True Compliance is a cloud based compliance management system which uses new technologies such as document reading and AI to help Councils and RSLs manage their Health and Safety compliance and keep their customers safe.
- PDF Reading technology
- Designed to be Bespoke
- Public APIs to interface data
- Transparency with internal and external stakeholders login
- Mobile Ready
- Real time dashboard with bespoke widgets
- Checking documents against rules created by customer
- Simple and robust action tracking with dual sign off
- Reports Centre which allows for instant reports and filtering
- Specialised system for Compliance rather than add-on
- Manage actions on site
- Reduces Administration time as system does the hard work
- Intuitive system which requires minimum training
- System designed to mould to your processes
- Increased data accuracy as all information checked before loading
- One centre place for all compliance data
- Regain control from contractors with more accurate and detailed KPIs
£25000 to £100000 per licence per year
5 8 1 1 8 7 1 0 5 2 4 8 4 0 2
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Service constraints||The service has no constraints.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Users will get a response within 24 of the request being made. On weekends a response will be received within 24 hours of Monday 09:00am|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Web chat support||Web chat|
|Web chat support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support accessibility standard||None or don’t know|
|How the web chat support is accessible||Users are able to ask questions using the web chat which is available on our website and Helpdesk portal. Users are able to talk directly to an agent who can either resolve the issue or create a support ticket.|
|Web chat accessibility testing||None.|
|Onsite support||Onsite support|
|Support levels||We provide all levels of support to users of the system. The first level of support can be answered by a client support rep or an engineer, the second level will always be answered by an engineer. The support you receive is included in the price of the system and bares no extra cost.|
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||Full on-site user and administrator training is included in the service costs. Users are given full support to set up the system specific to their needs. The initial data-load is quality checked and uploaded by True Compliance before being placed in a test environment for training and validation by the client. User documentation is provided via the True Compliance website.|
|End-of-contract data extraction||Users have access to all their data via the reports centre and is able to download the information they want on demand.|
|End-of-contract process||There are no end of contract charges, once the customer is happy they have all their data, we would close access to the platform and delete data from our systems.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||No differences between the two.|
|What users can and can't do using the API||
Our Public API allows users to add certificates to our load queue, and fetch and search for certificate information.
We do not currently allow clients to create their own account, this is done in house via a request to the support desk. Clients can then send an authentication request to receive an access token.
Bespoke APIs can also be created by request via the support desk that allows movement of key data into corporate systems.
|API documentation formats||Other|
|API sandbox or test environment||Yes|
|Description of customisation||The 'Dashboard Widgets' can be customised to show whatever the user requires to be shown dependant on their needs. The 'Rule Set' that is used to test the data from the incoming documents can have custom rules added to allow for better management of contractors. The 'Property/Block View' page can be customised to show what the customer would like to see on that page (e.g. Housing office name, Appointment information, description of premises from an FRA, etc.) All 'Reports' are made specially for each customer. 'Process' can be altered to match the customer's preferred process. This can all be done by contacting your client rep or emailing support.|
|Independence of resources||
We utilise auto scaling technologies on AWS to automatically spin up extra resources based on demand.
We use load balancing technology to share the user load on our servers.
The application is designed as a series of micro servers removing load from the main application api.
|Service usage metrics||No|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||The data is available via reports centre and can be downloaded on demand.|
|Data export formats||CSV|
|Data import formats||CSV|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
Our SLA specifies the following uptime guarantees:
Live TC System and associated systems: 99.9%
Exports and Interfaces: 99.5%
Test TC system and associated systems: 99%
We offer a full pro rata refund for any downtime that breaches these guarantees.
|Approach to resilience||
We use AWS to host our platform. They have first rate security policies surrounding the actual data centre.
All our servers are protected behind access keys, and within a Virtual Private Cloud. Database access is locked down to the specific application servers that need access.
|Outage reporting||Downtime is relayed to the development team via email alerts, who can then inform clients.|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||Access is restricted via user roles. Certain roles have greater access and privileges within the application.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||Yes|
|CSA STAR accreditation date||15/04/2019|
|CSA STAR certification level||Level 1: CSA STAR Self-Assessment|
|What the CSA STAR doesn’t cover||None|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||CSA CCM version 3.0|
|Information security policies and processes||
Security falls under the purview of the CTO. Policies are in place to ensure that this role is being undertaken.
The CTO must report on security processes and incidents at each board meeting.
Weekly external scans of the system are undertaken.
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
All application code is run through git version control.
We run tests on the codebase daily, and all changes and updates are tested locally and in a demo environment prior to release.
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
We run weekly vulnerability tests, using a third party service.
Reports are generated and reviewed by the CTO. Appropriate remedial action is taken. High risk issues are fixed where possible within 24 hours. Other issues are remedied within 5 working days.
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||We run weekly vulnerability tests, using a third party service. Reports are generated and reviewed by the CTO. Appropriate remedial action is taken. High risk issues are fixed where possible within 24 hours. Other issues are remedied within 5 working days.|
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
Incidents can be reported to TC via the helpdesk firstname.lastname@example.org or by ringing your account manager.
We have a documented incident management plan, which kicks into action upon discovery of an incident.
Incident reports will be sent to all clients on request.
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£25000 to £100000 per licence per year|
|Discount for educational organisations||No|
|Free trial available||No|