Lateral

PropertyIQ - Lateral Technology Property & Housing Management System

Lateral Technology's 'PropertyIQ' is a completely configurable product that manages financial information, documents, and communication with tenants. Property and tenant information can be tracked, direct debt information exported daily. The system has built-in task management and reminders, as well as the ability to send letters, emails and sms to tenants.

Features

  • Sophisticated, intuitive user interface
  • Cloud based
  • Office integration, email integration, single sign-on, comprehensive integration API
  • Available on the Amazon Web Services (AWS) platform
  • Configured to ensure adherence to statutory requirements
  • Built-in communications via Live Chat, letters, email, SMS, WhatsApp
  • Full resource, workflow, and activity process management
  • Intelligent, automated bulk processing of workflow activities

Benefits

  • Improve service levels and enhance the customer experience
  • Proven platform used across central and local government
  • Comprehensive out-of-the box functionality through pre-configured workflows
  • Easy-to-use interface helps users navigate the system and process easily
  • Configurable solution through in-built forms, workflows and correspondence template design
  • Multiple time saving features & in-built efficiencies
  • Sophisticated access control model with complete audit trail
  • Powerful SLA / KPI monitoring tools
  • Powerful reporting including dashboards, automated email delivery and data export
  • Extensive administration with super-user features allow detailed management of system

Pricing

£600 a person a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ian@getlateral.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

5 8 9 6 6 4 1 9 5 7 9 3 8 8 8

Contact

Lateral Ian McManus
Telephone: 01242 802352
Email: ian@getlateral.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
The system is guaranteed to be available more than 99.5% of 24/7; any planned downtime will be scheduled to be out of hours when possible, and customers will be alerted in advance. Our service is fully scalable, and all maintenance is managed specifically to ensure service availability to meet each customers needs.
System requirements
  • Any device that supports modern browsers
  • Access to the internet

User support

Email or online ticketing support
Email or online ticketing
Support response times
We aim to resolve the problem within the timescales given below, depending on complexity of the issue and support volumes: 1) Critical issues - our aim is to address and whenever possible, resolve the problem within two business hours (24-hours a day, 7 days a week (24*7)). 2) Significant issues - our aim is to address and where possible resolve the problem within eight business hours (Mon to Fri 9am to 5.30pm GMT/BST). 3) Minimal issues - our aim is to address and where possible resolve the problem within 24 business hours (Mon to Fri 9am to 5.30pm GMT/BST).
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AAA
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Web chat enables users to interact with our dedicated support team and log issues.
Web chat accessibility testing
None.
Onsite support
Onsite support
Support levels
We provide 24/7 ticket and email support and offer the following terms in our SLA (service level agreement): Critical - Target response time: 2 hours, Target resolution time: 8 hours Serious: Target response time: 8 hours, Target resolution time: 24 hours Moderate: Target response time, 12 hours, Target Resolution time, 48 hours Minor: Target response time, 24 hours, Target resolution time, 72 hours We provide each client with a dedicated Customer Success Manager (with technical capabilities).
Support available to third parties
Yes

Onboarding and offboarding

Getting started
All implementations start with a project kick off event to formally start the implementation; the scope of the project will be reviewed and a project plan devised. We provide a consultative implementation which includes 2 days of onsite or remote training, documentation, additional training sessions, sandbox walk through and a help desk that has pre-populated questions such based on keywords that are entered. We offer support for testing, and we train customer staff. After implementation we can assist in any project reviews if required.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
The client can extract data from over 100 pre-built reports or use the report builder. Users can export their data from the web interface as csv, txt, or excel format. Reports can be created the interface itself. Additionally for a small fee (no more than 1 day of work), Lateral can export the data in a required format.
End-of-contract process
Lateral and customer will agree on the format and timeline for the data removal, and keep the service active until the end of the contract unless an extension is agreed.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Our software has been designed to work fully on mobile devices, as well as desktop systems.
Service interface
No
API
Yes
What users can and can't do using the API
Our flexible and powerful Restful API allows users to create their own functionality and interfaces as well as update any data in the system. There are no limitations to the data that clients can modify or access using our API as we now use the API for internal admin area tools as well as external use.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
At the core of our service is a highly customisable workflow engine so the entire workflow can be customised to the clients specific requirements - including automating tasks and communications with the customer. This is frequently why our clients choose us over competitors. We are well-known for our powerful workflow flexibility. The open source customer portal and dashboard can be fully customised. In addition there are custom fields, custom interface (users can drag and drop widgets for various pages, including the dashboard). The menus and the user roles are fully customisable. All reports can be totally customised and provided to ensure any organisational compliance is adhered to. Due to our system being in use across multiple industries we boast one of the most configurable and flexible software systems on the market.

Scaling

Independence of resources
As a fully-scalable, cloud-based system built on AWS technology, our up-time is 99.5%+. Our service has multiple protections. We have multiple security features installed on our servers including real time threat monitoring, firewalls, and application protection. AWS is able to reroute service and protect against Denial of Service attacks.

Analytics

Service usage metrics
Yes
Metrics types
We provide full service metrics, which are all fully auditable on all uptime, usage, background actions, batch actions, imports, and exports. We have over 100 pre-built reports, and users can build their own reports on any data field in the database.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users can export their data from the web interface as csv, txt, or excel format. Reports can be created the interface itself. At request, Lateral can assist with extracting any data for a low cost fee covering the hours involved.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
Microsoft Excel
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • Microsoft Excel
  • Drag & drop functionality allows for PDF, Word import also

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We have a 99.5% guaranteed up-time of the service. As our service normally has a monthly service fee, our customers are refunded if we don't meet guaranteed levels of availability for that month. We also have the following included in our standard SLA: Critical - Target response time: 2 hours, Target resolution time: 4 hours Serious: Target response time: 8 hours, Target resolution time: 24 hours Moderate: Target response time, 12 hours, Target resolution Time, 48 hours Minor: Target response time, 24 hours, Target Resolution time, 72 hours.
Approach to resilience
Data available on request.
Outage reporting
We give email alerts to our customers if there are any outages of the service.

Identity and authentication

User authentication needed
Yes
User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
We restrict user access through a proven RBAC system (role based access control). Only allowed roles (and the users in those roles) have access to management interfaces and support channels.
Access restriction testing frequency
At least every 6 months
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Certified Quality Systems Ltd
ISO/IEC 27001 accreditation date
10/07/2020
What the ISO/IEC 27001 doesn’t cover
We have other policies in place to cover the new GDPR regulations.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
Self-certified
PCI DSS accreditation date
01/01/2021
What the PCI DSS doesn’t cover
Available on request.
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
Information security policies and processes
We follow quarterly internal audits to comply with both ISO 27001 and GDPR. We review security risks at least every 6 months, and whenever something changes, for example a supplier of cloud service changes. We have a fully audited and tested Information Security Management System which underpins our ISO27001 certification. The policies and procedures have been independently audited and practices are audited by external auditors. New staff are inducted into the ISMS when they start; other staff are regularly reminded about responsibilities and managers are required to ensure staff adhere to the policies. Staff are advised when policies are updated. We minimise the people in the company that have access to the live servers and live data, and have not had a security issue since inception (over 10 years ago). The senior management of the company owns the ISMS and the Information Security Management Representative delivers day-to-day management of the system. All staff are reminded they are individually responsible for security. The data security theme is delivered through staff meetings, training sessions, shared documents and via email. Risk assessments are carried out and the competency of the delivery of the ISMS is measured though internal auditing and management review.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
We execute code reviews before pushing any code to the live system, ensuring we are not adding any security vulnerabilities to the system. In addition, all changes are tracked through 'git' ensuring the ability to roll-back to previous versions and see all history of any file throughout the system. We also use continuous integration / continuous delivery. That means that the entire application is monitored constantly (every day) performing roughly 15,000 automated tests that are there to ensure all requirements are fulfilled through an evolving / improving codebase. We periodically perform analysis to address more sophisticated code base review processes.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
We have AWS SafeGuard service for real-time vulnerability monitoring. We also have a former GCHQ Head of Cyber as our security consultant who monitors for imminent threats or potential patches required. If there is evidence that a vulnerability is being exploited and could have an effect on our system, we deploy a patch immediately. If there is no evidence that a vulnerability is being actively exploited, we deploy a patch with the following time scales: ‘Critical’ patches deployed within hours, ‘Important’ patches deployed within 2 weeks , ‘Other’ patches deployed within 8 weeks.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
We identify potential breaches through monitoring applications such as newrelic or monit (which monitor the resources consumption on our nodes) and other monitoring tools. Should the reports be out of the ordinary we proceed in a rapid assessment of affected system logs. This can trigger an immediate halt to all activities on a detected/affected node after contacting all parties involved. This is done to avoid an escalation of a threat until further information is available. We respond within 1 to 2 hours from finding an incident.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
We have pre-defined procedures covered through our ISO 27001 certification manual that state the most common accident types and procedure for how to handle events including escalation and staff involvement. Users are free to report incidents mainly through emails or phone calls. When the incident is resolved we perform a post-mortem report within 72 hours for internal purposes and share the report with any affected clients. This report would include the reasons, the handling of the incident and what will be put in place to prevent it from happening again.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£600 a person a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
We can build a proof of concept staging area for potential clients.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ian@getlateral.com. Tell them what format you need. It will help if you say what assistive technology you use.