The design, supply and support of web hosted compliance software called the Micad Compliance Exchange. Designed to help manage and demonstrate your compliance with statutory regulations. It also provides a secure document repository and the means for technical collaboration with contractors and in house teams and individuals.
- Document Compliance Management
- Uses recognised document standards
- Generous storage limits
- Mobile web access
- User defined document repository
- Easy document upload and retrieval
- Secure online storage
- Collaboration technology
- Automated alerts & actions
- Tailored access and views
- Increased levels of Compliance
- Reduced Risk
- Direct engagement with supply chain
- Impartial independant software
- More efficient work practises
- Reduced operating costs
- Instant visibility of compliance status
- Demonstrate Compliance with statutory regulations
- Improved Contractor Management
- Automated alerts and actions to appropriate persons
£10000 per instance per year
- Education pricing available
- Free trial available
Micad Systems (UK) Ltd.
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||
Patient or Student Records and Management Systems
Provides a location based data base for EDI within the GS1 environment
EHS and Risk Management systems
Classroom and timetabling systems
|Cloud deployment model||Private cloud|
|Service constraints||Support is limited to normal office hours (9:00-17:30 hrs) excluding bank holidays.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||During normal office hours we aim to respond to tickets within a working day.|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
|Support levels||Micad offer a unified single tier support for all their customers unless by special agreement. This includes online ticketing, phone, email and fax support options. There is also an active online user group.|
|Support available to third parties||Yes|
Onboarding and offboarding
Users have access to a full range of implementation and training services . This can include a tailored training plan making use of onsite and online training and consultancy sessions.
Informal training using webinar technology is also available to user by agreement often incurring no charge.
All modules also come with full online manuals which can be tailored to a users specific needs if required.
|End-of-contract data extraction||
Data held in Micad’s software always belongs to the client. Specific off-boarding arrangements will be agreed with each client on commencement of the contract.
Users are free to download data and store it locally at any time. In addition special arrangements can be made for a formal onsite download on a regular basis.
At the end of the contract all data is made availabe to the user in its native format (e.g. drawings .dwg). In addition a copy of the SQL data can be made available.
If the data needs to be presented in another form (e.g. Excel spreadsheet) or manipulated in any way then additional charges may apply.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||There are dedicated native Apps for trades staff and surveyors that present a different view to the desktop experience.|
|Accessibility standards||None or don’t know|
|Description of accessibility||Users access the service through an active internet connection to a private fire walled system. Alternative deployments allow for fully encrypted deployment on the web.|
|Accessibility testing||Currently no formal testing has been done with users of assistive technology but Micad are happy to engage with its users as required|
|What users can and can't do using the API||
Micad is in the process of updating its API. The Micad API will be configurable to allow different data interactions and frequency. The most common form this takes is to pass validated space and location records to other internal systems (e.g. Asset management, patient management). A second common use is t pass the asbestos records along with the space records for a fully validated Asbestos register.
The growing requirements of GS1 means that Micad forms the core part of the local registry as the sole repository of physical GLN's.
|API documentation formats|
|API sandbox or test environment||No|
|Description of customisation||
All Micad modules allow some degree of customisation. This can take the form of new fields and reports to customising user avatars and photograph.
Output emails form the system can be edited to suit the organisation. Some modules allow for the application of a full language pack that will use local or organisational vocabulary (e.g. space not classroom or campus not site) for instant familiarity by users.
All customisation are limited by user rights and some customisation required input by Micad technical staff.
|Independence of resources||Our systems are provisioned using VMware Clusters planned with resource redundancy in mind. The cluster is easily and regularly upscaled to make the most modern processors and RAM capacity.|
|Service usage metrics||Yes|
|Metrics types||As standard Micad users benefit from dashboards that demonstrate user activity and the quality of data sets held within the software modules.|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Supplier-defined controls|
|Penetration testing frequency||Less than once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Encryption of all physical media|
|Data sanitisation process||No|
|Equipment disposal approach||In-house destruction process|
Data importing and exporting
|Data export approach||Users can export data in a variety of formats including MS Excel spreadsheets .pdf and other native formats (e.g. .dwg, MS Word). This can be done at any time during the conract.|
|Data export formats||Other|
|Other data export formats||
|Data import formats||Other|
|Other data import formats||
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
|Guaranteed availability||Availability is not guaranteed but service levels are currently 99.99%. This level has been maintained for over three years.|
|Approach to resilience||Details of the data centre resilience and backup are available on request|
|Outage reporting||Users are informed of any outages via the support portal home page and email.|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||Before individuals are allowed to access company or client data, training in the use and attributes of the data are fully undertaken and relevant for each employee’s role in the business. Training of employees is over seen by the System Architect.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||You control when users can access audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security accreditations||No|
|Named board-level person responsible for service security||Yes|
|Security governance accreditation||No|
|Security governance approach||
As a provider of hosted systems, Micad takes data management and security very seriously. This policy establishes uniform data management standards and identifies the shared responsibilities for assuring the integrity of data effectively serves the needs of the Micad Business and its Clients. This policy applies to data used in the administration and operating of the business and relates to both Clients and company held data sets.
A copy of our full data management and security policy is available on request
|Information security policies and processes||
MIcad have their own Data Management and security policy available on request.
Data Security Principles
Data Ownership, Administration and Access
Micad Ownership of Data
Access and Confidentiality
Integrity, Validation, and Correction
Extraction, Manipulation, and Reporting
Retention and Archiving
Web Access to Client Data
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Micad operate their own quality standards that incorporate change control measures. Micad’s internal quality policy, objectives and standards do ensure that all works carried out are done so in the spirit of requirements as laid down by BS EN ISO 9001. We are currently seeking to gain ISO 9001 accreditation in 2018. Micad is also registered Autodesk developer and last year acquired a business that had the ISO 9001 standard.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Cloud managed Endpoint systems.
Firewall UTM and IPS
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||IPS and endpoint notifications|
|Incident management type||Supplier-defined controls|
|Incident management approach||
Internal notifications are assed and mission critical relayed incidents are raised to IT specialists.
Monthly health reports are automatically produced on the performance and health of the whole IT infrastructure.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£10000 per instance per year|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||Trials can be set jp at the request of the user. The time and scope of the trial is agreed in advance between the user and the supplier. Under certain circumstances training charges may apply.|
|Pricing document||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|