kykloud ltd


Kykloud is a cloud based, property asset management software application used by property investors, owners, operators and consultants in public and private sectors.
The Kykloud suite comprises of three main components: Mobile data collection, a web-based property and project management portal with a real-time desk top publishing and reporting engine.


  • Bespoke survey templates and reports to specific to client needs.
  • Lifecycle Management: system features provide asset monitoring and forecasting.
  • API allows system connectivity and data sharing with other platforms.
  • Data Ownership: users maintain 100% ownership of their data.
  • Data Security: the highest levels of data integrity is applied.
  • Mobile building inpsection.
  • Condition inspections, compliance and energy audits.
  • Portfolio analytics: across the entire property portfolio.


  • No hidden charges: unlimited report generation, free of charge.
  • Continuous improvement: comprehensive product and services, with quarterly software updates.
  • Real-time Project View: full project tracking and control.
  • Improve and Control Quality: data integrity and cross-project consistency.
  • Service Availability: hosted on UK approved data centres.
  • Project Support: 9-5 help desk and dedicated account managers.
  • Industry recognition.


£3,500 a licence a year

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 12

Service ID

5 4 8 7 7 4 2 4 9 4 6 0 6 5 9


kykloud ltd

Andrew Schafer


Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
Providing internet access is available there are no constraints to using the service.
System requirements
Secure internet access

User support

Email or online ticketing support
Email or online ticketing
Support response times
Average response time is less than 4 hours from Monday to Friday, although we strive to respond within an hour. We do not provide Kykloud support on weekends, but do commit to responding first thing Monday morning if a request is submitted over the weekend.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Urgent calls:
Application issue affecting all users; the system is inoperable.
- Response within 30 minutes.
- Escalation: Immediately to technical teams; Notification to senior management immediately; Account Manager informed.

High calls:
Bug affecting key functionality and limiting the available functionality of the system.
- Response within 1 hour
- Escalation: Immediate notification to Help Desk Supervisor; Notification to helpdesk manager if SLA not met.

Normal calls:
A specific functional area is inoperable while other areas of the system are functioning normally.
- Response within 4 hours
- Escalation: Notification to helpdesk manager if SLA not met.

Low calls:
Advice, “how to” calls. Reports of less critical errors.
- Response within 24 hours
- Escalation: Notification to helpdesk manager if SLA not met.

Request for Change:
Request for new feature; feedback on a usability issue.
- Acknowledged within 1 working day N/A
Support available to third parties

Onboarding and offboarding

Getting started
Onsite training, online training and online help documentation are provided.
Service documentation
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Excel Spreadsheets
  • Word Documents
End-of-contract data extraction
Secure FTP transfer from Support Department
End-of-contract process
A request to terminate, or at the end of the contract, a request to end is controlled by the assigned Account Manager.
Outstanding costs will be settled.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices
Differences between the mobile and desktop service
Supported devices include Smartphone and Tablet.
The Kykloud Mobile software product is distributed via AppleTM AppStoreTM or via another 3rd party mechanism chosen by Kykloud.
Kykloud Mobile software is installed on Apple iPadTM devices.
Kykloud guarantees to maintain availability of software services as described above, ensuring Mobile software users can access data created on the Kykloud Core system, and upload data created in the Kykloud Mobile software to the Kykloud core system.
All data held within the Kykloud Core system is backed up and is secure from loss.
Service interface
Description of service interface
Kykloud has an internal API service interface that is used by the browser and iPad application. It is not exposed publicly other than via the iPad application.
Accessibility standards
None or don’t know
Description of accessibility
This is a topic that has been discussed in general but no project as yet to set aside for this specifically. As our web application is growing and we have more resource in Kykloud/Accruent and engagement with User Experience teams we see accessibility hitting our design and development teams. We need to provide interaction with our product without any user barriers.
Accessibility testing
We have not done any testing with assistive technology, as of yet.
What users can and can't do using the API
APIs are granular in nature and require assistance from the service provider to address specific requirements / links.
Access to Kykloud API is controlled via the Kykloud support function. Requests for application access keys are made via email. All software development is undertaken within a sandbox area. Access will not be given access to the full production API until it has been validated and certified.
Kykloud does not charge additional fees for the use of Kykloud API but does operate a fair usage policy.
All API activity via application keys and user accounts are monitored, together with the performance levels associated with it.
API documentation
API documentation formats
API sandbox or test environment
Customisation available


Independence of resources
1. Kykloud's multi-tenanted environment strictly regulates and controls separation between users so there is no adverse performance impacts between users.
2. Interactive dashboards are deployed to continuously monitor performance across all aspects of the production infrastructure, i.e. network, software, hardware and human resource.
3. Technology future-proofing is a prevailing feature of Kykloud's strategic planning that ensures growth is achieved in a measured and controlled manner.


Service usage metrics


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
All Kykloud Core data is stored within ISO27001 accredited data centres, and all backups will be encrypted and replicated to secondary ISO27001 accredited data centres.
Customer data is stored and accessed via their own dedicated url.
All data will be backed up using industry recognised standards with a recovery point of 1 hour.
Data export is guaranteed; a customer can request a full copy of their data at any time.
Data is transferred via secure FTP by the Kykloud Support Department to a dedicated repository at the buyer's site.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
Private network or public sector network
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Kykloud provide 99.5% availability, and generally exceeds this target.
Kykloud Core: The hub of Kykloud software services - accessed via the web used by Kykloud customers to access and manage asset data will be available no less than: 99.5%
Kykloud Mobile: Kykloud Mobile software will have access and availability for communication between client device(running the Kykloud mobile software) Kykloud Core no less than: 99.5%
Kykloud API: Application Programming Interface used for integrating other products and data with Kykloud services and data will be available not less than: 99.5%
Approach to resilience
Information provided on request.
Outage reporting
Outages will be reported by email alerts; such occurrences will be continually monitored by the Support Desk who will keep users informed of any adverse status by means of regular email bulletins.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Access restrictions are independently validated and include, but not limited to, the following processes:
ISP 03: Access Control and Account Management
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Description of management access authentication
If this pertains to system administrator access to the underlying server/network environment, then it would be username and password.

If this is referring to the management of system administrators that administer sites/portals through a browser for customers / it’s administrator level access to the underlying network/servers, this would also require a VPN connection too. Only authorised administrators with UK security clearance are allowed this access.

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Exova BMTRADA Certification Limited
ISO/IEC 27001 accreditation date
Originally 16/08/2013. Last certification 06/03/2017
What the ISO/IEC 27001 doesn’t cover
Nothing: every business area and activity is covered.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Who accredited the PCI DSS certification
Barclaycard Data Security
PCI DSS accreditation date
What the PCI DSS doesn’t cover
Kykloud use agencies for the processing of credit card transfers.
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
ISO 9001:2015
MoD DART Accreditation
Cyber Essentials Part 1 and Part 2
Information security policies and processes
Compliance to the following Security Policies is enforced through internal process improvement processes and by external certification audits:
ISP 02 Risk Management and Assessment
ISP 03 Access Control and Account Management
ISP 04 Security Incident Management
ISP 05 Asset Management and Information Classification
ISP 06 Acceptable Use
ISP 07 System Security and Network Access
ISP 08 Business Continuity Plan
ISP 10 Security Patching
ISP 11 Information Media Mobility, Storage and Disposal
ISP 12 Physical Security and Access
ISP 13 Systems Usage Logging and Audit
ISP14 Staff recruitment, changes and leaving

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Examples of how configuration and change impact assessments are independently validated would include, but not limited to, the following processes:
DSP 01: Design and Development Methodology
DSP 02: Change and Configuration Control
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Examples of how vulnerability management processes are deployed by independent validation would include, but not limited to, the following processes:
ISP 02 Risk Management and Assessment
ISP 10 Security Patching
ISP 13 Systems Usage Logging and Audit
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Examples of how actual and potential security incidents are identified and managed in a responsive and effective manner would include, but not limited to, the following processes:
ISP 04: Security Incident Management
Incident management type
Supplier-defined controls
Incident management approach
Incidents are reported by users to a single source at the Kykloud Support Desk. SLA regulations are then applied.
A pre-defined process is documented in ISP 04 - Security Incident Management procedure that ensures all internal and external incidents are promptly reported and effectively managed.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£3,500 a licence a year
Discount for educational organisations
Free trial available
Description of free trial
Full system features are made available for one month trial period to selected users.

Service documents

Return to top ↑