Rimsco Limited


Provision of cloud-based catering management including stock items, recipes, menus, ordering including suggested orders based on future demand, receiving, supplier invoice checking and passing for payment, customer (pupil/parent/diner etc.) menus for ordering choosing paying by either cash or cashless or account. Licence access by power operators, free for pupils, parents.


  • Access by any standard browser from any internet-connected device.
  • Real-time access by multiple users from multiple sites/centres.
  • One hundred levels of power and security.
  • Free access for almost unlimited numbers of zero-level users.
  • All access to the system via encrypted communication.
  • Almost any number of operational centres (e.g. schools, colleges).
  • Several optional security features (e.g. DDOS circumvention).
  • Open source version for eventual movement of system in-house.


  • No need for backups or security beyond normal device protection.
  • No expertise needed beyond use of PC, tablet, etc.
  • Targetted on-line help for screens.
  • Screens tailored by you for different layouts/fonts/colours/languages .
  • Fields programmed by you to invoke actions or applications.
  • Almost any number of tailored-by-you user environments provided.
  • Caterman users can interact with other applications.
  • Audit trail provides replication of screens from history.
  • User accounts are updated almost immediately when using PayPal etc.


£240 per person per quarter

Service documents

G-Cloud 10


Rimsco Limited




Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Service not available in UK between midnight and 1am.
System requirements
  • Users must have standard browser.
  • Users must classify the web server(s) as a trusted destination.
  • Users need internet access.
  • There must be a central customer contact team.
  • Caterman support only available by email (and Skype if necessary).

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response in 24 hours 9.00am to 5.00pm Monday-Friday only.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support No
Support levels Support is provided within the licence fee at a standard level.
There is only one level.
We provide resource as deemed appropriate, and we do not provide anything but application support, i.e. no PC support, no internet connection support, no general computing support. Any support provided which is not related to the application may be chargeable. Telephone support is only for emergency use, and may be chargeable.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Interactive co-operation, some tasks performed for customer. General handholding for first three months including one month free trial.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction Customers may obtain a copy of their data at any time in the form of a database or as a series of separate files in either comma-delimited or tab-delimited form suitable for loading into spreadsheets. There is a charge for this, not exceeding 5% of annual licence fee. Certain security measures are required for transfer.
Most data can be extracted by empowered users as reports at any time without charge (a normal activity of the system).
End-of-contract process The customer may simply terminate the contract, or take a copy of data, or move the data to an Open Source version of Caterman in-house subject to certain conditions and safeguards including continued payment of 50% of the licence fee until the system ceases to be used.
As part of the contract, the customer must agree to state a date on which, subsequent to Caterman cloud-based use being terminated, ALL customer data held by us is to be destroyed.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Users each have one of many thousand defined Caterman environments.
Different environments may be created by you for different types of user and for different devices if necessary.
Accessibility standards None or don’t know
Description of accessibility Service accessible thru browser by entering the web server URL.
The user device requires accepted standard encryption capability.
Accessibility testing None documented as we do not inquire on characteristics of our users.
What users can and can't do using the API APIs are only available to users by arrangement and implementation may be chargeable depending on user requirements.
API documentation No
API sandbox or test environment Yes
Customisation available Yes
Description of customisation All fields can be tailored by customer power users to change text into other text, other fonts, other colours, different positions on screen, and to invoke by mouse action (click, double click, hover, etc.) or similar an action or an audio or pictorial response or invoke another application (e.g. an inquiry on your in-house personnel system, etc. - any application available on the user device on that network). An example of this is a school power user could invoke from a pupil school meal account screen i.d. field a screen showing the pupils photograph and peral details kept on a storage device in the school accessible only via the school network - e.g. a HTML record in a disk file on a school server mounted as a disk on the user PC (putting photos of children on the internet is not advised).
Some schools might wish to provide environments for users in different languages or with facilities to offer a different language text, or audio as well by mouse action.


Independence of resources Caterman is monitored for any excess response time. The servers are upgraded as required.
System response time depends on user power/security level. Higher priority users take precedence over lower priority users, so system overload manifests first at level zero. Higher power level users are unlikely to be affected before system resources are increased.


Service usage metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Many reports are available on demand in format suitable for export to other computer systems. Bespoke export in the form of customer-defined files are available on request subject to a small charge. Please note that all enhancements and extra facilities added to Caterman by any customer will be available to all Caterman cloud customers.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats Oracle database on termination of contract or move in-house.
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network Encryption.

Availability and resilience

Availability and resilience
Guaranteed availability One days licence credit for any failure of service between the hours 1am and midnight on any day. No responsibility is accepted for end-user equipment problems, internet connection thru to our servers, internet providers DNS server failure, or any problems arising from matters outside of our control.
Approach to resilience Data is held on mirrored storage in secure datacentres either selected by us or, in some cases, chosen by the customer. Backup copies of the database are taken daily, and a log of all user screen content is kept.
Outage reporting Email alerts for known outages.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
  • Other
Other user authentication End users must supply two security codes, password and PIN. The password and PIN may be changed at any time by the user. Retrieval of lost password requires intervention supervisor. Optionally, Caterman can require input of codes sent by SMS.
Other security checks include circumstances where a user cannot log-on unless another defined user is already logged on, or can only log on from a particular ip address or range of ip addresses (e.g. a local network, a country, an account operated from only one IP address - users may have more than one account, e.g. one each for office/home).
Access restrictions in management interfaces and support channels End users of Caterman are restricted to system facilities according to a template of authoristaions allowed for a password account/security level.
An end user can have multiple accounts so that, working from the office, the user can utilise certain high level management facilities, but working from home only a restricted set of facilities, and working from a public WiFi access point, only basic facilities.
Support is available to defined email accounts and must contain a code in the subject line to reach the assigned support personnel.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password
  • Other

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Dependent on chosen server farm.

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Initially, only security-validated personnel have access to user data. All development and testing is carried out on test databases. After the customer is running normally, the control of access to the system is handed to the customer, after which control of the system resides with the customer and access is unavailable to anyone without customer assistance.
Information security policies and processes All software we use is kept up to date regarding virus and other attack vectors. The computer press and internet are monitored for any developments which may threaten attack, and appropriate steps are taken .

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Caterman is subject to periodic updates for all cloud users, and most in-house clients. Comprehensive testing of modified modules is carried out beforehand. Each iteration of entire Caterman is saved by release date as modules interact with each other.
No changes which impact on security are entertained, except where a vulnerability is discovered (unlikely, after so many years).
Vulnerability management type Undisclosed
Vulnerability management approach The computer press and other media concerned with computer and data security are monitored and any new threats assessed. Any potential threat is evaluated and any improvement required applied as soon as possible. The only attack point is the central processing server for the customer and, where utilised, distributed access web servers. Vulnerablities on internet connection and user end-devices are not our responsibility, however will be notified to customers where detected. The only interaction with the main server is via browser, and the only functionalities supported by the web servers are html processing by Apache plus one other (undisclosed).
Protective monitoring type Supplier-defined controls
Protective monitoring approach Sophisticated access monitoring is maintained and unauthorised access notified immediately. Logs are maintined for examination of any unauthorised activity, and customers are notified by email if their data might be compromised (unlikely). Depending on when unauthorised activity takes place, response varies from immediate to 12 hours.
Incident management type Undisclosed
Incident management approach There are no common events, and no events whatsoever attributable to our service for more than five years. Users report incidents by email, or telephone in the event of emergency (may be chargeable if event is not within our area of responsibility).
All customers affected receive a report detailing what the incident was and what impact it had on their service or data, and what steps we took and/or are taking.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Other


Price £240 per person per quarter
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Full Caterman cloud test bed plus skeleton live Caterman cloud installation. All standard non-chargeable Caterman facilities are available.
Support is non-contractual, and is restricted to low priority as no team is assigned.
The free trial is for 10 users for one month to three months depending on mutual agreement.
Link to free trial https://caterman.uk


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑