VFA capital planning solutions

VFA Facility allows stakeholders and executives to effectively manage and maintain facilities data and to leverage it in making optimal decisions about facility spending and capital planning. VFA Auditor is a mobile solution which leverages Accruent’s extensive assessment experience to empower customers to perform their own facility condition assessments.


  • Hierarchical real estate portfolio database
  • Facility condition tracking and indexing
  • Capital project tracking
  • Cost estimation of replacement value and capital projects
  • Goal-oriented capital and budget forecasting
  • Facility and equipment lifecycle planning
  • Rule-based capital project prioritization
  • Library of standard reports & dashboards, available ad-hoc reporting
  • Mobile utility for inventory and condition assessments
  • Data validation and workflow control


  • Centralize Information about facility assets, including condition, costs, type, etc.
  • Project the cost of construction, repairs, and renewals
  • Forecast your budget based on strategic organizational needs
  • Apply goals to identify capital projects with the highest priority
  • Identify when it is time to replace equipment before failure
  • Create defensible evidence for required budget and resources
  • Share the right data with the right stakeholders when needed
  • Create reports and dashboards unique to your needs
  • Create surveys that feed data directly into the database
  • Surveys to capture photos and other evidence of needed repairs


£3700 per instance per year

Service documents


G-Cloud 11

Service ID

7 1 5 6 2 1 6 8 3 8 2 2 4 4 9



Andrew Schafer



Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints Accruent performs maintenance releases for VFA solutions on a monthly cycle or as needed. The construction cost estimation database is updated annually at the end of Q1. All releases are preceded by email notification two weeks prior to release.

Releases typically require a 24-hour downtime period.
System requirements
  • (VFA Facility) use of a secure, supported Internet browser
  • (VFA Auditor) Apple, Google, Android, or Windows mobile device

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Severity Definition Response Time

Response times do not change at the weekend.

1: Critical issue resulting in a complete system outage/major application failure, preventing a critical business process that has immediate impact. There is no workaround available = 1 business hour

2: Serious issue preventing execution of a critical business process, causing disruption of a major business function = 4 business hours

3: Issue that does not prevent the execution of a critical business process and does not impact data integrity = 2 business days

4: An inquiry and/or low system/business process impact issue = 3 business days.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support No
Support levels 24x7 phone support for high severity issues and 7 AM - 7 PM CT US business hours is the default Support offering for VFA solutions. Other options are available for an additional cost.

Accruent Support offers Technical Account Managers for an added cost. Technical Account Managers are responsible for understanding the client's business process in the context of our applications and providing the customer with subject matter expertise in both the application and their use of it.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Our Professional Services team offers a broad range of both standard and bespoke services for getting our clients up and running on the VFA Facility and VFA Auditor solutions. These include software implementation and training as well as a diverse set of additional managed services such as consulting, data maintenance, process mapping, and custom training. Online and in-person training is avaiable for all of our solutions, and the solutions feature embedded in-appication help. We also offer tutorials for specific actions.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Customers can utilize VFA Facility's export utility to export their data in a flat file format.
End-of-contract process All customer accounts for the site will be suspended. The site and the data will remain intact for an agreed upon period of time. As described in the previous question, all data will be returned in a client-consumable format.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Chrome
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None
Service interface Yes
Description of service interface Users can use our web applications to interact with product or they could use REST API calls to communicate with VFA Products.
Accessibility standards None or don’t know
Description of accessibility Accessibility standards have been discussed in general but no project as yet to set aside for this specifically. At a minimum, we ensure that foreground and background combinations provide sufficient contrast when viewed by someone having colour deficits.
Accessibility testing None.
What users can and can't do using the API We offer a range of web services APIs which can be used to create, edit, and close objects within the database.
API documentation No
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Our team is highly skilled and experienced in customizing VFA Facility, VFA Auditor, and our associated services to meet the unique needs of disparate organizations. Areas of possible customization include data maintenance programs, process mapping, training program,s custom reports, fields and drop-down lists, and many more. Organizations can also add their branded logo/art to the login and reports. Client-side users can configure available modules and data access to specific users and can create customized properties for objects.


Independence of resources Network, application, and database tiers are all fully redundant, and our environments are designed to be scalable over time. Load balancers direct customer traffic to nodes that have enough available resources to handle incoming requests.


Service usage metrics Yes
Metrics types Service uptime is reported through our automated monitoring tools. Service uptime is calculated based on a myriad of dynamic monitors, including both event-oriented and synthetic transaction data sources.
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Data can be exported as XLS or CSV from the Export Utility.
Data export formats
  • CSV
  • Other
Other data export formats
  • XLS
  • Text
  • PDF
Data import formats Other
Other data import formats XLS

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability SLAs are provided in the product Terms and Conditions Document, which we have uploaded with our submission.
Approach to resilience Uptime statics for the service are public and show a pattern of high uptime and resilience. The service includes redundancy at all levels of the architecture to ensure high uptime and availability for both operational issues and natural disasters. Further details are available upon request.
Outage reporting Accruent maintains an internal dashboard with service availability reports that provide great detail and insight into potential causes for outages. A simplified, external dashboard is available to clients.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Other
Other user authentication TBC
Access restrictions in management interfaces and support channels Access to functionality, modules, and data regions can be defined at an individual account level
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users receive audit information on a regular basis
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Lloyd's Register Quality Assurance
ISO/IEC 27001 accreditation date 3/22/2016
What the ISO/IEC 27001 doesn’t cover The platform itself, and associated development practices, are not covered under the ISO 27001 certification.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Annual risk assessments are performed against the platform, based on the NIST 800-30 guidelines. The platform is continuously tested for security vulnerabilities, and any risks identified are triaged with the VFA product team.
Information security policies and processes Accruent has developed internal information security policies and processes aligned with industry standards. All Accruent employees are required to read and acknowledge our security policies, as well as complete Information Security and Privacy training in the Accruent Learning Management System (LMS) on an annual basis.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Requests are prioritized and documented by product development teams. When the development is completed, it is passed on to testing via a workflow tool. Only approved/tested changes are committed to release candidates. Further release testing occurs and, at the time of release, only approved/tested code is released. Continual web app security assessments are performed on the service to ensure new vulnerabilities are not introduced.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Vulnerabilites are evaluated based on CVSS ratings. Accruent maintains remediation targets for identified vulnerabilities based on criticality and standards for evaluating security fixes alongside feature requests and other development activities. Patch management is included in our release cycle (current patches are tested in DEV environments alongside new code, and released to production all at once).
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Security related events (AV, IDS, dynamic monitors) are collected and reported upon using centralized interfaces. Alerts generated from these tools are treated as security incidents and trigger Accruent's Incident Response Plan.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Accruent maintains formalized Incident Management procedures. All employees that work in a role scoped for platform maintenance, monitoring, or support are trained on this process at least annually.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £3700 per instance per year
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑