kykloud ltd


Kykloud is a cloud based, property asset management software application used by property investors, owners, operators and consultants in public and private sectors.
The Kykloud suite comprises of three main components: Mobile data collection, a web-based property and project management portal with a real-time desk top publishing and reporting engine.


  • Bespoke survey templates and reports to specific to client needs.
  • Lifecycle Management: system features provide asset monitoring and forecasting.
  • API allows system connectivity and data sharing with other platforms.
  • Data Ownership: users maintain 100% ownership of their data.
  • Data Security: the highest levels of data integrity is applied.
  • Mobile building inpsection.
  • Condition inspections, compliance and energy audits.
  • Portfolio analytics: across the entire property portfolio.


  • No hidden charges: unlimited report generation, free of charge.
  • Continuous improvement: comprehensive product and services, with quarterly software updates.
  • Real-time Project View: full project tracking and control.
  • Improve and Control Quality: data integrity and cross-project consistency.
  • Service Availability: hosted on UK approved data centres.
  • Project Support: 9-5 help desk and dedicated account managers.
  • Industry recognition.


£3300 per licence per year

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 9


kykloud ltd

David Cairns

+44(0)7939 285 736

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Providing internet access is available there are no constraints to using the service.
System requirements Secure internet access

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Support is available 9am to 5pm Monday to Friday.
Calls outside these times default to an automated answer phone service.
Special arrangements outside these times can be provided.
Standard response is 30 minutes to 1 hour for Urgent tickets.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Urgent calls:
Application issue affecting all users; the system is inoperable.
- Response within 30 minutes.
- Escalation: Immediately to technical teams; Notification to senior management immediately; Account Manager informed.

High calls:
Bug affecting key functionality and limiting the available functionality of the system.
- Response within 1 hour
- Escalation: Immediate notification to Help Desk Supervisor; Notification to helpdesk manager if SLA not met.

Normal calls:
A specific functional area is inoperable while other areas of the system are functioning normally.
- Response within 4 hours
- Escalation: Notification to helpdesk manager if SLA not met.

Low calls:
Advice, “how to” calls. Reports of less critical errors.
- Response within 24 hours
- Escalation: Notification to helpdesk manager if SLA not met.

Request for Change:
Request for new feature; feedback on a usability issue.
- Acknowledged within 1 working day N/A
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Onsite training, online training and online help documentation are provided.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Secure FTP transfer from Support Department
End-of-contract process A request to terminate, or at the end of the contract, a request to end is controlled by the assigned Account Manager.
Outstanding costs will be settled.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Supported devices include Smartphone and Tablet.
The Kykloud Mobile software product is distributed via AppleTM AppStoreTM or via another 3rd party mechanism chosen by Kykloud.
Kykloud Mobile software is installed on Apple iPadTM devices.
Kykloud guarantees to maintain availability of software services as described above, ensuring Mobile software users can access data created on the Kykloud Core system, and upload data created in the Kykloud Mobile software to the Kykloud core system.
All data held within the Kykloud Core system is backed up and is secure from loss.
Accessibility standards None or don’t know
Description of accessibility Standard internet interfaces.
Accessibility testing Limited: work has been completed putting tags into user interface code.
What users can and can't do using the API APIs are granular in nature and require assistance from the service provider to address specific requirements / links.
Access to Kykloud API is controlled via the Kykloud support function. Requests for application access keys are made via email. All software development is undertaken within a sandbox area. Access will not be given access to the full production API until it has been validated and certified.
Kykloud does not charge additional fees for the use of Kykloud API but does operate a fair usage policy.
All API activity via application keys and user accounts are monitored, together with the performance levels associated with it.
API documentation Yes
API documentation formats Other
API sandbox or test environment Yes
Customisation available No


Independence of resources 1. Kykloud's multi-tenanted environment strictly regulates and controls separation between users so there is no adverse performance impacts between users.
2. Interactive dashboards are deployed to continuously monitor performance across all aspects of the production infrastructure, i.e. network, software, hardware and human resource.
3. Technology future-proofing is a prevailing feature of Kykloud's strategic planning that ensures growth is achieved in a measured and controlled manner.


Service usage metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process No
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach All Kykloud Core data is stored within ISO27001 accredited data centres, and all backups will be encrypted and replicated to secondary ISO27001 accredited data centres.
Customer data is stored and accessed via their own dedicated url.
All data will be backed up using industry recognised standards with a recovery point of 1 hour.
Data export is guaranteed; a customer can request a full copy of their data at any time.
Data is transferred via secure FTP by the Kykloud Support Department to a dedicated repository at the buyer's site.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Kykloud provide 99% availability, and generally exceeds this target.
Kykloud Core: The hub of Kykloud software services - accessed via the web used by Kykloud customers to access and manage asset data will be available no less than: 99%
Kykloud Mobile: Kykloud Mobile software will have access and availability for communication between client device(running the Kykloud mobile software) Kykloud Core no less than: 99%
Kykloud API: Application Programming Interface used for integrating other products and data with Kykloud services and data will be available not less than: 99%
Approach to resilience Information provided on request.
Outage reporting Outages will be reported by email alerts; such occurrences will be continually monitored by the Support Desk who will keep users informed of any adverse status by means of regular email bulletins.
Over the previous 2 years the number of outages has been negligible and not caused significant disruption to users.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Access restrictions are independently validated and include, but not limited to, the following processes:
ISP 03: Access Control and Account Management
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for Between 6 months and 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 6 months and 12 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Exova BMTRADA Certification Limited
ISO/IEC 27001 accreditation date Originally 16/08/2013. Last certification 06/03/2017
What the ISO/IEC 27001 doesn’t cover Nothing: every business area and activity is covered.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Barclaycard Data Security
PCI DSS accreditation date 20/01/2017
What the PCI DSS doesn’t cover Kykloud use agencies for the processing of credit card transfers.
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards Cyber Essentials Part 1 and Part 2
ISO 9001:2015
Information security policies and processes Compliance to the following Security Policies is enforced through internal process improvement processes and by external certification audits:
ISP 02 Risk Management and Assessment
ISP 03 Access Control and Account Management
ISP 04 Security Incident Management
ISP 05 Asset Management and Information Classification
ISP 06 Acceptable Use
ISP 07 System Security and Network Access
ISP 08 Business Continuity Plan
ISP 10 Security Patching
ISP 11 Information Media Mobility, Storage and Disposal
ISP 12 Physical Security and Access
ISP 13 Systems Usage Logging and Audit
ISP14 Staff recruitment, changes and leaving

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Examples of how configuration and change impact assessments are independently validated would include, but not limited to, the following processes:
DSP 01: Design and Development Methodology
DSP 02: Change and Configuration Control
Vulnerability management type Supplier-defined controls
Vulnerability management approach Examples of how vulnerability management processes are deployed by independent validation would include, but not limited to, the following processes:
ISP 02 Risk Management and Assessment
ISP 10 Security Patching
ISP 13 Systems Usage Logging and Audit
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Examples of how actual and potential security incidents are identified and managed in a responsive and effective manner would include, but not limited to, the following processes:
ISP 04: Security Incident Management
Incident management type Supplier-defined controls
Incident management approach Incidents are reported by users to a single source at the Kykloud Support Desk. SLA regulations are then applied.
A pre-defined process is documented in ISP 04 - Security Incident Management procedure that ensures all internal and external incidents are promptly reported and effectively managed.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Public Services Network (PSN)


Price £3300 per licence per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Full system features are made available for one month trial period to selected users.


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑