Keepsite Software Limited

Project Management, Portfolio Management, Risk Management. Common data environment.

Keepsite is a SaaS application for organisations that work on the basis of delivering projects. Using keepsite, organisations and project teams can manage each project, and all their projects as an integrated portfolio. Key modules include for risk management and document management.


  • Integrated Project and Portfolio management
  • Document Management (BIM PAS1192-4 compliant)
  • Task Management
  • Mobile App allows field surveys and data collection
  • Remote access
  • Risk management, issue management, lessons learned
  • Real-time and historical reporting
  • Enterprise integration (enterprise API, custom subdomain, SSO)
  • Service Level Agreement (SLA)
  • Common data environment (CDE)


  • Reduces administration time for project teams
  • Helps get better value out of external consultants and contractors
  • Gives portfolio level insights over your projects
  • Aggregate data from across all projects
  • Use historical data to learn and improve over time
  • Provides visibility across projects
  • Collaborative management across departments and firms
  • Accommodate any required project workflows
  • Integrates with third-party applications (ERP, etc.)


£10 to £15 per person per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 10


Keepsite Software Limited

Adam Hyde


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Keepsite currently Updates the Service twelve (12) times per year but the number of Updates may be increased or decreased by Keepsite, to a maximum 24 hours per year. Updates requiring scheduled downtime will be pre-empted by a scheduled downtime warning no less than 72 hours before being implemented. These notifications will be delivered to all users via in app notifications and to named contacts via email.
System requirements No specific requirements beyond web browser access.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Keepsite will provide Customer with 24x7x365 technical assistance in accordance with it's SLA.
Response times:
Severity Level 1: 1 hour
Severity Level 2: 1 hour
Severity Level 3: 4 hours
Severity level 4: 24 hours
Severity Level 5: 24 hours
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Video, voice, text. Interface and interaction design consistent with good practice accessibility principles but uncertified.
Web chat accessibility testing None.
Onsite support Yes, at extra cost
Support levels If an issue is unable to be resolved remotely we are able to provide onsite support at a daily cost per attending person. We will dispatch an appropriate team member depending on the nature of the issue. For pricing, refer separate pricing document.

For offsite training, we will provide a service based on these rates tailored to suite requirements.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Potential customers can trial Keepsite at no cost. Basic information is required to get started on a trial.

We provide user documentation via our online knowledge-base, we offer onsite or remote training, including via video-conferencing or webinar.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Data can be downloaded directly from the application by all authorised users.

Enterprise customers can receive a download of their data, provided via file transfer.
End-of-contract process Customers can download their data or receive a data download of their database records from Keepsite. Included in cost.

Customers can elect to delete their account entirely or maintain an archived account, which can be later reactivated. Archived account incurs a nominal data storage charge.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Yes. Functionality is restricted on the mobile applications (IOS and Android) to actions that can be meaningly completed on such devices.
Accessibility standards None or don’t know
Description of accessibility TBC
Accessibility testing None
What users can and can't do using the API TBC
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation 1. Users can write plugins to integrate directly to the Keepsite platform, which can be private and proprietary, made available on a commercial basis, or made available on a public and open source basis.
2. Customers can configure the software and workflows from directly within the application to tailor it to the needs of their business, individual business units, or project requirements.
3. Customers can utilise the API to administer aspects of the application from third party systems.


Independence of resources By committing to KPI's established within the SLA, which guarantee a minimum service and performance level.

Keepsite is designed to be a highly performant application and currently supports enterprise customers across the globe.


Service usage metrics Yes
Metrics types Anonymised aggregated data pertaining to number of active users, frequency of use, and within application behaviour (which features are being used, etc.

We are working toward real-time dashboards for service metrics.
Reporting types
  • API access
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process No
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Download it direct from the user interface.
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats Various file types can be accommodated for documents, images, etc.

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Keepsite's Service Availability commitment for a given twelve (12) month period is 99.5%.
Service Availability is calculated as follows:

Total - Unplanned Outage - Planned Maintenance
Total - Planned Maintenance X 100 ≥ 99.5%

In the event of a failure by Keepsite to meet the Service Availability and Service Response minimums as set forth in this SLA, as Customer's sole and exclusive remedy, at Customers request, Keepsite shall provide service credits.
Approach to resilience Service Level Agreement
Analysis of the design
Outage reporting API

Implementing public dashboard Q3 2018

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Keepsite maintain nuanced user access controls across for all levels of functionality, which are structured at the organisation business unit and project levels.

In addition, customers manage only their own service, and cannot access, modify or otherwise affect the service of other consumers via management tools and interfaces and they can restrict permissions given to administrators, including in the context of collaboratively managed projects.

This applies for support as well as application interfaces.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Cyber Essentials (July 2018)
  • SOC1 and SOC2 for shared service and datacenter controls

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Currently in process of certifying.
Information security policies and processes Keepsite maintains a comprehensive, written information security program that contains administrative, technical, and physical safeguards that are appropriate to (a) the size, scope and type of Keepsite's business; (b) the amount of resources available to Keepsite; (c) the type of information that Keepsite will store; and (d) the need for security and confidentiality of such information.

We assign security responsibility - Assigning responsibility for the development, implementation, and maintenance of its Information Security Program, including:
- Designating a security official with overall responsibility;
- Defining security roles and responsibilities for individuals with security responsibilities; and
- Designating a Security Council consisting of cross-functional management representatives to meet on a regular basis.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Full details available upon request.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Potential threats, vulnerabilities or exploitations that could affect the service are assessed, and corrective actions taken. Keepsite monitor relevant sources of information relating to threat, vulnerability and exploitation techniques and the severity of threats and vulnerabilities is considered. We use this information to prioritise implementation of mitigations. Known vulnerabilities within the service are tracked until appropriate mitigations have been deployed and the timescales for implementing mitigations to vulnerabilities is available.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Keepsite monitors the hardware that supports the application and has programmed alerts for monitored network components, such as CPU, memory, storage, database, and other components. Operations staff monitor alerts associated with deviations to against defined thresholds, and follow standard operating procedures to investigate and resolve underlying issues.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach We maintain a security incident response plan that includes procedures to be followed in the event of any security breach of Customer Data or any security breach of any application or system directly associated with the accessing, processing, storage, communication or transmission of Customer Data.
Formation of an internal incident response team with a response leader;
Assessing the risk the incident poses and determining who may be affected;
Internal reporting as well as a notification process
Keeping a permanent record of what was done and by whom
Conducting and documenting root cause analysis and remediation plan

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £10 to £15 per person per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial The first three projects are free. Students use the application for free.

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑