Ostara Systems Ltd

Ostara CAFM Maintenance and Asset Management System

The Ostara CAFM system supports organisations management of their maintenance activities from self-service options through to sub-contractor management and invoice management. Ostara is a full asset management solution, providing access via a web portal or native mobile applications.


  • Helpdesk and Work Order Management
  • Supply Chain Management
  • Asset Management
  • Finance Management (Budgets and Costs)
  • Mobile Application
  • Real-Time Reporting
  • Auditing
  • PPM and Compliance Management
  • Contractor and Client Portals
  • Fully Hosted and Supported


  • Transparency of maintenance activities and spend
  • Quick access to data and analytics via hundreds of reports
  • Automation of processes realising cost and efficiency savings
  • A company whose product evolves on a quarterly basis
  • Increased control and confidence due to full auditability
  • Generate cost savings by only paying for what you get
  • Cost control through bespoke authorisation processes
  • Reduced administration relating to site compliance
  • Intuitive interface for end users


£30 a unit a month

  • Education pricing available

Service documents


G-Cloud 12

Service ID

7 1 4 3 7 6 6 3 8 5 5 1 3 6 3


Ostara Systems Ltd Jayne Harrison
Telephone: 07968957835
Email: jayne.harrison@ostarasystems.com

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
System requirements
  • Mobile Application is Android and iOS compatible
  • Web Portal compatible with all major browsers
  • Administration Application (Microsoft Windows based) Windows 10

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response times differ based on service levels determined by type of query. For example, urgent queries are responded to within the hour, 24*7. All other queries may vary.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
All support is included in the system cost, and is supported by a technical team.
The system is fully supported with differing service levels depending on the nature and urgency of the query/request.
The system is fully monitored 24*7.
Support available to third parties

Onboarding and offboarding

Getting started
An implementation plan is provided, along with onsite training and user documentation.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Data can be extracted via reports into spread sheets.
End-of-contract process
Full demobilisation and assistance is included in the contract.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Compatible operating systems
  • Android
  • IOS
  • Windows
Designed for use on mobile devices
Differences between the mobile and desktop service
The Mobile Application functionality is directed specifically at engineers and managers who are not office based.
Service interface
What users can and can't do using the API
The API is predominantly for the output and updating of Work Orders.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
There are hundreds of settings at a system level, accompanied by several hundred permissions that constitute profiles for end user access. The buyers can amend access rights themselves to restrict/provide access and amend workflow.


Independence of resources
We have multiple servers, load-balanced, never using more than 30% of capacity. All clients reside on separate databases.


Service usage metrics


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Data can be exported from the in-built reporting module in the system and exported to spread sheets
Data export formats
  • CSV
  • Other
Other data export formats
  • Microsoft Excel
  • PDF
Data import formats
  • CSV
  • Other
Other data import formats
Microsoft Excel

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The target Availability level for each calendar month is 99.50%. Following three consecutive calendar months, if the Availability of the Services is below this target level, then the Client will be entitled to Service Credits calculated in accordance with the following table. The below service credits are applicable if the availability levels are not achieved from the fourth consecutive month:

Availability Level Service Credit
Between 99.00% and 99.49% 5%
Between 98.00% and 98.99% 10%
97.99% or less 20%

The service credit is calculated as follows:
% service credit multiplied by the Annual Hosting and Support fee divided by 12.
Approach to resilience
This is available on request.
Outage reporting
Email alerts are used to communicate service outages.

Identity and authentication

User authentication needed
User authentication
  • Username or password
  • Other
Other user authentication
We use a method of 2 Factor Authentication for initial access to the service.
Access restrictions in management interfaces and support channels
This access is restricted in the same was as access to the service is restricted. Profiles control permissions, and access to profiles can be structured hierarchically to prevent unauthorised access.
Access restriction testing frequency
Less than once a year
Management access authentication
  • Username or password
  • Other
Description of management access authentication
This access is restricted in the same was as access to the service is restricted. Profiles control permissions, and access to profiles can be structured hierarchically to prevent unauthorised access.

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
We have an ISMS and are currently being certified (expected by August 2020) for ISO 27001.
Information security policies and processes
We have an ISMS and are currently being certified (expected by August 2020) for ISO 27001.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Within our ISMS, we have a Change Control Process. Documentation can be provided on request.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
This forms part of the risk management process in our ISMS. Detail can be provided upon request.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We actively monitor over 1,000 different nodes. The responses to an event is identified within our ISMS, available upon request.
Incident management type
Supplier-defined controls
Incident management approach
This is detailed in our ISMS, details available upon request.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£30 a unit a month
Discount for educational organisations
Free trial available

Service documents