, on any device
  • Real-time information flow that enhances visibility
  • Enhanced efficiency in business processes, improving productivity
  • Use land and property more effectively
  • It delivers the necessary knowledge to support better decision making
  • Overcome compliancy issues in keeping the estate safe
  • Transforms your approach to remove wasteful duplication of data
  • Integration of all property management information needs
  • One data repository to store property information


£9000 to £30000 per unit per year

  • Education pricing available

Service documents


G-Cloud 11

Service ID

4 5 8 1 1 2 5 6 7 7 0 1 7 0 3


Elf Software Ltd

Christopher Lloyd

01952 676929


Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
Our service has no constraints for the buyer, however, if the buyer wants to host the software internally they will need to adhere to our system architecture model.
System requirements
None unless client is hosting the software

User support

Email or online ticketing support
Email or online ticketing
Support response times
Based on a business day, questions are replied to within 24 hours.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Support is provided by elf's internal Service Desk.
The level provided is support between Monday - Friday 09:00am - 17:00pm.
Each support issue is dealt with according to the agreed SLA's.
Support available to third parties

Onboarding and offboarding

Getting started
Elf provide leading secure, accurate, efficient and effective front and back office business services and solutions to a range of public and private sector organisations. Delivered through the application of innovative technology, proficient processes and flexible resource models; providing excellent value for money. This service enables customers to meet and exceed service levels, in an efficient and cost effective manner delivered through a unique mixture of knowledge, skills and proven secure technology.

On award of a contract, elf will immediately instigate a Project Initiation Meeting (PIM) to ensure the timescales are met. The PIM will identify amongst other matters, the project reporting and quality assurance and performance monitoring requirements of the client.

elf’s data services offering is backed up by the knowledge and expertise to help provide a comprehensive review of all data sources, systems and structures in order to allow clients to use information effectively.

Customers have the option of tailored, on-site training or formal courses at elf’s training centre. elf hosts a range of comprehensive training solutions for new and advanced users of the software suite.
Service documentation
End-of-contract data extraction
Customers are able to work with ourselves to extract all of the data at the end of the contract if this is required.
End-of-contract process
If customers wish to use our expertise in extracting all of their data at the end of the contract, there are additional costs involved and this will depend on the volume and complexity of the data.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
  • Safari 9+
Application to install
Compatible operating systems
Designed for use on mobile devices
Differences between the mobile and desktop service
The main application is accessed via IE11 requiring Windows OS. The interactive portal applications are designed as a light weight front-end for clients, contractors and staff.
Service interface
Customisation available
Description of customisation
The service is modular based, which allows customers to choose what applications they want.


Independence of resources
We operate though a Tier 3 level data centre utilising a market leading supplier who is able to meet our scalable demands to ensure that our clients services are not affected.


Service usage metrics
Metrics types
We are able to offer two different types of service metrics which are as follows:

Ticket volume, ticket backlog, resolution rate, average reply time, average first response time, customer satisfaction, average handle time, first contact resolution rate, net promoter score and replies per ticket.

Uptime SLA of the hosted solution.
Reporting types
Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Users can export data into several different formats i.e. PDF, CSV, Excel, Word and XML.

Data can be extracted directly from the SQL database if users have the relevant expertise.
Data export formats
  • CSV
  • Other
Other data export formats
  • Excel
  • Word
  • XML
Data import formats
  • CSV
  • Other
Other data import formats
  • Excel
  • XML

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Our hosting supplier provides an SLA which incorporates a 99.9% service uptime. Any refunds due to availability issues would be on a client by client basis in line with their contract.
Approach to resilience
This information is available on request.
Outage reporting
Our hosting supplier notifies us by Email if there are any server outages.
We in turn, will Email our clients directly.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Within the application a system administrator is responsible for user access and privileges. With the 2 factor authentication the first point of access is controlled via internal hosting IT.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
SN Registrars (Holdings) Limited
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
All aspects of our system infrastructure and product offerings are covered by our ISO certification.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Compliance with ISO27001 is a written requirement of employment at our company and is regularly assessed by our in-house auditing team as well as through six monthly externally led audits. We also operate through the premise of least available privilege for all system users, including a named and vetted system team whose higher level access to systems is fully monitored and subject to 2FA throughout. The systems team report to the Technical Director who is entirely responsible as a Board member for the technical infrastructure. We also operate our entire company systems on the same infrastructure - fully separated from client instances - and as such our company DR and BCP apply to the same infrastructure.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All system components are subject to 24/7 monitoring for performance and tracked issues, and are proactively replaced if their performance shows signs of future degradation. We also operate an N+N redundant system in most areas, with a fallback to N+1 to avoid a single failure impacting on system availability. Changes are fully assessed for security impact in line with ISO27001 security controls and tested on internal development systems before rollout.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Our technical team are alerted to potential threats directly by our hardware and software partners, and will deploy threat responses immediately based on industry information or detected issues within our infrastructure. Patches are deployed based on the level of threat and impact on our infrastructure - as we operate a fully redundant series of systems, we can inspect the performance as patches are deployed and continue rollout or roll back as needed.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
As with all system level impacts, we monitor the system 24/7 to ensure that all operating parameters are within expected levels, and our automated monitoring systems will raise an alert to our systems team if this is not the case. Patches and updates to the system are communicated to all affected users directly and also published on our status page for our cloud servers.
Incident management type
Supplier-defined controls
Incident management approach
Incidents can be reported to our systems team through our ticketing system and will automatically be raised to priority 1 if a cloud based system is affected. Our team also apply standard processes for the resolution of system issues against a known good backup and rollback procedure. Incident reports - both ongoing and previous - are available through our status page at status.academia.co.uk.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£9000 to £30000 per unit per year
Discount for educational organisations
Free trial available

Service documents

Return to top ↑