FSI (FM) Solutions Ltd

Concept Evolution CAFM/IWMS

Concept Evolution is a browser-based CAFM (Computer aided facilities management)/CMMS (Computerised maintenance management system) IWMS (Integrated workplace management system) software solution. Easy & cost-effective to deploy and maintain, it offers scalability from a single-property to an enterprise basis, and is used globally by many major service providers and direct organisations.


  • CAFM/IWMS solution for owners, occupiers, and service providers
  • Browser based solution offering ease of deployment and scalability
  • Extensive OOTB functionality incorporated in core system offering
  • Comprehensive suite of additional modules in a single integrated solution
  • COTS solution allowing end user configuration without programming
  • Asset management, helpdesk, and planned maintenance including supplier/resource management
  • Extensive management information through user defined reports and dashboards
  • Mobility solution for end users, direct labour and supplier resources
  • Building Information Modelling (BIM)
  • Full sub-contractor management platform


  • Industry leading CAFM/IWMS solution from established UK company
  • COTS functionally rich product suite providing maximum client benefit
  • OOTB deployment reduces implementation and maximises ROI
  • Single scalable integrated solution providing statutory and legislative compliance
  • Extensive business intelligence enabling informed business decisions
  • Configurable solution reducing paper handling and manual processes
  • Manage facilities and asset information in a single consolidated fashion
  • Ensure statutory and legislative compliance across the portfolio
  • Improve information quality, consistency and improve efficiencies
  • Secure UK based Cloud service with many existing clients


£25 a licence a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@fsifm.com. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

7 7 7 8 2 6 6 9 6 1 0 9 1 8 4


FSI (FM) Solutions Ltd Sales Enquiry
Telephone: 01708 251900
Email: enquiries@fsifm.com

Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
All work for the purpose of maintenance or support as part of planned outages will take place outside business hours. The client will be provided with at least ten (10) working days prior notice of any planned outage unless otherwise agreed or in case of an emergency planned outage. FSI shall wherever possible ensure that there are no more than two (2) planned outages each calendar month. Normal business hours are 08:00 – 18:00 Monday to Friday. FSI carries out all planned outages between 23:00 and 02:00 on the second and last Friday of each month.
System requirements
  • Workstation, Windows 7+
  • Web browser, Chrome 37+, Firefox 31+, Internet Explorer 9+, Edge
  • Mobile device, iOS 8+, Android 5+
  • 3rd Party Workstation, Adobe Reader

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response times based on the severity of an issue. Standard response for low priority issues is 2 hours and business critical issues 15 minutes. For business critical issues, FSI recommends customers call the dedicated UK support line for a live call response. Standard customer support hours are 08:30 to 18:00 (GMT) Monday to Friday, excluding UK Bank holidays. Customers also have 24/7 access to our customer support portal for the logging and tracking of cases. In the unlikely case of a SaaS outage or a system down the customer will be able to contact our after-hours emergency team for assistance.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
FSI offer a standard level of support by default. Customer support is provided on a 1st, 2nd, and 3rd line basis. Support costs are included in the annual fee.

FSI do offer an Out of Hours service outside the standard operating times. Calls during this period will transfer to the on-call FSI Support Analyst. This is a dedicated service for business critical issues only. Issues
will be dealt with by the on-call 1st line support analyst until the issue is resolved as agreed by the customer. If the issue persists, it will be escalated to the support team leader or head of technical services.
Support available to third parties

Onboarding and offboarding

Getting started
For the FSI professional services department, it is no longer just about installing software. FSI, has long recognised this shift from the standard provision of an operations framework to the need for a fully-fledged range of complementary professional services, based on a thorough understanding of our customer’s requirements and expectations starting from the initial discovery phase through to the post-delivery review of the project as a whole.

With the implementation of any new software application within a customer, it is imperative for the users of the application to be in receipt of a rewarding and information rich training programme to enable them to fully utilise the system as intended. At FSI we recognise the value that our training delivers to our customers and the importance that they place upon it. Professional training and support is delivered by FSI’s own highly skilled instructors, empowering and providing confidence and skills to make a Concept solution work for your business. All FSI Training consultants are actively involved in the on-going development of the Concept range and many have worked across both FM and IT industries. As such they understand the reasons for implementing our solution and the benefits it will bring.
Service documentation
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Microsoft Word
  • Hard copy
End-of-contract data extraction
All data within the system can be exported into CSV, HTML, PDF and Excel formats. This can then be imported into other systems.
End-of-contract process
Following termination of the contract (for whatever reason), the customer shall certify, if appropriate, that it has returned or destroyed all copies of the applicable software and confidential information of FSI and acknowledge that its rights to use the same are relinquished. Furthermore, the customer shall use its commercially reasonable efforts to remove all customer data from any software or SaaS service prior to termination of the contract. The customer may engage, at its own discretion, FSI to assist in the removal of such data at FSI’s standard rates applying from time to time. If any customer data remains in the software or SaaS service more than thirty (30) calendar days after the effective date of termination, FSI may, at its sole discretion and without notice, delete any and all customer data.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
FSI GO and Concept Advantage are native applications delivering specific functionality to end users or technical resources. This includes but is not limited to call logging, desk or room booking, task management, asset verification, cleaning and portering services. The applications are not designed to mimic, or replicate the desktop service.
Service interface
What users can and can't do using the API
There are four types of web services exposed by FSI for use with its Concept Evolution product suite.

Basic: The basic services can be accessed over encrypted or unencrypted HTTP, using plain text authentication. They are meant to be used by consumers that cannot access the standard services.

Standard: The standard set of services can be reached from any client able to communicate in SOAP messages over SSL. The services use a WS-Enhancements HTTPS binding, following the standard versions of reliable sessions and security protocols as defined by OASIS.

Federated: these services use federated authentication.

Windows: these services use windows login.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
FSI allows the end user to “configure” rather than customise. Typically customisation includes product development. All changes can be made by the customer’s system administrator without the need for programming. The following are examples of where the configuration of the system can be modified:
- Adding / removing users
- Changing user access permissions
- Editing menu and field terminology
- Defining field rules such as mandatory, unique, etc.
- Configuring default screen layouts and sort orders
- Adding / editing reports
- Adding / editing workflows
- Adding / editing dashboard sla/kpi metrics


Independence of resources
FSI SaaS utilises VMware to provide a high availability architecture using clustered hosting resources (vCPU, RAM, Storage). Continual monitoring and analysis ensures resources are available to support current and future growth of customer systems. Each customer has dedicated virtual images (Application and Database Server) with appropriate resource reservations (vCPU, RAM, Storage) according to user and business process needs.


Service usage metrics
Metrics types
FSI can also produce reports on different elements of the SaaS environment. The reports are produced through Solarwinds and can provide in-depth information on how a customers environment is performing.
Reporting types
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Data can be easily exported from any table grid contained within the user interface. The data is in CSV or Excel format by default. The workflow module can also be used to export data in XML format. System report output can also be exported in a variety of formats including Excel, PDF and HTML.
Data export formats
  • CSV
  • Other
Other data export formats
Data import formats
  • CSV
  • Other
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
FSI offer 99.95% uptime guarantee on infrastructure. However, from an application perspective, FSI provide 99.9%

Downtime is calculated from the time of notification of a fault by either the customer or FSI and ends when the service is restored to full working order as determined and certified by both FSI and the customer or a suitable workaround has been agreed.

Downtime, excludes any planned outages from either our data centre partner or FSI initiated scheduled downtime for software, operating system upgrades and or patching. Any partner related planned maintenance is scheduled out of hours. Normal business hours is 08:00 to 18:00 Monday to Friday. FSI carries out all planned maintenance between 23:00 and 02:00 on the second and last Friday of each month. FSI will provide at least 10 working days’ notice of any planned outages.

FSI operates a service credit scheme details of which are provided when a customer and FSI enter into a contract.
Approach to resilience
Available on request
Outage reporting
Email alerts

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
FSI supports robust role based access, and manages access to information for each individual user down to field level. FSI provides all of its customers system administration training covering the establishment of user roles/user account definition and management. This also includes specific guidance on how to restrict access to specific application functional areas and interfaces as part of the implementation process.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Lloyd's Register Quality Assurance Limited
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
The scope of the approval is applicable to Development, implementation, hosting, maintenance and support of Facilities Management (FM) software products and solutions. Provision of associated product training. Provision of Managed Service Infrastructure, Software Support and Maintenance. Statement of Applicability vn2 (ISO27001 only).
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Data centre Infrastructure and associated services are managed according to ISO 27001:2013 controls and processes. Concept Evolution security and processes are used to manage the application platform.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
The FSI SaaS service is managed according to ISO 27001:2013 including platform patching (e.g. non-production testing, sign off), risk assessment and corrective action tracking. The Concept Evolution product suite is developed using a code vault , allowing code changes to be tracked at line level. Executables are built from the code vault and subjected to separate development and system test cycles within dedicated non-customer environments. Releases to customer environments are authorised by the customer via a release notice and sign-off test plan. External penetration testing is undertaken frequently and the Concept product suite is undergoes penetration testing regularly.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Vulnerabilities to the datacenter are managed according to ISO 27001:2013 controls and processes which allows the risk to be tracked throughout its lifecycle (identification, assessment and treatment). Regular scheduled maintenance is undertaken to ensure that the technical platform is routinely patched to the latest available security guidelines/ patches. Essential maintenance may be undertaken at short notice subject to a risk assessment, to ensure that critical vulnerabilities are addressed in a timely fashion and outside of regular scheduled maintenance as and when required.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Protective monitoring and the associated responses are managed according to ISO 27001:2013 controls and processes utilising a mixture of automated features at device level (e.g. automated blocking) and manual interaction based on alerts (e.g. investigation prior to intervention).
Incident management type
Supplier-defined controls
Incident management approach
Incidents are managed according to ISO 27001:2013 controls and processes that include a defined "Security data breached and Incident Response Plan" including reporting mechanisms for both Information Technology and physical security incidents, incident logging, communication to internal and external parties, escalation, reporting, implementation of preventative actions, and ongoing improvement.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£25 a licence a month
Discount for educational organisations
Free trial available
Description of free trial
FSI offers potential customers access to demonstration environment for an initial period of 30 days. Functionality available, and users allowed access during the trial are agreed prior to the commencement of the trial. Access to the FSI GO mobility solution can also be incorporated for limited users.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@fsifm.com. Tell them what format you need. It will help if you say what assistive technology you use.