PIMSS Asset Management System
PIMSS Asset Management system is used as a central asset register, holding stock condition data and component rates and lifecycles for the purpose of creating and managing planned investment programmes, statutory and non-statutory compliance regimes, energy efficiency and asbestos management.
- real-time reporting
- investment planning
- contract management
- Asbestos management
- Compliance management
- Energy management
- mobile working
- task management
- audit reporting
- Document Management
- effective budget planning and financial control
- compliance with regulatory standards and governance
- compliance with health and safety
- mobile data capture and synchronisation
- identification of energy efficiency improvements
- effective use of staff time
- effective use of available resources
- Conduct asset data analysis and scenario testing.
- Provide a central repository for all asset-related information
- Eliminate data silos
£4950 per licence per year
6 0 4 7 1 4 1 0 0 9 1 9 6 6 8
PIMSS Data Systems Ltd
0800 121 8767
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Service constraints||Availability is 24/7, 365 days a year but there is downtime whilst upgrades or scheduled maintenance is carried out.|
|System requirements||Not Applicable|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Majority of questions sent in are answered within 1 hour of receipt. Our dedicated support desk is open between the hours of 8:30am and 5:00pm on normal working days (closed evenings, weekends and bank holidays).|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
We provide support and assistance in line with a standard Service Level agreement. When a ticket is raised by a user a Client Impact Score is assigned to the ticket which determines the severity of the ticket, expected response time and target fix time. The table below outlines these response times
Client Impact Score Response Time Fix Time
1. Cannot use the System at all 4 Business Hours 16 working hours
2. Cannot use Parts of the System 8 Business Hours 4 Business Days
3. Something is not working 6 Business Hours Next release
4. Require help 16 Business Hours Next release
All support services are provided as part of the annual subscription fee.
We have a dedicated support desk who are contactable during business hours by telephone and email, and clients receive 2 annual visits from a dedicated account manager.
|Support available to third parties||No|
Onboarding and offboarding
The implementation of PIMSS follows a PRINCE2-based methodology and delivery of the project is led by a qualified project manager.
The customer is heavily involved in the whole process from the initial project launch meeting, through the design phase, training, and testing.
The volume of training an individual will require depends on their role. Front line staff simply needing to view the system for information may only need one hour’s training, whilst a user who uses more of the day-to-day functionality may require one full day training. Managers involved in investment decision-making may need a more detailed understanding, while an asset management super-user will likely need around six full days of training to become familiar with all aspects of the system.
In addition to the training, the PIMSS User Guide is available from any screen within the system.
Self help videos are also available via our online customer portal.
Customers must provide at least 90 days notice, before the end of the Initial Subscription Term (or any subsequent renewal period). Upon termination of the service, data will be extracted from PIMSS and provided to the customer, in an agreed format, and access to the system will be revoked.
|End-of-contract data extraction||PDSL can provide full data extracts for clients who no longer wish to use the system at the end of the subscription period on request via our support team.|
|End-of-contract process||All data extracts will be provided at an additional cost at the end of the contract, where the client is unable to successfully extract the data themselves.|
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||Other|
|Designed for use on mobile devices||No|
|Description of customisation||PIMSS is flexible and many areas of the system can be customised, depending on the access level of the user: Attribute fields are completely user-defined, enabling users to perform powerful search queries within the system. Rulesets are user-defined and enable users to update multiple fields as a result of one field being updated. The Compliance module is template-driven and these templates are completely user-definable to enable capture of a wide variety of information. The Contracts module is highly customisable – the workflow and governance are all user defined and allow contract managers to manage contracts through the whole contract lifecycle. The layout of the Asset Dashboard screen is configurable per user so that each user can have a unique view of the information presented. Stock Condition survey forms are user-defined and tailored to the individual customer.|
|Independence of resources||Each customer has their own instance of PIMSS in the cloud, meaning they are not adversely impacted by other users during periods of high demand.|
|Service usage metrics||Yes|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||Never|
|Protecting data at rest||Physical access control, complying with another standard|
|Data sanitisation process||No|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||
The reporting suite within PIMSS includes a range of reports run from SQL Server Reporting Services (SSRS). All reports can also be exported to Excel, pdf, Word and other formats. Where graphical summaries are shown on the screen, these will be exported. Where a data table report or a drill-through detail level is showing, this is the data that will be exported.
Within the PIMSS Planning module, planned programmes of work can be exported into Excel for wider sharing and comparison with external sources of data. Compliance Event data and Schedule of Rates can also be exported directly from PIMSS.
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||Excel|
|Data protection between buyer and supplier networks||Private network or public sector network|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
Our Servers are hosted on Microsoft Azure, our availability mirrors that provided by Microsoft Azure.
Organizations get a 99.99 percent service-level agreement (SLA) assurance of uptime for VMs with Azure Availability Zones, according to Microsoft's Azure.
|Approach to resilience||
High availability: Maintaining acceptable continuous performance despite temporary failures in services, hardware, datacenters, or fluctuations in load.
Disaster recovery: Protection against loss of an entire region through asynchronous replication for failover of virtual machines.
Backup: Replication of virtual machines and data.
|Outage reporting||Client communication is managed via our support team via email.|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||Role based security, via security groups|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||No audit information available|
|Access to supplier activity audit information||No audit information available|
|How long system logs are stored for||Less than 1 month|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||Cyber Essentials Certification|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||Other|
|Other security governance standards||Cyber Essentials Software Security Certification & Accreditation scheme|
|Information security policies and processes||
The PIMSS system complies with the Cyber Essentials Security Scheme which is certified and acreddited by the IASME consortium
We have and clearly defined policies, processes and procedures for compliance with GDPR data protection laws which are implemented by our internal management and reporting structures.
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
Azure has developed formal standard operating procedures governing the change management process. These SOPs cover both software development and hardware change and release management, and are consistent with established regulatory guidelines including ISO 27001, SOC 1 / SOC 2, NIST 800-53.
Microsoft also uses Operational Security Assurance, a framework that incorporates the knowledge gained through a variety of capabilities that are unique to Microsoft including the Microsoft Security Development Lifecycle, the Microsoft Security Response Center program, and deep awareness of the cybersecurity threat landscape. (https://www.microsoft.com/en-us/securityengineering/sdl/)
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
Anti Virus is installed, and is monitored on a regular basis.
Azure is responsible for ensuring the service is highly available, definitions are updated regularly, that configuration through the Azure Management Portal is effective and that the software detects and protects against known types of malicious software.
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||Microsoft Azure employs service instrumentation and monitoring providing visibility when a service disruption is occurring and pinpointing its cause.|
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
Microsoft has developed robust processes to facilitate a coordinated response to incidents.
Identification: System and security alerts may be harvested, correlated, and analyzed.
Containment: Evaluates the scope and impact of an incident.
Eradication: Eradicates any damage caused by the security breach, identifies root cause for why the security issue occurred.
Recovery: During recovery, software or configuration updates are applied to the system and services are returned to a full working capacity.
Lessons Learned: Each security incident is analyzed to protect against future reoccurrence.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£4950 per licence per year|
|Discount for educational organisations||No|
|Free trial available||No|