Effective Software Contractor Management Software
Keep track of all your contractors’ actions and documents with our contractor module. This ‘system within a system’ allows contractors to input and manage their training and certifications, ensuring that no more documentation falls out of date. This module gives you complete oversight of contractor management in your organisation.
- Track all contractor data in one location
- Track and manage contractor approval
- Give contractor responsibility to manage their own documentation
- Create and complete contractor audits
- Receive notifications on new tasks
- Ensure contractors and supply chain are meeting your safety standards
- Receive notifications when documentation is due to expire
£8380 per instance per year
- Education pricing available
- Free trial available
5 4 4 8 9 2 8 9 4 3 3 8 2 6 5
BCD Safety and Business Support Limited T/A Effective Software
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|Service constraints||No constraints, available on all industry supported web browsers|
|System requirements||Modern Web browser|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Monday-Friday 09:00-17:30 GMT
Effective commits to achieving a 4-business hour median first response time.
Business Hours first response median:
• 2017 – 0.8 hrs
• 2018 – 0.8 hrs
Business Hours full resolution median:
• 2017 – 4.2 hours
• 2018 – 4.0 hours
To enable us to meet these exacting requirements we utilise a system called Zendesk https://www.zendesk.co.uk/ to assist our customers and support team to meet expectations.
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||Yes, at an extra cost|
|Web chat support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support accessibility standard||None or don’t know|
|How the web chat support is accessible||
We use a third party system called Zendesk for our support and ticketing system, including for live chat support. They (Zendesk) are working on accessibility, as described here. https://support.zendesk.com/hc/en-us/community/posts/360000834787-Making-Zendesk-WCAG-2-0-and-Section-508-Compliant
Their current chat widget is not compliant.
|Web chat accessibility testing||As it's a third party product, we have not done any testing at this stage with assistive technology users. Instead, we rely on the vendor/supplier to do that.|
|Onsite support||Yes, at extra cost|
Effective Software has a standard support level provided to all clients.
a) Email Support: Available for all Users for technical issues or general
b) Help Centre Widget: Available to all Users.
- During business hours (9am-5:30pm UTC), the widget provides a Live
Chat channel directly within the system for quick access by Users to
- Outside business hours the widget allows support issues to be
submitted directly into the ticketing system.
- The widget also offers a dynamic response to the content the User is
accessing within the system, suggesting relevant Help Centre
articles that may assist the User.
c) Online Help Centre: Unlimited availability, this is the primary source
of Self-Service help for all Users. Accessible 24/7, this resource
contains a library of articles, videos, and best practice tips to improve
the overall User experience.
d) Help Desk Phone Support: Super Users (High-Level Administrators)
only. May be used to submit critical technical issues only.
e) Dedicated Phone Support will be provided as part of our proposed
The costs of any requirements outside the standard support provided are negotiated on a case by case basis.
|Support available to third parties||Yes|
Onboarding and offboarding
A typical implementation project includes a kick-off call where the short-term goals and roll-out process of the project are discussed and must be agreed by all involved parties for the project to move forward.
The project activities will include onsite days with the project team to identify priorities and milestones, along with weekly online webinars assessing progress and UAT at each stage.
Prior to the project roll-out, on-site training days are carried out in the style of train-the-trainer sessions to empower the client to promote adoption in the organisation.
|End-of-contract data extraction||Effective Software provide clients with a JSON format export of all their data in the system within 30 days of contract termination|
|End-of-contract process||All information is returned to the customer and on agreement permanently deleted from our servers. Effective Software provides a JSON format export of all client's data in the system within 30 days of contract termination as standard. Any requirements outside of this would be negotiated on a case by case basis.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||The service is available as both a responsive web design and native apps designed for iOS & Android.|
|Description of service interface||The main system is accessed via the web, through any standard browser. The user logs in and then may access a variety of Health and Safety features and functions, depending on their level of access.|
|Accessibility standards||None or don’t know|
|Description of accessibility||
Effective are mostly in line with the EN301549 standards with 3 known exceptions:
We are ok for most things, but we have some know issues. For example:
1. Some of our keyboard navigation won't let you complete a form using keyboard only (e.g. the calendar pop ups for dates)
2. Items such as Bodymap and vehicle map don't yet offer another way to complete them (e.g. dropdown etc.)
3. We need to include an explicit "English" tag in our headers to indicate the language of the site
A resolution plan is in place for each of the above.
|Accessibility testing||We have not yet done any testing with users of assistive technology. We are designing our user interface to work to best practice standards for UI design.|
|What users can and can't do using the API||
APIs are available to:
Push employee data to manage the master employee list
Push & Pull training records to and from LMS
Pull data from our rich data source for external visualisation tools
|API documentation formats||Open API (also known as Swagger)|
|API sandbox or test environment||Yes|
|Description of customisation||
The web platform can be rebranded with clients' images and colours according to set templates provided by Effective Software. This only comes as standard with our Premium and Enterprise packages.
The modules in the system are highly configurable in order to align with clients' current Health and Safety Process and this is done by our clients themselves with the assistance of our Customer Success team.
|Independence of resources||
The Effective Solution ensures each user in the system is attributed a session where all his/her actions are managed independently of other concurrent users.
Multiple servers with load balancers are in place to manage load. Notifications and alerts are in place where threshold limits are approached and servers are scalable within the hosting environment to add resource as required.
|Service usage metrics||Yes|
|Metrics types||As part of regular executive business reviews, our Customer Success Managers provide our clients with metrics on system usage frequency, usage by module and customer support interaction and response/resolution times.|
|Reporting types||Reports on request|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||European Economic Area (EEA)|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Physical access control, complying with another standard|
|Data sanitisation process||No|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||The Report Module within the Effective Software EHS Management System allows users to export much of their data in CSV format on demand. Any data export requirements outside that provided for in the reporting module must be discussed with the client's Customer Success Manager.|
|Data export formats||CSV|
|Data import formats||CSV|
|Data protection between buyer and supplier networks||Legacy SSL and TLS (under version 1.2)|
|Data protection within supplier network||Legacy SSL and TLS (under version 1.2)|
Availability and resilience
Availability of 99.9% is committed to in our Enterprise SLA.
Refunds are agreed on a contract by contract basis but normally take the form of service credits applied to your account.
|Approach to resilience||
The database is hosted on a 3-server cluster configured in fail-over mode. The servers are physically located on hardware in 3 separate racks, each with redundant power supplies, networks (ports, switches, firewall and carriers) and RAID5 disk arrays. The working database is snapshot once every hour on the VPS.
All uploaded attachments are further uploaded to Amazon AWS S3 (Europe Zone: Dublin) with 99.999999999% storage guarantees. We complete a full server nightly backup to Amazon AWS. We provide a standard 4-hour response time with disaster recovery testing showing a resumption of service within 2 hours on engineering machines (equivalent to a new environment)
|Outage reporting||Outages are published on our customer service dashboard (hosted separately to the service) and under certain SLA agreements notified by email to key customers.|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||Only client users with SuperUser access can grant access to that client's data. Each system module has multiple access levels to cater for various administrator and end-user needs which can further be restricted by site levels.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||We are applying the OWASP security principles to designing our software. This means we take in to account several considerations as we design new features and major architectural aspects for the system. These include: minimizing attack surface area; choose secure defaults; apply the principle of least privilege; fail securely (and so on). We also analyse our system for failure points, and introduce redundancy and failover to the critical service points across the Effective Platform.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
We maintain a full specification and record of all system components, including hardware, servers, software, and all other configuration aspects of the system. This record is maintained in source control and tracks all changes to source, configuration and deployment.
We use automated tools to build and deploy
Source code control system tracks all changes. All features are tested on QA independent of live environment. Once tested, and verified, we use a deployment tool, to automatically push the new update to the live production system. That deployment tool also archives the existing system configuration, in case changes need to be reverted.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||Our process, at a high level, is that when a given risk materialises, we form an internal team to address and work on the issue, and follow the “playbook” we have created for that risk. A playbook defines the set of steps and things to check and do, in the event of some specific issue arising (such as a breach being detected, or a server becoming unavailable, and so on).|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||We use a variety of tools and techniques to monitor the Effective Platform. These include tools such as Pingdom to check availability and response times of servers and services, monit to track resource use and thresholds of servers, OSquery to track server configuration changes, and tools such as PagerDuty and Slack to manage and co-ordinate responses in the event of an incident. Critical incidents have a 4hr resolution commitment in our Enterprise SLA|
|Incident management type||Supplier-defined controls|
|Incident management approach||
In the event of an incident, we have a planned process to enable incidents to be captured, analysed and then managed, with associated escalation process when and if appropriate.
Users can report incidents through email, webchat, directly on our customer service portal or by phone in working hrs (or out of hours upon agreed SLAs)
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£8380 per instance per year|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||Once an opportunity has been progressed to a point of preferred supplier appointment we offer a 60 day opt out of the service. This allows for the customer to run on a live environment for up to 60 days with any/all of the modules they have agreed to purchase.|