FSI (FM) Solutions Ltd

Concept Evolution CAFM/IWMS

Concept Evolution is a browser-based CAFM (Computer aided facilities management)/CMMS (Computerised maintenance management system) IWMS (Integrated workplace management system) software solution. Easy & cost-effective to deploy and maintain, it offers scalability from a single-property to an enterprise basis, and is used globally by many major service providers and direct organisations.

Features

• CAFM/IWMS solution for owners, occupiers, and service providers
• Browser based solution offering ease of deployment and scalability
• Extensive OOTB functionality incorporated in core system offering
• Comprehensive suite of additional modules in a single integrated solution
• COTS solution allowing end user configuration without programming
• Asset management, helpdesk, and planned maintenance including supplier/resource management
• Extensive management information through user defined reports and dashboards
• Mobility solution for end users, direct labour and supplier resources
• Building Information Modelling (BIM)
• Full sub-contractor management platform

Benefits

• Industry leading CAFM/IWMS solution from established UK company
• COTS functionally rich product suite providing maximum client benefit
• OOTB deployment reduces implementation and maximises ROI
• Single scalable integrated solution providing statutory and legislative compliance
• Extensive business intelligence enabling informed business decisions
• Configurable solution reducing paper handling and manual processes
• Manage facilities and asset information in a single consolidated fashion
• Ensure statutory and legislative compliance across the portfolio
• Improve information quality, consistency and improve efficiencies
• Secure UK based Cloud service with many existing clients

£25 a licence a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Framework

G-Cloud 12

Service ID

777826696109184

Contact

Sales Enquiry
01708 251900
enquiries@fsifm.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: All work for the purpose of maintenance or support as part of planned outages will take place outside business hours. The client will be provided with at least ten (10) working days prior notice of any planned outage unless otherwise agreed or in case of an emergency planned outage. FSI shall wherever possible ensure that there are no more than two (2) planned outages each calendar month. Normal business hours are 08:00 – 18:00 Monday to Friday. FSI carries out all planned outages between 23:00 and 02:00 on the second and last Friday of each month.
• System requirements:
  • Workstation, Windows 7+
  • Web browser, Chrome 37+, Firefox 31+, Internet Explorer 9+, Edge
  • Mobile device, iOS 8+, Android 5+
  • 3rd Party Workstation, Adobe Reader

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times based on the severity of an issue. Standard response for low priority issues is 2 hours and business critical issues 15 minutes. For business critical issues, FSI recommends customers call the dedicated UK support line for a live call response. Standard customer support hours are 08:30 to 18:00 (GMT) Monday to Friday, excluding UK Bank holidays. Customers also have 24/7 access to our customer support portal for the logging and tracking of cases. In the unlikely case of a SaaS outage or a system down the customer will be able to contact our after-hours emergency team for assistance.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: FSI offer a standard level of support by default. Customer support is provided on a 1st, 2nd, and 3rd line basis. Support costs are included in the annual fee. ; ; FSI do offer an Out of Hours service outside the standard operating times. Calls during this period will transfer to the on-call FSI Support Analyst. This is a dedicated service for business critical issues only. Issues ; will be dealt with by the on-call 1st line support analyst until the issue is resolved as agreed by the customer. If the issue persists, it will be escalated to the support team leader or head of technical services.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: For the FSI professional services department, it is no longer just about installing software. FSI, has long recognised this shift from the standard provision of an operations framework to the need for a fully-fledged range of complementary professional services, based on a thorough understanding of our customer’s requirements and expectations starting from the initial discovery phase through to the post-delivery review of the project as a whole. ; ; With the implementation of any new software application within a customer, it is imperative for the users of the application to be in receipt of a rewarding and information rich training programme to enable them to fully utilise the system as intended. At FSI we recognise the value that our training delivers to our customers and the importance that they place upon it. Professional training and support is delivered by FSI’s own highly skilled instructors, empowering and providing confidence and skills to make a Concept solution work for your business. All FSI Training consultants are actively involved in the on-going development of the Concept range and many have worked across both FM and IT industries. As such they understand the reasons for implementing our solution and the benefits it will bring.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Microsoft Word
  • Hard copy
• End-of-contract data extraction: All data within the system can be exported into CSV, HTML, PDF and Excel formats. This can then be imported into other systems.
• End-of-contract process: Following termination of the contract (for whatever reason), the customer shall certify, if appropriate, that it has returned or destroyed all copies of the applicable software and confidential information of FSI and acknowledge that its rights to use the same are relinquished. Furthermore, the customer shall use its commercially reasonable efforts to remove all customer data from any software or SaaS service prior to termination of the contract. The customer may engage, at its own discretion, FSI to assist in the removal of such data at FSI’s standard rates applying from time to time. If any customer data remains in the software or SaaS service more than thirty (30) calendar days after the effective date of termination, FSI may, at its sole discretion and without notice, delete any and all customer data.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: FSI GO and Concept Advantage are native applications delivering specific functionality to end users or technical resources. This includes but is not limited to call logging, desk or room booking, task management, asset verification, cleaning and portering services. The applications are not designed to mimic, or replicate the desktop service.
• Service interface: No
• API: Yes
• What users can and can't do using the API: There are four types of web services exposed by FSI for use with its Concept Evolution product suite. ; ; Basic: The basic services can be accessed over encrypted or unencrypted HTTP, using plain text authentication. They are meant to be used by consumers that cannot access the standard services. ; ; Standard: The standard set of services can be reached from any client able to communicate in SOAP messages over SSL. The services use a WS-Enhancements HTTPS binding, following the standard versions of reliable sessions and security protocols as defined by OASIS. ; ; Federated: these services use federated authentication. ; ; Windows: these services use windows login.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: FSI allows the end user to “configure” rather than customise. Typically customisation includes product development. All changes can be made by the customer’s system administrator without the need for programming. The following are examples of where the configuration of the system can be modified: ; - Adding / removing users; - Changing user access permissions; - Editing menu and field terminology; - Defining field rules such as mandatory, unique, etc. ; - Configuring default screen layouts and sort orders; - Adding / editing reports; - Adding / editing workflows ; - Adding / editing dashboard sla/kpi metrics

Scaling

• Independence of resources: FSI SaaS utilises VMware to provide a high availability architecture using clustered hosting resources (vCPU, RAM, Storage). Continual monitoring and analysis ensures resources are available to support current and future growth of customer systems. Each customer has dedicated virtual images (Application and Database Server) with appropriate resource reservations (vCPU, RAM, Storage) according to user and business process needs.

Analytics

• Service usage metrics: Yes
• Metrics types: FSI can also produce reports on different elements of the SaaS environment. The reports are produced through Solarwinds and can provide in-depth information on how a customers environment is performing.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data can be easily exported from any table grid contained within the user interface. The data is in CSV or Excel format by default. The workflow module can also be used to export data in XML format. System report output can also be exported in a variety of formats including Excel, PDF and HTML.
• Data export formats:
  • CSV
  • Other
• Other data export formats: XML
• Data import formats:
  • CSV
  • Other
• Other data import formats: XML

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: FSI offer 99.95% uptime guarantee on infrastructure. However, from an application perspective, FSI provide 99.9%; ; Downtime is calculated from the time of notification of a fault by either the customer or FSI and ends when the service is restored to full working order as determined and certified by both FSI and the customer or a suitable workaround has been agreed.; ; Downtime, excludes any planned outages from either our data centre partner or FSI initiated scheduled downtime for software, operating system upgrades and or patching. Any partner related planned maintenance is scheduled out of hours. Normal business hours is 08:00 to 18:00 Monday to Friday. FSI carries out all planned maintenance between 23:00 and 02:00 on the second and last Friday of each month. FSI will provide at least 10 working days’ notice of any planned outages.; ; FSI operates a service credit scheme details of which are provided when a customer and FSI enter into a contract.
• Approach to resilience: Available on request
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: FSI supports robust role based access, and manages access to information for each individual user down to field level. FSI provides all of its customers system administration training covering the establishment of user roles/user account definition and management. This also includes specific guidance on how to restrict access to specific application functional areas and interfaces as part of the implementation process.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Lloyd's Register Quality Assurance Limited
• ISO/IEC 27001 accreditation date: 05/12/2018
• What the ISO/IEC 27001 doesn’t cover: The scope of the approval is applicable to Development, implementation, hosting, maintenance and support of Facilities Management (FM) software products and solutions. Provision of associated product training. Provision of Managed Service Infrastructure, Software Support and Maintenance. Statement of Applicability vn2 (ISO27001 only).
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials Plus

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Data centre Infrastructure and associated services are managed according to ISO 27001:2013 controls and processes. Concept Evolution security and processes are used to manage the application platform.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The FSI SaaS service is managed according to ISO 27001:2013 including platform patching (e.g. non-production testing, sign off), risk assessment and corrective action tracking. The Concept Evolution product suite is developed using a code vault , allowing code changes to be tracked at line level. Executables are built from the code vault and subjected to separate development and system test cycles within dedicated non-customer environments. Releases to customer environments are authorised by the customer via a release notice and sign-off test plan. External penetration testing is undertaken frequently and the Concept product suite is undergoes penetration testing regularly.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerabilities to the datacenter are managed according to ISO 27001:2013 controls and processes which allows the risk to be tracked throughout its lifecycle (identification, assessment and treatment). Regular scheduled maintenance is undertaken to ensure that the technical platform is routinely patched to the latest available security guidelines/ patches. Essential maintenance may be undertaken at short notice subject to a risk assessment, to ensure that critical vulnerabilities are addressed in a timely fashion and outside of regular scheduled maintenance as and when required.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Protective monitoring and the associated responses are managed according to ISO 27001:2013 controls and processes utilising a mixture of automated features at device level (e.g. automated blocking) and manual interaction based on alerts (e.g. investigation prior to intervention).
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents are managed according to ISO 27001:2013 controls and processes that include a defined "Security data breached and Incident Response Plan" including reporting mechanisms for both Information Technology and physical security incidents, incident logging, communication to internal and external parties, escalation, reporting, implementation of preventative actions, and ongoing improvement.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £25 a licence a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: FSI offers potential customers access to demonstration environment for an initial period of 30 days. Functionality available, and users allowed access during the trial are agreed prior to the commencement of the trial. Access to the FSI GO mobility solution can also be incorporated for limited users.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF