Ostara Systems Ltd

Ostara CAFM Maintenance and Asset Management System

The Ostara CAFM system supports organisations management of their maintenance activities from self-service options through to sub-contractor management and invoice management. Ostara is a full asset management solution, providing access via a web portal or native mobile applications.

Features

• Helpdesk and Work Order Management
• Supply Chain Management
• Asset Management
• Finance Management (Budgets and Costs)
• Mobile Application
• Real-Time Reporting
• Auditing
• PPM and Compliance Management
• Contractor and Client Portals
• Fully Hosted and Supported

Benefits

• Transparency of maintenance activities and spend
• Quick access to data and analytics via hundreds of reports
• Automation of processes realising cost and efficiency savings
• A company whose product evolves on a quarterly basis
• Increased control and confidence due to full auditability
• Generate cost savings by only paying for what you get
• Cost control through bespoke authorisation processes
• Reduced administration relating to site compliance
• Intuitive interface for end users

£30 a unit a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jayne.harrison@ostarasystems.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

714376638551363

Contact

Jayne Harrison
07968957835
jayne.harrison@ostarasystems.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements:
  • Mobile Application is Android and iOS compatible
  • Web Portal compatible with all major browsers
  • Administration Application (Microsoft Windows based) Windows 10

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times differ based on service levels determined by type of query. For example, urgent queries are responded to within the hour, 24*7. All other queries may vary.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: All support is included in the system cost, and is supported by a technical team. ; The system is fully supported with differing service levels depending on the nature and urgency of the query/request.; The system is fully monitored 24*7.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: An implementation plan is provided, along with onsite training and user documentation.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data can be extracted via reports into spread sheets.
• End-of-contract process: Full demobilisation and assistance is included in the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The Mobile Application functionality is directed specifically at engineers and managers who are not office based.
• Service interface: No
• API: Yes
• What users can and can't do using the API: The API is predominantly for the output and updating of Work Orders.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: There are hundreds of settings at a system level, accompanied by several hundred permissions that constitute profiles for end user access. The buyers can amend access rights themselves to restrict/provide access and amend workflow.

Scaling

• Independence of resources: We have multiple servers, load-balanced, never using more than 30% of capacity. All clients reside on separate databases.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data can be exported from the in-built reporting module in the system and exported to spread sheets
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Microsoft Excel
  • PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats: Microsoft Excel

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The target Availability level for each calendar month is 99.50%. Following three consecutive calendar months, if the Availability of the Services is below this target level, then the Client will be entitled to Service Credits calculated in accordance with the following table. The below service credits are applicable if the availability levels are not achieved from the fourth consecutive month:; ; Availability Level Service Credit; Between 99.00% and 99.49% 5%; Between 98.00% and 98.99% 10%; 97.99% or less 20%; ; The service credit is calculated as follows:; % service credit multiplied by the Annual Hosting and Support fee divided by 12.
• Approach to resilience: This is available on request.
• Outage reporting: Email alerts are used to communicate service outages.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Username or password
  • Other
• Other user authentication: We use a method of 2 Factor Authentication for initial access to the service.
• Access restrictions in management interfaces and support channels: This access is restricted in the same was as access to the service is restricted. Profiles control permissions, and access to profiles can be structured hierarchically to prevent unauthorised access.
• Access restriction testing frequency: Less than once a year
• Management access authentication:
  • Username or password
  • Other
• Description of management access authentication: This access is restricted in the same was as access to the service is restricted. Profiles control permissions, and access to profiles can be structured hierarchically to prevent unauthorised access.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: Yes
• Any other security certifications: CyberEssentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We have an ISMS and are currently being certified (expected by August 2020) for ISO 27001.
• Information security policies and processes: We have an ISMS and are currently being certified (expected by August 2020) for ISO 27001.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Within our ISMS, we have a Change Control Process. Documentation can be provided on request.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: This forms part of the risk management process in our ISMS. Detail can be provided upon request.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We actively monitor over 1,000 different nodes. The responses to an event is identified within our ISMS, available upon request.
• Incident management type: Supplier-defined controls
• Incident management approach: This is detailed in our ISMS, details available upon request.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £30 a unit a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jayne.harrison@ostarasystems.com. Tell them what format you need. It will help if you say what assistive technology you use.