AIT Partnership Group Ltd


SMARTset is a state-of-the-art Industrial IoT platform that connects to any equipment, sensor or meter. It provides configurable dashboards, reports and analytics to manage energy and environmental conditions and control source equipment and sensors.

It is suitable for technical estates, data centres, communication rooms and street cabinet applications.


  • Industrial IoT management software with fully customisable dashboard
  • Monitor and control IT and M&E plant, sensors & meters
  • Multi protocol support including SNMP, BACnet, Modbus and HTTP(S)
  • Sophisticated reporting engine enabling complex, visual reports
  • Advanced visual programming for Alarm & Control pre set conditions
  • RESTful API and hot plug in integrations with other tools
  • Real time thermal and power mapping and analysis
  • CFD - Computational Fluid Dynamics
  • What if Analysis
  • Monitor and control with machine specific performance analysis using HTML5


  • Increase resilience of critical infrastructure
  • Identify, prevent and diagnose faults
  • Maintain optimal enviromental conditions for equipment
  • Reduce energy costs by optimising cooling
  • Increase capacity of data centres and comms rooms
  • Integration with DCIM , BMS and ITSM protects investment
  • Open system design compatible with all standard sensors and meters
  • Users can add their own visualisations and features using plugins
  • Automated and remote control reduces cost of on site support
  • Removes dependence on expensive "closed" BMS


£200 per licence per month

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 11

Service ID

6 3 0 0 8 5 9 0 4 7 8 5 1 5 0


AIT Partnership Group Ltd

Mr Steven Bailey


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints SMARTset is a Java application that can be used on nearly any platform, with nearly any operating system.
System requirements HTML 5 Browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times SLA
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels All support contracts include Telephone support

Additional Support Options available on request

All support is provided via a ticketed help desk
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Full onsite training is provided with additional online training and documentation provided
Service documentation No
End-of-contract data extraction The data can be provided in CSV format or for an additional cost a bespoke database can be delivered
End-of-contract process There is no formal end of contract process.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service SMARTset uses a responsive interface but users can switch between normal Desktop and Mobile mode
Service interface No
What users can and can't do using the API Users can add new display widgets, comms protocols and integrations with their own equipment.
They can use RESTful or SNMP to add, list and delete data. The OSGi Plugin framework provides complete control over the whole application via Java binding.
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation Every aspect of SMARTset can be customised; the look and feel, application features and user access. Users can design their own Dashboards, Reports and Alarms.


Independence of resources For large implementations, SMARTset can be deployed as a cluster, federated across many servers with a load-balancer that multiplexes requests to low use servers. Database storage is scalable through clustering and replication along with sharding.


Service usage metrics Yes
Metrics types Numbers of concurrent users, requests and database usage. Memory, CPU and disk capacity and usage. Historical analysis of all the above.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold 4NG

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process No
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Data is exported via reports
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability SLA uptime and availability are customer contract dependent. Supported options are 99.999% through replication, load sharing and warm-standby options. All options are available.
Approach to resilience Available on request
Outage reporting A public dashboard, API and e-mail alerts are included. Outages and behaviour outside normal operating parameters is report using all of the above mechanisms as well as SMS messaging

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels All aspects of SMARTset are governed by Roles and Privileges. Users have roles which in turn grants them privileges to functionality and features of the system
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Security Metrics.
PCI DSS accreditation date 8th March 2017
What the PCI DSS doesn’t cover Based on the information provided by AIT Partnership Group Ltd involving its security policies, procedures, and regulations,
SecurityMetrics has found the merchant to be compliant with the Payment Card Industry Data Security Standards (PCI DSS),
endorsed by Visa, MasterCard, American Express, Discover, and JCB card brands. AIT holds SAQ C3.1 level certification which excludes electronic storage of credit card data
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We are working towards ISO27001 to cover specific areas of our business. This approach is replicated across AIT.
Information security policies and processes Enterprise level firewall appliance which has regular intrusion tests.
Complex user passwords with a 30 days enforced change policy.
L2TP VPN for remote access
All policies are communicated during the staff induction process and regularly communicated during departmental meetings.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All changes made to our internal systems must first be approved by our senior management team before being thoroughly test. When the acceptance criteria has been met the change will be implemented.

All perimeter appliances are regularly tested for vulnerabilities. Updated firmware and security patches are implements to all perimeter and internal appliances as appropriate.

Our security appliances have proprietary software that will detect any unauthorized activities and notify our systems manager.

Incident management is handled using our Ticketing / CRM system
Vulnerability management type Supplier-defined controls
Vulnerability management approach All perimeter appliances are regularly tested for vulnerabilities. Updated firmware and security patches are implements to all perimeter and internal appliances as appropriate and when advised by the vendor. Information in relation to potential threats is gathered from vendor websites.
Protective monitoring type Undisclosed
Protective monitoring approach This is handled by our perimeter security appliance. Out systems manager will be alerted to any unauthorised activity by way of text / email notification and it will be immediately investigated
Incident management type Undisclosed
Incident management approach Incidents are management / tracked by our CRM system. Incidents can be raised by phone or email and this will be logged as a ticket with the appropriate SLA. Our CRM has the ability to provide granular reporting on all tickets raised.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £200 per licence per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Everything is included, restricted only by time period

Service documents

Return to top ↑