PIMSS Data Systems Ltd

PIMSS Asset Management System

PIMSS Asset Management system is used as a central asset register, holding stock condition data and component rates and lifecycles for the purpose of creating and managing planned investment programmes, statutory and non-statutory compliance regimes, energy efficiency and asbestos management.


  • real-time reporting
  • investment planning
  • contract management
  • Asbestos management
  • Compliance management
  • Energy management
  • mobile working
  • task management
  • audit reporting
  • Document Management


  • effective budget planning and financial control
  • compliance with regulatory standards and governance
  • compliance with health and safety
  • mobile data capture and synchronisation
  • identification of energy efficiency improvements
  • effective use of staff time
  • effective use of available resources
  • Conduct asset data analysis and scenario testing.
  • Provide a central repository for all asset-related information
  • Eliminate data silos


£4950 per licence per year

Service documents


G-Cloud 11

Service ID

6 0 4 7 1 4 1 0 0 9 1 9 6 6 8


PIMSS Data Systems Ltd

Alex Hardy

0800 121 8767


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints Availability is 24/7, 365 days a year but there is downtime whilst upgrades or scheduled maintenance is carried out.
System requirements Not Applicable

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Majority of questions sent in are answered within 1 hour of receipt. Our dedicated support desk is open between the hours of 8:30am and 5:00pm on normal working days (closed evenings, weekends and bank holidays).
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We provide support and assistance in line with a standard Service Level agreement. When a ticket is raised by a user a Client Impact Score is assigned to the ticket which determines the severity of the ticket, expected response time and target fix time. The table below outlines these response times

Client Impact Score Response Time Fix Time
1. Cannot use the System at all 4 Business Hours 16 working hours
2. Cannot use Parts of the System 8 Business Hours 4 Business Days
3. Something is not working 6 Business Hours Next release
4. Require help 16 Business Hours Next release

All support services are provided as part of the annual subscription fee.

We have a dedicated support desk who are contactable during business hours by telephone and email, and clients receive 2 annual visits from a dedicated account manager.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Onboarding
The implementation of PIMSS follows a PRINCE2-based methodology and delivery of the project is led by a qualified project manager.
The customer is heavily involved in the whole process from the initial project launch meeting, through the design phase, training, and testing.
The volume of training an individual will require depends on their role. Front line staff simply needing to view the system for information may only need one hour’s training, whilst a user who uses more of the day-to-day functionality may require one full day training. Managers involved in investment decision-making may need a more detailed understanding, while an asset management super-user will likely need around six full days of training to become familiar with all aspects of the system.
In addition to the training, the PIMSS User Guide is available from any screen within the system.
Self help videos are also available via our online customer portal.
Customers must provide at least 90 days notice, before the end of the Initial Subscription Term (or any subsequent renewal period). Upon termination of the service, data will be extracted from PIMSS and provided to the customer, in an agreed format, and access to the system will be revoked.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction PDSL can provide full data extracts for clients who no longer wish to use the system at the end of the subscription period on request via our support team.
End-of-contract process All data extracts will be provided at an additional cost at the end of the contract, where the client is unable to successfully extract the data themselves.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
Application to install Yes
Compatible operating systems Other
Designed for use on mobile devices No
Service interface No
Customisation available Yes
Description of customisation PIMSS is flexible and many areas of the system can be customised, depending on the access level of the user: Attribute fields are completely user-defined, enabling users to perform powerful search queries within the system. Rulesets are user-defined and enable users to update multiple fields as a result of one field being updated. The Compliance module is template-driven and these templates are completely user-definable to enable capture of a wide variety of information. The Contracts module is highly customisable – the workflow and governance are all user defined and allow contract managers to manage contracts through the whole contract lifecycle. The layout of the Asset Dashboard screen is configurable per user so that each user can have a unique view of the information presented. Stock Condition survey forms are user-defined and tailored to the individual customer.


Independence of resources Each customer has their own instance of PIMSS in the cloud, meaning they are not adversely impacted by other users during periods of high demand.


Service usage metrics Yes
Metrics types CPU
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency Never
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach The reporting suite within PIMSS includes a range of reports run from SQL Server Reporting Services (SSRS). All reports can also be exported to Excel, pdf, Word and other formats. Where graphical summaries are shown on the screen, these will be exported. Where a data table report or a drill-through detail level is showing, this is the data that will be exported.
Within the PIMSS Planning module, planned programmes of work can be exported into Excel for wider sharing and comparison with external sources of data. Compliance Event data and Schedule of Rates can also be exported directly from PIMSS.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • Excel
  • PDF
  • Word
  • PowerPoint
Data import formats
  • CSV
  • Other
Other data import formats Excel

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Our Servers are hosted on Microsoft Azure, our availability mirrors that provided by Microsoft Azure.

Organizations get a 99.99 percent service-level agreement (SLA) assurance of uptime for VMs with Azure Availability Zones, according to Microsoft's Azure.
Approach to resilience High availability: Maintaining acceptable continuous performance despite temporary failures in services, hardware, datacenters, or fluctuations in load.

Disaster recovery: Protection against loss of an entire region through asynchronous replication for failover of virtual machines.

Backup: Replication of virtual machines and data.
Outage reporting Client communication is managed via our support team via email.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Role based security, via security groups
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information No audit information available
Access to supplier activity audit information No audit information available
How long system logs are stored for Less than 1 month

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials Certification

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards Cyber Essentials Software Security Certification & Accreditation scheme
Information security policies and processes The PIMSS system complies with the Cyber Essentials Security Scheme which is certified and acreddited by the IASME consortium
We have and clearly defined policies, processes and procedures for compliance with GDPR data protection laws which are implemented by our internal management and reporting structures.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Azure has developed formal standard operating procedures governing the change management process. These SOPs cover both software development and hardware change and release management, and are consistent with established regulatory guidelines including ISO 27001, SOC 1 / SOC 2, NIST 800-53.

Microsoft also uses Operational Security Assurance, a framework that incorporates the knowledge gained through a variety of capabilities that are unique to Microsoft including the Microsoft Security Development Lifecycle, the Microsoft Security Response Center program, and deep awareness of the cybersecurity threat landscape. (https://www.microsoft.com/en-us/securityengineering/sdl/)
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Anti Virus is installed, and is monitored on a regular basis.

Azure is responsible for ensuring the service is highly available, definitions are updated regularly, that configuration through the Azure Management Portal is effective and that the software detects and protects against known types of malicious software.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Microsoft Azure employs service instrumentation and monitoring providing visibility when a service disruption is occurring and pinpointing its cause.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Microsoft has developed robust processes to facilitate a coordinated response to incidents.

Identification: System and security alerts may be harvested, correlated, and analyzed.

Containment: Evaluates the scope and impact of an incident.

Eradication: Eradicates any damage caused by the security breach, identifies root cause for why the security issue occurred.

Recovery: During recovery, software or configuration updates are applied to the system and services are returned to a full working capacity.

Lessons Learned: Each security incident is analyzed to protect against future reoccurrence.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £4950 per licence per year
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑