Jacobs U.K. Limited


Streamlining construction management and site-supervision activities; from on-site data capture to the approval and completion of site-supervision inspections. TrackRecord enables organisations to demonstrate their statutory compliance to clients and contractors in a highly configurable, auditable, user-friendly web-based tool with companion mobile apps that reduce the risk of inefficient reporting.


  • Project and Inspection data capture into a highly configurable database
  • Highly configurable digitised quality, safety and site inspection workflows
  • Data available to all parties with user access control
  • Monitor compliance activities against projects, sites and assets
  • Dynamic action management and evidence storage
  • Companion data capture apps and synchronisation to centralised database
  • Live dashboards demonstrate compliance in real time, identifying gaps
  • Application Programming Interface (API’s) to interface with client/contractor systems
  • Fully hosted web service and centrally stored data
  • Established software over 17 years and continually developing


  • Reduced cost of compliance while keeping people safe
  • Reduces risk of non-compliance
  • Dynamic and automated reporting outputs, reduction of manual effort
  • Digitised inspection workflows, reduction of paper-based processes
  • Creates audit trail for project-related inspection issues and challenges
  • Streamlines site inspection process through use of mobile technology
  • Increases transparency of compliance
  • High-volume, configurable, adaptable and scalable database
  • Defines responsibility and accountability for tasks and actions
  • Enables quick retrieval of data


£10,000 to £500,000 a licence

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hugh.mcmichael@jacobs.com. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

5 3 4 2 1 8 7 2 7 8 4 9 1 4 4


Jacobs U.K. Limited Hugh McMichael
Telephone: N/A
Email: hugh.mcmichael@jacobs.com

Service scope

Software add-on or extension
Cloud deployment model
  • Private cloud
  • Hybrid cloud
Service constraints
Planned maintenance is carried out outside of standard business hours and will generally be transparent to users.
System requirements
Chrome, Firefox, Safari, MS Edge, Internet Explorer

User support

Email or online ticketing support
Email or online ticketing
Support response times
Generally within 24 hours
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Support requests are assigned an SLA based on urgency.
Support available to third parties

Onboarding and offboarding

Getting started
We provide both online and offline user guides, webinar and onsite training (for a fee).
Service documentation
Documentation formats
End-of-contract data extraction
Data can be exported from the system in XML, HTML, JSON and Excel formats.
End-of-contract process
All client data is provided at the end of contract in agreed formats. With client agreement, data will be retained for period after contract termination to ensure no data is lost in transfer.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
TrackRecord is built as a responsive web application and will dynamically reposition the UI to suit desktop, tablet and phone resolutions.
Service interface
What users can and can't do using the API
TrackRecord has a data transfer API to facilitate import and export of data sets between systems.
API documentation
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Customisation available
Description of customisation
General configuration, data sets and terminology are customisable.


Independence of resources
The server platform is automatically and continually monitored to ensure performance standards are maintained for all users/clients.


Service usage metrics
Metrics types
User login details are available
Reporting types
Real-time dashboards


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Using standard functionality users can download data in bulk from TrackRecord in XLSX (Excel) format.
Data export formats
  • CSV
  • Other
Other data export formats
  • XLSX / Excel
  • JSON
  • HTML
  • XML
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The TrackRecord service is operated under a "best effort" SLA and we do not provide specific guarantees. TrackRecord historically has very good uptime performance of 99.98% over the last year.
Approach to resilience
We utilise MS Azure as a real time fail over environment in case of disaster affecting our primary data centre, severely reducing the likelihood of extended downtime.
Outage reporting
We use 3rd party automated monitoring services which continually check if our services are available. If downtime is ever detected system administrators are immediately notified via email and SMS. A public dashboard page is also available.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
TrackRecord has an admin interface accessed by the Jacobs support desk that enables full control of user and user team access to modules and user rights (e.g. ability to edit or delete). User access can be locked upon request by the client or if there is no user activity for a specified period of time (6 months) then the user account is automatically locked.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Jacobs takes all aspects of security very seriously and we provide the top level of service support. Hosted solutions provided by Jacobs Digital have undergone regular penetration testing by an independent 3rd party security consultancy. Our SasS (Software as a Service) platforms are available as fully managed hosted solutions on the internet or we also offer heightened security hosting options including hosting within our client’s network and bespoke secure network solutions.
Information security policies and processes
Jacobs offer integrated and truly secure enterprise-capable solutions that span the cybersecurity lifecycle. We are a market leader in cyber security offering the full breadth of security services. We offer a complete suite of cyber capabilities that range from holistic enterprise lifecycle security and secure business transformation, to threat assessment, risk management, security architecture, audit, review & penetrating testing, SOC and incident response (CIR). Because our services are engineered to align with the cybersecurity standards of our clients and market regulations (from the National Institute of Standards and Technology (NIST) to the Office of Nuclear Regulation and Ministry of Defence), the client is completely free choose the engagement model and service level that aligns with their needs. In particular, the Jacobs Cybernet secure network solution has been certified for use up to UK Official Sensitive and the highest Defence Cyber Protection Partnership level (usually reserved only for Secret). We also have a number of certified Secret networks across the UK

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Application updates goes through a series of checks before being rolled out to our production environment including code reviews, black box testing, acceptance testing, security testing and finally penetration testing after being rolled out.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Application updates are routinely checked for possible vulnerabilities including XSS and CSRF attacks, SQL injection and weak password controls. Data encryption is always employed when exposing/transferring data to a client side environment.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We use active monitoring to detect possible attacks including an IDS firewall for network level threats and automated detection built into the application itself to indicate and notify of a possible attack.
Incident management type
Supplier-defined controls
Incident management approach
In the event of an incident the TrackRecord support team will often be the first point of contact. They will go through a pre-defined check list and determine if they can resolve the issue, if not they will contact the technical support team to follow up with the user. For a serious issue, such as a prolonged server outage, the TrackRecord disaster plan will come in effect. After the incident is resolved a downtime post-mortem will be carried out to establish the exact cause and what can be done in future to avoid a repeat situation.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£10,000 to £500,000 a licence
Discount for educational organisations
Free trial available
Description of free trial
We can provide a tailored demo site at no cost with some basic configuration to demonstrate to a client that our tools are capable of delivering client requirements. We also have existing non-client specific demo sites that potential clients can be invited to access upon request.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hugh.mcmichael@jacobs.com. Tell them what format you need. It will help if you say what assistive technology you use.