BCD Safety and Business Support Limited T/A Effective Software

Effective Software Contractor Management Software

Keep track of all your contractors’ actions and documents with our contractor module. This ‘system within a system’ allows contractors to input and manage their training and certifications, ensuring that no more documentation falls out of date. This module gives you complete oversight of contractor management in your organisation.


  • Track all contractor data in one location
  • Track and manage contractor approval
  • Give contractor responsibility to manage their own documentation
  • Create and complete contractor audits
  • Receive notifications on new tasks


  • Ensure contractors and supply chain are meeting your safety standards
  • Receive notifications when documentation is due to expire


£8380 per instance per year

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 11

Service ID

5 4 4 8 9 2 8 9 4 3 3 8 2 6 5


BCD Safety and Business Support Limited T/A Effective Software

Brenda Keating



Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints No constraints, available on all industry supported web browsers
System requirements Modern Web browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Helpdesk
Monday-Friday 09:00-17:30 GMT

Effective commits to achieving a 4-business hour median first response time.

Business Hours first response median:
• 2017 – 0.8 hrs
• 2018 – 0.8 hrs

Business Hours full resolution median:
• 2017 – 4.2 hours
• 2018 – 4.0 hours

To enable us to meet these exacting requirements we utilise a system called Zendesk https://www.zendesk.co.uk/ to assist our customers and support team to meet expectations.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Yes, at an extra cost
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible We use a third party system called Zendesk for our support and ticketing system, including for live chat support. They (Zendesk) are working on accessibility, as described here. https://support.zendesk.com/hc/en-us/community/posts/360000834787-Making-Zendesk-WCAG-2-0-and-Section-508-Compliant

Their current chat widget is not compliant.
Web chat accessibility testing As it's a third party product, we have not done any testing at this stage with assistive technology users. Instead, we rely on the vendor/supplier to do that.
Onsite support Yes, at extra cost
Support levels Effective Software has a standard support level provided to all clients.

a) Email Support: Available for all Users for technical issues or general
b) Help Centre Widget: Available to all Users.
- During business hours (9am-5:30pm UTC), the widget provides a Live
Chat channel directly within the system for quick access by Users to
- Outside business hours the widget allows support issues to be
submitted directly into the ticketing system.
- The widget also offers a dynamic response to the content the User is
accessing within the system, suggesting relevant Help Centre
articles that may assist the User.
c) Online Help Centre: Unlimited availability, this is the primary source
of Self-Service help for all Users. Accessible 24/7, this resource
contains a library of articles, videos, and best practice tips to improve
the overall User experience.
d) Help Desk Phone Support: Super Users (High-Level Administrators)
only. May be used to submit critical technical issues only.
e) Dedicated Phone Support will be provided as part of our proposed
support model.

The costs of any requirements outside the standard support provided are negotiated on a case by case basis.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started A typical implementation project includes a kick-off call where the short-term goals and roll-out process of the project are discussed and must be agreed by all involved parties for the project to move forward.

The project activities will include onsite days with the project team to identify priorities and milestones, along with weekly online webinars assessing progress and UAT at each stage.

Prior to the project roll-out, on-site training days are carried out in the style of train-the-trainer sessions to empower the client to promote adoption in the organisation.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Effective Software provide clients with a JSON format export of all their data in the system within 30 days of contract termination
End-of-contract process All information is returned to the customer and on agreement permanently deleted from our servers. Effective Software provides a JSON format export of all client's data in the system within 30 days of contract termination as standard. Any requirements outside of this would be negotiated on a case by case basis.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The service is available as both a responsive web design and native apps designed for iOS & Android.
Service interface Yes
Description of service interface The main system is accessed via the web, through any standard browser. The user logs in and then may access a variety of Health and Safety features and functions, depending on their level of access.
Accessibility standards None or don’t know
Description of accessibility Effective are mostly in line with the EN301549 standards with 3 known exceptions:
We are ok for most things, but we have some know issues. For example:
1. Some of our keyboard navigation won't let you complete a form using keyboard only (e.g. the calendar pop ups for dates)
2. Items such as Bodymap and vehicle map don't yet offer another way to complete them (e.g. dropdown etc.)
3. We need to include an explicit "English" tag in our headers to indicate the language of the site
A resolution plan is in place for each of the above.
Accessibility testing We have not yet done any testing with users of assistive technology. We are designing our user interface to work to best practice standards for UI design.
What users can and can't do using the API APIs are available to:
Push employee data to manage the master employee list
Push...Report Incidents
Push...Report Observations
Push & Pull training records to and from LMS
Pull data from our rich data source for external visualisation tools
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The web platform can be rebranded with clients' images and colours according to set templates provided by Effective Software. This only comes as standard with our Premium and Enterprise packages.

The modules in the system are highly configurable in order to align with clients' current Health and Safety Process and this is done by our clients themselves with the assistance of our Customer Success team.


Independence of resources The Effective Solution ensures each user in the system is attributed a session where all his/her actions are managed independently of other concurrent users.

Multiple servers with load balancers are in place to manage load. Notifications and alerts are in place where threshold limits are approached and servers are scalable within the hosting environment to add resource as required.


Service usage metrics Yes
Metrics types As part of regular executive business reviews, our Customer Success Managers provide our clients with metrics on system usage frequency, usage by module and customer support interaction and response/resolution times.
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process No
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach The Report Module within the Effective Software EHS Management System allows users to export much of their data in CSV format on demand. Any data export requirements outside that provided for in the reporting module must be discussed with the client's Customer Success Manager.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Legacy SSL and TLS (under version 1.2)
Data protection within supplier network Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Availability of 99.9% is committed to in our Enterprise SLA.

Refunds are agreed on a contract by contract basis but normally take the form of service credits applied to your account.
Approach to resilience The database is hosted on a 3-server cluster configured in fail-over mode. The servers are physically located on hardware in 3 separate racks, each with redundant power supplies, networks (ports, switches, firewall and carriers) and RAID5 disk arrays. The working database is snapshot once every hour on the VPS.

All uploaded attachments are further uploaded to Amazon AWS S3 (Europe Zone: Dublin) with 99.999999999% storage guarantees. We complete a full server nightly backup to Amazon AWS. We provide a standard 4-hour response time with disaster recovery testing showing a resumption of service within 2 hours on engineering machines (equivalent to a new environment)
Outage reporting Outages are published on our customer service dashboard (hosted separately to the service) and under certain SLA agreements notified by email to key customers.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Only client users with SuperUser access can grant access to that client's data. Each system module has multiple access levels to cater for various administrator and end-user needs which can further be restricted by site levels.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • All hosting providers are 27001 certified (Amazon & BT)
  • Our 27001 certification is due for approval June 2018

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We are applying the OWASP security principles to designing our software. This means we take in to account several considerations as we design new features and major architectural aspects for the system. These include: minimizing attack surface area; choose secure defaults; apply the principle of least privilege; fail securely (and so on). We also analyse our system for failure points, and introduce redundancy and failover to the critical service points across the Effective Platform.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We maintain a full specification and record of all system components, including hardware, servers, software, and all other configuration aspects of the system. This record is maintained in source control and tracks all changes to source, configuration and deployment.
We use automated tools to build and deploy
Source code control system tracks all changes. All features are tested on QA independent of live environment. Once tested, and verified, we use a deployment tool, to automatically push the new update to the live production system. That deployment tool also archives the existing system configuration, in case changes need to be reverted.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our process, at a high level, is that when a given risk materialises, we form an internal team to address and work on the issue, and follow the “playbook” we have created for that risk. A playbook defines the set of steps and things to check and do, in the event of some specific issue arising (such as a breach being detected, or a server becoming unavailable, and so on).
Protective monitoring type Supplier-defined controls
Protective monitoring approach We use a variety of tools and techniques to monitor the Effective Platform. These include tools such as Pingdom to check availability and response times of servers and services, monit to track resource use and thresholds of servers, OSquery to track server configuration changes, and tools such as PagerDuty and Slack to manage and co-ordinate responses in the event of an incident. Critical incidents have a 4hr resolution commitment in our Enterprise SLA
Incident management type Supplier-defined controls
Incident management approach In the event of an incident, we have a planned process to enable incidents to be captured, analysed and then managed, with associated escalation process when and if appropriate.

Users can report incidents through email, webchat, directly on our customer service portal or by phone in working hrs (or out of hours upon agreed SLAs)

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £8380 per instance per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Once an opportunity has been progressed to a point of preferred supplier appointment we offer a 60 day opt out of the service. This allows for the customer to run on a live environment for up to 60 days with any/all of the modules they have agreed to purchase.

Service documents

Return to top ↑