inVida Limited

INVIDA property and facilities management platform

The INVIDA space and asset management platform is a configurable cloud-based solution that can be quickly deployed. Optional plug-in modules provide tools to support the delivery of space & asset surveys, life cycle maintenance planning, compliance, task and works order management, and, document management.

Features

  • Digitised model of your physical buildings, spaces, systems and assets
  • Mobile Survey Tool allows asset & condition to be gathered/verified
  • Control the timely and accurate updating of asset information
  • Easily incorporate 2D and 3D floor plans and imagery
  • Auto-generation of detailed lifecycle costing plans to BS 8544
  • Manage compliance inspections/tests, documentation and remedial works
  • Tools to manage a modern facilities helpdesk
  • Resource scheduling for one or multiple teams
  • Manage and visualise reactive and planned maintenance
  • Easily incorporate BIM data in COBie format

Benefits

  • Eliminates multiple data-pools, creating a common Estate database
  • Capital allocation based on hard data, ensuring optimum impact
  • Greater proportion of time spent analysing v producing data
  • Reduce the time/cost spent surveying physical assets
  • Improve visibility of risk if/when sweating asset service life
  • Improve planning of CAPEX works, and procurement opportunities
  • Better visibility and planning of cashflow linked to lifecycle planning
  • Optimise maintenance spend to better reflect life cycle plans
  • Better inform your decision-making asset age, performance and condition
  • Unlimited number of buildings or spaces

Pricing

£200 per instance per month

  • Education pricing available

Service documents

Framework

G-Cloud 11

Service ID

5 6 2 2 9 9 4 5 7 7 2 0 3 8 1

Contact

inVida Limited

Chris Butchart

0333 335 0041

chris.butchart@invida.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
None
System requirements
Standard web browsers including IE10+, Edge, Chrome and Safari

User support

Email or online ticketing support
Email or online ticketing
Support response times
We aim to respond to all questions or reported issues within 30 minutes.

Resolution times vary depending on criticality, and range from 30 mins (Critical) to 8 hours (Minor Issues).
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
We provide all clients with our standard level of support. Access to our support help desk during business hours Mon-Fri 9am-5pm is included within our standard monthly access charges.

Each client is assigned a technical account manager.

Additional onsite support and training can be made available, and associated costs are detailed in our pricing table.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
An account manager will be assigned to each client. We will always meet with clients and develop a detailed deployment plan based outlining how we will work with clients to import existing data, configure template libraries and provide onsite user training.

The INVIDA platform includes access to a rich knowledge base that includes tutorials, user guides and FAQ sections.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Tools within the platform allow data to be exported at any point in time to CSV or ODF formats. Additionally, clients can request a periodic export of all data be securely delivered to them in an agreed format.
End-of-contract process
Within 30 days following the termination of the contract, we will:
a) ensure all customer materials/data are returned to the client;
b) irrevocably delete from the platform all customer confidential information; and
c) irrevocably delete from our other computer systems all customer confidential information, and return to the customer or dispose of as the customer may instruct all documents and materials containing customer confidential information.
There are no additional charges made upon termination of the contract.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Our Mobile App is designed with a relatively simple/intuitive interface to support those performing surveys, completing remote assessments, and field-service staff managing activities assigned to them.

The desktop service contains many powerful features and visualisations that are not available to users of the Mobile App.
Service interface
Yes
Description of service interface
There is a service interface within INVIDA that allows users to raise support tickets and access a knowledge-base of articles and guidance notes.
Accessibility standards
None or don’t know
Description of accessibility
The INVIDA platform does not incorporate or reply upon any audible signals or warnings.

Throughout the user interface colours are used to visually relay the status or performance of various data elements. Wherever colour is used as an indicator, pop-up text provides further clarification of the indicated status.

All user interfaces, including graphics, images and text are designed to be dynamically scalable up to 200% using standard web-browser controls.
Accessibility testing
*************Answer required
API
Yes
What users can and can't do using the API
The INVIDA platform includes Json/RESTful APIs which can be used by clients, or third parties to interact with INVIDA via other systems. These APIs include those required to:
1. Exchange changes to Space data;
2. Exchange changes to Asset data
3. Generate reactive works orders as managed in CAFM.
4. Exchange the completion status of reactive works orders managed in remote task management applications such as CAFM.

In addition, we are willing to work closely with customers or other software providers to develop bespoke integrations where required.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
No

Scaling

Independence of resources
Each client has its own server instance and segregated database. Service is hosted on Amazon Elastic Compute Cloud, with performance monitored and additional processing and storage resources deployed in order to ensure users are not affected by the demand of other users within their organisation. No additional access charges are passed on to customers when additional computing resources are deployed in this way.

Analytics

Service usage metrics
No

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Tools exist within the platform to export pre-determined data sets into CSV or ODF formats.
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Subscriptions include a service level agreement commitment that the platform is available 99.95% of the time during each calendar month.
In the event that the platform fails to meet the availability commitment then service credits are issued to the customer, such service credits to be deducted from future access charges.
Approach to resilience
Available on request.
Outage reporting
Email alerts are issued to agreed customer representatives (or optionally all users) when service outages of greater than 10 minutes are experienced.

Identity and authentication

User authentication needed
Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
IAM provides user access control to AWS services, APIs and specific resources. Other controls include time, originating IP address, SSL use, and whether users authenticated via MFA devices.

API calls to launch/terminate instances, change firewalls, and perform other functions are signed by Invida's Amazon Secret Access Key. Amazon EC2 API calls cannot be made on Invida's behalf without access to customers’ Secret Access Ke.

API calls can be encrypted with TLS/SSL for confidentiality and customers can use TLS/SSL-protected API endpoints.
Access restriction testing frequency
At least every 6 months
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
The security of our service is our highest priority.

We use AWS as our hosting provider as we have confidence in their approach to Cloud security and that our customers benefit from a data centre and network architecture built to meet the requirements of the most security-sensitive organisations.
Information security policies and processes
Invida implements formal, documented policies and procedures that provide guidance for operations and information security within the organisation. Policies address purpose, scope, roles, responsibilities and management commitment.

Invida has established information security functions that are aligned with defined structure, reporting lines, and responsibilities. Leadership involvement provides clear direction and visible support for security initiatives.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Changes to the INVIDA platform follow secure software development practices, including security risk reviews prior to launch. Developer access to production environments is via explicit access system requests, subject to owner review and authorisation.

All production environment changes are reviewed, tested and approved. Stages include design, documentation, implementation (including rollback procedures), testing (non-production environment), peer to peer review (business impact/technical rigour/code), final approval by authorised party.

Emergency changes follow incident response procedures. Exceptions to change management processes are documented and escalated to AWS management.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Invida performs periodic scanning, penetration testing, file integrity monitoring and intrusion detection of our instances/ applications.

Our hosting provider AWS performs vulnerability scans on the host operating system, web applications, and databases in the AWS environment. This scanning includes 3rd party vendor external assessments (minimum frequency: quarterly).
Identified vulnerabilities are monitored and evaluated. Countermeasures are designed and implemented to neutralise known/newly identified vulnerabilities.

Our teams, and hosting provider, monitor newsfeeds/vendor sites for known issues and patches.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Invida relies on alerts generated by AWS cLog events.

AWS deploys (pan-environmental) monitoring devices to collect information on unauthorised intrusion attempts, usage abuse, and network/application bandwidth usage. Devices monitor:

• Port scanning attacks
• Usage (CPU, processes, disk utilization, swap rates, software-error generated losses)
• Application metrics
• Unauthorized connection attempts

Near real-time alerts flag incidents, based on AWS Service/Security Team- set thresholds.

Requests to AWS KMS are logged and visible via the account’s AWS CloudTrail Amazon S3 bucket. Logs provide request information, under which CMK, and identify the AWS resource protected through the CMK use.
Incident management type
Supplier-defined controls
Incident management approach
Invida adopts a three-phased approach to manage incidents:

1. Activation and Notification Phase
2. Recovery Phase
3. Reconstitution Phase

To ensure the effectiveness of the Invida Incident Management plan, we conducts incident response testing for the discovery of defects and failure modes as well as testing the systems for potential customer impact.

The Incident Response Test Plan is executed annually, in conjunction with the Incident Response plan. It includes multiple scenarios, potential vectors of attack, the inclusion of the systems integrator in reporting and coordination and varying reporting/detection avenues.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£200 per instance per month
Discount for educational organisations
Yes
Free trial available
No

Service documents

Return to top ↑