Facilities Management Contract Pricing and Operational Efficiency Benchmark

We use 3D laser scanning technology to capture all data sets of a buildings internal assets combined with our AI and patentable algorithms to accurately quantify and benchmark the contract pricing and operational efficiency.


  • Procurement– Benchmarked data in all Facilities Management Categories
  • Real-time Business Intelligence– data integrated with relevant ERP.
  • Reporting & Dashboards– Visibility and Access to existing systems
  • BIM– Internal building Scans automated collection of data sets
  • Facility Management, benchmarking contract pricing and operation efficiency
  • Inventory Management – tracking of all assets and its geo-location
  • COVID Assessment of communal work spaces for cleaning requirements
  • COVID Workforce return social distancing
  • COVID cleaning strategy for employers


  • Procurement - Cost and time savings
  • Procurement- Accurate requirements specifying and budget setting in procurement
  • Business Intelligence- Make data driven decisions, time/cost savings
  • Reports & Dashboard– Accelerating project management and decision-making process.
  • BIM – accurate data for the FM industry, saving time/costs
  • Facility Management– automating end to end bid & tender process
  • Full audibility of contracted services
  • Inventory Management – visible cost centre spend, time/cost savings
  • Compliance with Employer duties for safe Post-COVID work return
  • COVID assurance for facilities management


£250.00 a person a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

6 3 5 7 6 2 7 9 1 3 0 8 8 0 3


SCANQUO LTD Oliver Kilvert
Telephone: 07737 991759

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Automation of processes
- Bid and tender
- Procurement processing software
- benchmarking
- Scanning software
- Building information systems
- automated buildings
- Sensor technologies

BMS – Building Management Systems
BIM – Building Information Modelling
Cloud deployment model
Private cloud
Service constraints
System requirements
Access to any cloud based Saas technology

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 4 hours weekdays, weekends within 12 hrs
User can manage status and priority of support tickets
Online ticketing support accessibility
Phone support
Phone support availability
9 to 5 (UK time), 7 days a week
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), 7 days a week
Web chat support accessibility standard
Web chat accessibility testing
Currently undergoing testing
Onsite support
Onsite support
Support levels
We provide the scanning service using our local contractor to ensure the scan is completed to the appropriate quality.

Our support team can assist clients with developing procurement specifications, pricing schedules, contract guide prices, detailed specifications.

COVID assessments and analysis of the workplace to facilitate social distancing and return to work are supported by our technical support, we can support the purchase of additional modules and technology to support greater utility and automation.
Support available to third parties

Onboarding and offboarding

Getting started
Clients predominantly use our Online training support, user documentation and video tutorials but do have access to our support services (Web, Phone, email).

Online Training: is provided as part of the package

Onsite training: is offered as a premium product that attracts an additional cost if required.
Service documentation
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
We provide full CSV files of data upon request. This can be accessed through the API however, we normally do this on the client s behalf ion order to check and validate the files extracted.
End-of-contract process
Following a request for termination:

The report and dashboarding module is used to import and export reports (exporting in the case of termination) and files can be exported as a CSV file directly by the client.

The Dashboard gives access to all data per modules selected, the client selects their chosen data for extraction and the file is compiled.

Costs: There are no additional costs for exporting data.

For clients with issues exporting data or require a particular format, our tech team can extract the data and pass it to the client.

For upgrades for additional modules then module costs will apply.
Cleaning Module
Asset Tracking Module
COVID Assessment

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The key difference is formatting for the appropriate device. The mobile version has around 80% functionality of the full system. This is primarily due to data file sizes and download speeds. However, we recognise some of the 3d walkthroughs and scan images require a large screen to display useful images.
Service interface
Description of service interface
This is a standard interface requiring acceptance of cookies. The interface is fully GDPR compliant, and password protected.
Accessibility standards
Accessibility testing
This is currently in testing with assistive technologies
What users can and can't do using the API
Service Set-Up: Onboarding is supported by our Tech team who guide the service user through the full feature functionality of our platform to ensure customised set up to meet the service user need.

Making Changes: Online Training and configuration from our tech team is provided to ensure the customer can use the system and make changes as required. The API ensures the system is fully customisable and can be updated at any time.

Limitations: There are no limitations on the changes that can be made through the API settings.
API documentation
API documentation formats
  • HTML
  • ODF
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
What can be customised: All asset data sets can be customised to size and quantity specifications to meet the clients use requirements.

How users can customise: Clients can add, remove and delete these asset data sets, and add modules for different applications of the software.
1) Benchmarking Facilities management aspects such as cleaning
2) Inventory control to identify and manage assets, The client can further customise this by adding geo-locators and equipment specifications, seller information, service records for managing stock/inventory.
3) COVID assessments can be customised by the client to include; workplace layout planning; cleaning schedules; placement of handsanitisers, control of common areas.
4) Bid commissioning specifications for use of our associated bid platform or data porting to another third party tender process management portal.

Who can customise: Any user to our platform with permission of the superuser for the customer.


Independence of resources
Full Quality Assurance process in place prior to any release of new functionality as well scaling of users measured with the daily, weekly, and monthly active users metrics assures that customers are not affected by demand from other users.

Technical support is resourced with capacity to handle 150% of normal traffic to ensure a responsive service.


Service usage metrics
Metrics types
Customised Metrics: On engagement, Scanquo Tech support will work with the customer to agree on the most appropriate metrics for their service and frequency of reporting and develop the report templates.

This provides a range of metrics:
Daily, weekly, and monthly active users (DAU, WAU, MAU).
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data is exported by the client through the 'Reporting Dashboard'. The data can be exported as a CSV, Excel, or another format most appropriate top the client.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
ScanQuo builds apps on Azure to take advantage of high availability, disaster recovery, and backup on Azure’s global network. This builds redundancies at the virtual machine (VM), data centre and regional levels based on client business needs. This also enables us to stay compliant with the UK's legal and regulatory requirements respective of the location of data storage allowing client choice and control.

Azure is guaranteed under ISO-22301 Certification International Standard which demonstrates the ability to prevent, mitigate respond to and recover from disruptive incidents.

The systems are built to red-flag issues arising, provide automated reporting, offer client reporting of incidents and manage troubleshooting and fault resolution processes.
Approach to resilience
The ScanQuo system is built to provide:
High availability - To maintain acceptable continuous performance;
Disaster Recovery- To protetc against loss through asynchronous replication of virtual machines (Azure Site recovery/Geo-redundant storage);
Back-up- Replication of virtual machines and data to one or more regions using Azure backup.

The approach to resilience protects against failures within data centres, protection of the entire data centre from failure and regional protection within a permitted and agreed on data residency boundary.

Red flags to identify issues arising and automated reporting of incidents to ScanQuo and the customer. Troubleshooting and fault resolution processes are robustly planned under a range of contingency actions.

Resilience is planned through the location of data centres, location of data storage, recovery processes, and placement of key personnel for which we plan preventative measures; mitigation measures; response plans; and recovery interventions.
Outage reporting
The Client contact will be notified by email if using the API or system dashboard the outages will be reported via the dashboard or report tab.

The public dashboard is the first indicator, which can be customised to send an API or email alert to designated customer staff.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
We restrict access to the client administrator and the Superuser only.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
CSA CCM version 3.0
Information security policies and processes
Information Security Policy Covers:
- Information risk assessments
-Security Control Assets
-Access Control
-Application Access Control
-Equipment Security
-Protection from malicious software
- Monitoring system access
- Business continuity and disaster recovery
- Training and awareness
- system change control

Data Protection Policy
Complies with the 7 data protection principles:
- Lawfulness, fairness, transparency
- Purpose and limitations
-Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality
- Accountability

Information Governance Policy
processes, roles policies, and standards for managing information.

Incident Response Policy Covers:
Types of Computer Incidents that may require Incident Response Team activation. Some examples include:
• Breach of personal information
• Denial of service/Distributed denial of service • Excessive port scans
• Firewall breach
• Virus outbreak

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
ScanQuo change management procedures and controls are implemented to ensure that:
- a system cannot be changed or introduced without proper justification and approval
- a system operates correctly
- change requests are addressed according to the appropriate procedure
- changes to system functionality are known
- changes do not adversely affect the security of the system
- changes do not adversely impact another functioning production system.

Functional Change Management e.g. changing business methods/user interface changes
Non-Functional Change management e.g. infrastructure change/performance enhancement/design change/configuration change/application re-write
Data Change requests e.g. to correct corrupted data
Emergency Change Management e.g. functional errors
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
The ScanQuo Vulnerability Management process is risk-focused built on assessment and compliance; analysis and prioritisation; and attack management:

Scanning: Scan Data prioritised through analytics
Patching: continuous patching based on risk to critical assets and is data-driven by priority.
Measurement: we operate measurable processes
Tracking and Tracing: Developing emerging threat driven metrics and trends
Systems: Attacker and threat-focused with multiple attack vectors scanned and prioritised.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Identifying potential compromises: User reporting; system scanning; vulnerability assessment; attacker and threat scanning.

Response to potential compromises: Risk categorisation and prioritisation Low, Medium & High level associated with the likelihood of occurrence and severity and impact of the compromise/vulnerability/threat.

High-level response: Attack in progress/imminent threat - Top priority - immediate response to contain, restrict and remove the attacker aim to prevent data loss/system damage.
Medium level: No attack in progress, but severe consequences if the compromise is exploited.
Low level: prioritised based on time vulnerability has been known, potential risk impact is low.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
ScanQuo has a predefined process.

1) Users report incidents by telephone

2) Incident reporting:
-Is the incident real or perceived?
-What data or property is threatened and how critical is it?
-Is business Impact Minimal/serious/or critical?
-System targeted/location
-Is the response urgent?
-Can the incident be quickly contained?
- Will the response alert the attacker?
-What type of incident is this? Example: virus/worm/intrusion/abuse/damage.

2) Categorisation:

3) Investigation System logs/firewall logs/interviews

4) IRT recommnend changes preventing reoccurrence

5) Restore affected systems

6) Post-mortem review lessons learned/policy updates/reporting

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Scottish Wide Area Network (SWAN)
  • Health and Social Care Network (HSCN)


£250.00 a person a month
Discount for educational organisations
Free trial available
Description of free trial
What’s included: Taking a captured CAD data file to conduct a pricing exercise to showcase the product and understand what and how this product works in your environment.

What isn’t included: Visibility to reporting and analytics module and benchmarks e.g. on a cleaning contract.

Time period: 14 days

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.