mpro5 mobile platform including biometric Time & Attendance, IoT, Job Scheduling, Asset Management, Health & Safety, NHS mobile Auditing, and Data Capture on iOS, Android, and Windows 10.


  • Mobile Job Scheduling with Digital Signature
  • Mobile Workflow with Digital Signature & Photos
  • Real-time reporting
  • GPS Tracking & Geofencing
  • Internet of Things (IoT sensors)
  • Real-time alerting
  • Document Storage and Mobile Document Viewing
  • Invoicing completed Jobs / Workflows
  • Asset Management
  • Time and Attendance (Biometric or PIN based)


  • Complete jobs on the move
  • Guide users through configurable workflows on tablets and smartphones
  • Get notified by email, SMS, and push notifications
  • Connect IoT sensors to get real-time data
  • Automatic scheduling and alerting based on IoT data
  • Invoice based on completed workflows and jobs automatically
  • Give users the documentation they need out in the field
  • Use real-time, interactive dashboards to analyse the data captured
  • We help you configure the system as you need
  • UK-based support available by default


£495 to £100000 per instance per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 10



Luke Jeffrey

01892 542444

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to We offer out of the box APIs to enable you to integrate with our systems.
Systems already used are:

Great Plains
Sage Line 50 - Sage 200
Bespoke Applications
Cloud deployment model Public cloud
Service constraints Our service runs on Microsoft Azure's cloud in the UK datacentres as needed.

We support Android and iOS mobile devices using current & last versions of their operating systems.

We recommend using Chrome for accessing the mpro5 web client.
System requirements
  • IOS 9+ for Apple Devices
  • Android 6+ for Android Devices (Samsung recommended)
  • Google Chrome recommended for web client

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Business hours support included by default 9am - 5:30pm Monday to Friday

Tickets can be raised by online portal, email, or telephone
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We respond to all tickets within 1 hour (not automated)

We aim to close all support issues where practical within 24 hours and configuration changes up to 5 days (dependent upon complexity)
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Mpro5 is a full premium service, we offer training included in our pricing. For onboarding we normally offer a configuration session and a training session on-site once configured.

We offer to undertake data imports for our customers as needed to get them up and running as quickly as possible.

Additional training is available on request.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Online knowledgebase
  • Bepsoke Videos (for a particular configuration)
End-of-contract data extraction Users can extract their data using the mpro5 website, or alternatively request a BACPAC file from the technical team.
End-of-contract process At the end of the intial term, mpro5 automatically becomes a rolling month to month contract. At this point, a customer can request termination or renewal accordingly. A backup of data (BACPAC) can be made available at no extra charge, or a user can export data through the website.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Mobile devices are used for data capture and completion of the jobs / workflows themselves.

Web browsers are used to configure the workflows, schedule the jobs, and view reports.
Accessibility standards None or don’t know
Description of accessibility The service is accessible with customisable text size and language as required. mpro5 controls are correctly named and described as required.
Accessibility testing The mpro5 web client and mobile client has been tested with individuals with autism on both mobile devices and desktop browsers.
What users can and can't do using the API Using the mpro5 API, it is possible to configure the entities of the mpro5 system ranging through Customers, Sites, Locations, Contracts, SLAs, Jobs and in some cases Users.

The API can also be used for completed data retrieval by third party systems, for example, accessing all the completed jobs for a given day and updating another application with the details of completion recorded by mpro5.
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Mpro5 can be configured for different scenarios - we have users ranging across many industries from Facilities Management to Healthcare.

If any request cannot be configured by the service team, the customer can ask for bespoke development which is assessed and quoted on a case by case basis.


Independence of resources Every mpro5 customer exists within their own 'silo' within the mpro5 cloud running on Microsoft Azure. We use real-time scaling to ensure that additional load does not impact existing customer experience. This also enables us to cope with peak periods.


Service usage metrics Yes
Metrics types Mpro5 monitors usage of the application from completed requests to active users. This could be:

Jobs Completed
Workflows Completed
Users Active
Users Logged In
Inactive Users
Overdue Jobs
Jobs inside SLA
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach All mpro5 data is stored in the Microsoft Azure cloud and encrypted at rest
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Every grid within the mpro5 web client has an Export button that is controlled by permissions. You can choose to export data as needed on an entity by entity basis.

Specific data exports can also be made as reports, or if necessary, requests can be completed by our service team.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • Excel
  • Word
  • TIFF
  • XML (via API)
  • JSON (via API)
Data import formats
  • CSV
  • Other
Other data import formats Excel

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability We offer the Microsoft Azure uptime guarantee of 99.99%
Approach to resilience Mpro5 is incredibly resilient thanks to using Microsoft Azure PaaS.
Each mpro5 database runs in triplicate with real-time failover.
Each mpro5 API service runs across distributed hardware both physically and geographically.
We use the Dublin and UK Azure Datacentres.
Outage reporting We use social media to communicate with the majority of our clients, our standard mechanisms are:

Direct Email
Through the mpro5 web client 'home' screen

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels At any point within mpro5, a user can change their password or request for it to be reset via the support team. Users of mpro5's passwords are salted and hashed meaning no clear text equivalent exists.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 The British Assessment Bureau
ISO/IEC 27001 accreditation date 7th January 2016
What the ISO/IEC 27001 doesn’t cover Microsoft Azure Infrastructure (separately and directly certified by Microsoft)
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications SSAE16 Type II

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We have a full ISMS 27001 Document available on request that details all of mpro5's policies and processes.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Configuration changes to your mpro5 system can be made by requests to our service team. Each change is discussed with the end user prior to implementation to ensure correct delivery.

Changes (new development) are raised through feature requests and are assessed as described in our ISO27001 process which evaluates any security considerations.

We also ensure that new changes are covered in our annual penetration tests for external verification of security.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach We implement Microsoft Azure's real-time threat detection services to monitor the mpro5 infrastructure. This covers intrusion at the database level as well as the software layer.

Patches to the mpro5 Azure infrastructure are deployed immediately by Microsoft directly.

Patches to the mpro5 software are release immediately once available. If a patch is deemed low priority or not concerning security, this will fall into a monthly or quarterly systems upgrade.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Again, using real-time intrusion detection we are monitoring the mpro5 environment constantly.

When notified of a potential compromise, the security team at mpro5 is notified who then assess the notification to be true or a 'false-positive' before recommending remedial action to the support team.

We respond within an hour to incidents and aim to close any high priority issues the same day.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Our incident management conforms to our ISO 27001 and SSAE16 documentation.

Users can report incident by email, telephone, or using the online support portal.

When incidents are reported, case numbers are assigned and we respond to those cases directly within the support portal. This portal gives our users full end-to-end visibility of all incident reports and their statuses in real-time.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £495 to £100000 per instance per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial We offer a 30-day trial of mpro5 for government organisations that is limited to an agreed scope.


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑