inVida Limited

INVIDA property and facilities management platform

INVIDA offers owners & managers of property portfolios a digital platform that represents the physical Estate, its Buildings, Spaces & assets, allowing condition assessment to be continuous, the production of lifecycle plans to be automated, compliance to be assured, and service & maintenance activities to be integrated.


  • Digitised model of your physical buildings, spaces, systems and assets
  • Mobile Survey Tool allows asset & condition to be gathered/verified
  • Control the timely and accurate updating of asset information
  • Easily incorporate 2D and 3D floor plans and imagery
  • Auto-generation of detailed lifecycle costing plans to BS 8544
  • Manage compliance inspections/tests, documentation and remedial works
  • Tools to manage a modern facilities helpdesk
  • Resource scheduling for one or multiple teams
  • Manage and visualise reactive and planned maintenance
  • Easily incorporate BIM data in COBie format


  • Eliminates multiple data-pools, creating a common Estate database
  • Capital allocation based on hard data, ensuring optimum impact
  • Greater proportion of time spent analysing v producing data
  • Reduce the time/cost spent surveying physical assets
  • Improve visibility of risk if/when sweating asset service life
  • Improve planning of CAPEX works, and procurement opportunities
  • Better visibility and planning of cashflow linked to lifecycle planning
  • Optimise maintenance spend to better reflect life cycle plans
  • Better inform your decision-making asset age, performance and condition
  • Unlimited number of buildings or spaces


£200 per instance per month

  • Education pricing available

Service documents

G-Cloud 10


inVida Limited

Chris Butchart

0333 335 0041

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints None
System requirements Standard web browsers including IE10+, Edge, Firefox, Chrome and Safari

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Our help desk operates during business hours of 9am to 5pm, Monday to Friday, excluding bank or public holidays in England.
During these hours, all emails and online tickets are responded to within 30 minutes.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We provide all clients with our standard level of support. Access to our support help desk during business hours Mon-Fri 9am-5pm is included within our standard monthly access fees.
Each client is assigned a technical account manager.
Additional onsite support and training can be made available, and associated costs are detailed in our pricing table.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started An account manager will be assigned to each client. We will always meet with clients and develop a detailed deployment plan based outlining how we will work with clients to import existing data, configure template libraries and provide onsite user training.
The INVIDA platform includes access to a rich knowledge base that includes tutorials, user guides and FAQ sections.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Tools within the platform allow data to be exported at any point in time to CSV or ODF formats. Additionally, clients can request a periodic export of all data be securely delivered to them in an agreed format.
End-of-contract process Within 30 days following the termination of the contract, we will:
a) ensure all customer materials/data are returned to the client;
b) irrevocably delete from the platform all customer confidential information; and
c) irrevocably delete from our other computer systems all customer confidential information, and return to the customer or dispose of as the customer may instruct all documents and materials containing customer confidential information.
There are no additional charges made upon termination of the contract.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Our Mobile App is designed with a relatively simple/intuitive interface to support those performing surveys, completing remote assessments, and field-service staff managing activities assigned to them.

The desktop service contains many powerful features and visualisations that are not available to users of the Mobile App.
Accessibility standards None or don’t know
Description of accessibility Return to this section.
Accessibility testing Return to this section
Customisation available No


Independence of resources Each client has its own server instance and segregated database. Service is hosted on Amazon Elastic Compute Cloud, with performance monitored and additional processing and storage resources deployed in order to ensure users are not affected by the demand of other users within their organisation. No additional access charges are passed on to customers when additional computing resources are deployed in this way.


Service usage metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Tools exist within the platform to export pre-determined data sets into CSV or ODF formats.
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Subscriptions include a service level agreement commitment that the platform is available 99.95% of the time during each calendar month.
In the event that the platform fails to meet the availability commitment then service credits are issued to the customer, such service credits to be deducted from future access charges.
Approach to resilience Available on request.
Outage reporting Email alerts are issued to agreed customer representatives (or optionally all users) when service outages of greater than 10 minutes are experienced.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels IAM provides user access control to AWS services, APIs and specific resources. Other controls include time, originating IP address, SSL use, and whether users authenticated via MFA devices.

API calls to launch/terminate instances, change firewalls, and perform other functions are signed by Invida's Amazon Secret Access Key. Amazon EC2 API calls cannot be made on Invida's behalf without access to customers’ Secret Access Ke.

API calls can be encrypted with TLS/SSL for confidentiality and customers can use TLS/SSL-protected API endpoints.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach The security of our service is our highest priority.

We use AWS as our hosting provider as we have confidence in their approach to Cloud security and that our customers benefit from a data centre and network architecture built to meet the requirements of the most security-sensitive organisations.
Information security policies and processes Invida implements formal, documented policies and procedures that provide guidance for operations and information security within the organisation. Policies address purpose, scope, roles, responsibilities and management commitment.

Invida has established information security functions that are aligned with defined structure, reporting lines, and responsibilities. Leadership involvement provides clear direction and visible support for security initiatives.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Changes to the INVIDA platform follow secure software development practices, including security risk reviews prior to launch. Developer access to production environments is via explicit access system requests, subject to owner review and authorisation.

All production environment changes are reviewed, tested and approved. Stages include design, documentation, implementation (including rollback procedures), testing (non-production environment), peer to peer review (business impact/technical rigour/code), final approval by authorised party.

Emergency changes follow incident response procedures. Exceptions to change management processes are documented and escalated to AWS management.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Invida performs periodic scanning, penetration testing, file integrity monitoring and intrusion detection of our instances/ applications.

Our hosting provider AWS performs vulnerability scans on the host operating system, web applications, and databases in the AWS environment. This scanning includes 3rd party vendor external assessments (minimum frequency: quarterly).
Identified vulnerabilities are monitored and evaluated. Countermeasures are designed and implemented to neutralise known/newly identified vulnerabilities.

Our teams, and hosting provider, monitor newsfeeds/vendor sites for known issues and patches.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Invida relies on alerts generated by AWS cLog events.

AWS deploys (pan-environmental) monitoring devices to collect information on unauthorised intrusion attempts, usage abuse, and network/application bandwidth usage. Devices monitor:

• Port scanning attacks
• Usage (CPU, processes, disk utilization, swap rates, software-error generated losses)
• Application metrics
• Unauthorized connection attempts

Near real-time alerts flag incidents, based on AWS Service/Security Team- set thresholds.

Requests to AWS KMS are logged and visible via the account’s AWS CloudTrail Amazon S3 bucket. Logs provide request information, under which CMK, and identify the AWS resource protected through the CMK use.
Incident management type Supplier-defined controls
Incident management approach Invida adopts a three-phased approach to manage incidents:

1. Activation and Notification Phase
2. Recovery Phase
3. Reconstitution Phase

To ensure the effectiveness of the Invida Incident Management plan, we conducts incident response testing for the discovery of defects and failure modes as well as testing the systems for potential customer impact.

The Incident Response Test Plan is executed annually, in conjunction with the Incident Response plan. It includes multiple scenarios, potential vectors of attack, the inclusion of the systems integrator in reporting and coordination and varying reporting/detection avenues.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £200 per instance per month
Discount for educational organisations Yes
Free trial available No


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑