Sherlayer

Sherlayer

Sherlayer is a CDE, Common Data Environment Made Simple for BIM Level 2 / ISO19650. Sherlayer integrates multiple ways to communicate including messaging, notifications and creates an undeletable audit, storing all data in the UK/Ireland. Full task Management dealing with Compensation Events , RFI's and full control of Submittal packages.

Features

• Document Management
• Task Management including RFIs & Submittals
• Audit Trail
• Powerful Communications
• 3D IFC Model Viewer
• Drawing & Document Annotation
• Revit Plug-In 2017-19
• BIM Level 2 Compliance simplified
• Free Upload Only Accounts
• Remote Access

Benefits

• Quickly manage content on the move
• 'Simplier' than other similar solutions
• Affordable and flexibly priced
• Reduction in CAPEX, delivery and operational costs
• Reduced risk
• Improved carbon performance
• Predictable Planning

£10 to £14 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document (pdf)
• Service definition document (pdf)
• Terms and conditions (pdf)

Framework

G-Cloud 12

Service ID

768193679849637

Contact

Sam McDonald
02890668585
info@sherlayer.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No.
• System requirements:
  • Internet Access
  • Modern Web Browser with Cookies enabled

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Email Support available M-F 9:00 a.m. to 5:30 p.m. GMT
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We can provide onsite training, online training, video guides, telephone support, email support and consultation. Onsite training, online training and consultation are charged as an additional cost. We do not provide a technical account manager or cloud support engineer.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onsite training or online training through webinars can be offered at an additional cost. Training videos can be accessed free of charge and we provide a knowledge base through the website which is also free of charge.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Customers can request all data at the end of the contract. This will be delivered in their required formats.
• End-of-contract process: The buyer provides a three month notice period to terminate their contract. Buyers must notify us of their required formats at least two weeks before contract end and this data can be extracted for a fee of £1000.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Minimal Difference
• Service interface: No
• API: Yes
• What users can and can't do using the API: Users can request access to the API via a support ticket. We provide a rest API. Users can manipulate and retrieve data in the system by consuming our endpoints. No limitations to how users interact with the API
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Services and features can be enabled or disabled which allows a flexible pricing model. Users will discuss the level of customisation during the consultation process. Some customisation features are enabled as standard. For example, custom logos for self branding of the product.

Scaling

• Independence of resources: Server performance is monitored daily and is auto-scalable as part of Amazon's standard services.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Bulk exports are available as zip files. Individual files in raw format and meta date can be downloaded through the audit trail feature.
• Data export formats: Other
• Other data export formats: Xlsx
• Data import formats: Other
• Other data import formats: Xlsx

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We guarantee 99% availability over a 12 month period with a 6 month refund is availability is not met over a 12 month contract.
• Approach to resilience: Amazon as a tier 1 provider are a very resilient server base and more info can be provided on request
• Outage reporting: Outages are reported to us via email from Amazon. Outages are reported to end users via email.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Access to management interfaces is restricted to Administrator accounts. Support channel comes in the form of a support button available on all screens in Sherlayer and are accessible to everyone. Help buttons are placed on various screens within the application which link directly to the knowledge base as an additional support channel.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Herlayer has been developed to run on Amazon servers, who are a tier 1 Cloud service provider. Working alongside their Cyber Security Governance and their certification ISO 27001:2013, the world’s most recognised security standard. Sherlayer security risk assessment identifies the various information assets that can be affected by a cyber-attack. We continually review the risk environment to detect any changes in the context of Sherlayer and the provision of this service.
• Information security policies and processes: Sherlayer has a multi-type level security policy. Primary login of the Amazon Cloud provider is held by two of the current Directors of Sherwood Systems. This password is changed every three months and only the two directors / Shareholders have the amended password. If there is a breach in security, then all passwords are changed with 24 hours and there is a full investigation to where the breach has come from. If any client’s data is compromised, then that client is notified within 6 hours. If the security breach has the potential to affect all clients, then all client will be notified within 24 hours.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes to all components are tracked using a private Git repository (Bitbucket) and code reviewed for security impacts, all changes must pass a set of automated tests ran by the check-in service to ensure optimal service function. All new features and changes are manually tested from aspects of user experience and security.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerabilities are escalated as part of the SLA, these are deemed as a major incident. Patches can be instantaneously provisioned to all users. Constant review of technologies to include php, MySQL, apache, composer, grunt, Linux(ubuntu).
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Emails are sent out to a board level director when a server is accessed directly if this is unplanned we are able to un-authenticate the unknown user. In this case, the AUTH certificate will be regenerated. We routinely check MySQL admin access logs, super admin control panel access logs and hosting control panel access history. This occurs on a weekly basis. At least one member of staff is on standby to respond to serious incidents 24/7.
• Incident management type: Supplier-defined controls
• Incident management approach: Online support log available to all users. All calls are put onto computerised support help desk and are assessed accordingly, in relation to security level, which then determines the SLA we must meet. We follow up with users when any update is available regarding the incident.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £10 to £14 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Fully functional system limited to one month of use.

Service documents

• Pricing document (pdf)
• Service definition document (pdf)
• Terms and conditions (pdf)