Nico Consultancy

Intelligent Building Management

Our company provides a software platform that manages the whole of your Corporate real estate.
We drive down costs whilst also improving the operating efficiency of buildings and making them a nicer place for the occupants to work in.


  • Wellbeing of the people in buildings
  • Occupancy management and monitoring
  • Environmental management and monitoring
  • Connectivity infrastructure management and monitoring
  • Asset management and monitoring
  • Device management and monitoring
  • Capacity management and monitoring
  • Energy management and monitoring


  • Reduce time to fix issues on any device
  • Increase operational efficiencies and drive down costs
  • Wellbeing as a way of attracting and retaining staff
  • Reduce operational costs for facilities management and IT
  • Complete visibility of your building estate IT and BMS
  • Reporting, augmented alerting and links into helpdesk systems
  • Individual and group dashboards for interesting information display


£1,000 to £200,000 an instance a year

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at <removed> Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

7 9 3 6 5 8 2 3 7 1 6 5 5 0 3


Nico Consultancy <removed>
Telephone: <removed>
Email: <removed>

Service scope

Software add-on or extension
What software services is the service an extension to
Helpdesk systems i.e. Servicenow
Plannon CAFM system
Plus our own extension store for enhance user usage of our mobile solution
Cloud deployment model
Hybrid cloud
Service constraints
System requirements
  • Install a Raspberry Pi on site to send data back
  • Depending on the modules chosen more or less work required

User support

Email or online ticketing support
Email or online ticketing
Support response times
SLA's are:

Severity One: software suite unavailable or non functional affecting all users
Response time: 60 minutes

Severity Two: software component unavailable or non functional affecting all users
Response time: 120 minutes

Severity Three: single user functionality issue
Response time: 180 minutes

Severity Four: non urgent requests such as functional queries and enhancement requests
Response time: 48 hours

Weekends can be supported if required
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
The level of support and the account management team depends on the size of the organisation.

We do not differentiate in support every client is treated the same no matter the size or problem adn all calls are prioritised according to the service level priority previously stated. We operate on a SAAS model which includes support.

The only difference is training, if a support issue is deemed to be training then there is a training cost can be delivered remotely or on site and this is £1,000 a day plus expenses.

We provide cloud support engineers who can assist and escalate if necessary.
Support available to third parties

Onboarding and offboarding

Getting started
The system is extremely user friendly and the documentation is in the dashboard for users to refer to. We normally work with the customer to get the system operational and use this to train them.

However, formal on or off site training is available if required at an additional cost.
Service documentation
Documentation formats
End-of-contract data extraction
All data can be downloaded as a backup
End-of-contract process
The system is a SAAS based solution customers sign up for 1, 3, or 5 years this can be extended at the end of the contract or the client can back up the data and we can delete the instance.

Included in the contract is the hosted appliance an onsite raspberry Pi to send the data back to the cloud and support, maintenance, software updates.

The only additional costs are on site support and training if required.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices
Differences between the mobile and desktop service
Apple iPAD and iPhone, Android can be available if required
Service interface
What users can and can't do using the API
Anything that can be done at the GUI can be completed through the API.

Users need to authenticate as a user with API privileges and they can then push information in or pull information out to other systems. The API is published on the Dashboard with every option and an example of how to use the API
API documentation
API documentation formats
API sandbox or test environment
Customisation available


Independence of resources
All the systems are monitored and assessed for the resource requirements additional resources can be added on the fly if required.


Service usage metrics
Metrics types
We can measure and monitor everything from the lighting to the energy usage of a building and can set alerting thresholds if the upper and lower limits are breached.

The system can report on everything and these reports can be set to automatically send out on a time or threshold limit.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Data can be exported into CSV, PDF, XML we can back up to a share on premise or it can be downloaded from the backup folder.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • XML
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
It depends on the customer we can provide the level of availability that the customer requires but if high availability is required there are additional hosting costs to facilitate this.
Approach to resilience
The system does regular backups that are taken off the hosting environment so that we can recover a single instance hosted solution within about 30 minutes.

High availability clusters are available if required
Outage reporting
Email alerts and notices, displayed on a dashboard pushed via our API into helpdesk or other solutions

Identity and authentication

User authentication needed
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
Other user authentication
Authentication can also be via LDAP
Access restrictions in management interfaces and support channels
All access is controlled via the security assignments that the users are given by the client
Access restriction testing frequency
Less than once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
We apply our security standard to the ISO/IEC 27001 ideals, we use Qualys to regularly check the integrity and security of the systems.
Information security policies and processes
We have our own policies and procedures that are regularly reviewed. We have a security team that meets monthly to assess any issues and to review any vulnerability assessments.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Any changes are scheduled and planned in and we know exactly what is going into a release. The release goes onto our internal use solution and then to beta test sites before being available to customers.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We are constantly checking for any threats to the operating system and these are assessed and patched to our hosted solution prior to going onto any customer sites.

Emergency patches (none have so far been identified as we do not use Microsoft) are assessed by the security team where a risk assessment will be made and a decision made on the urgency of the patches.

We use a number of sources for threat management including Qualy's and other security sources
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
As previously stated,
Incident management type
Incident management approach
Every solution comes with a helpdesk where they can log and report issues or they can report issues via the service route.

Updates are then via the helpdesk ticket or via the service route.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£1,000 to £200,000 an instance a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at <removed> Tell them what format you need. It will help if you say what assistive technology you use.