Excitech Limited

Excitech FM

Excitech FM is a powerful Space Management solution that can provide 2D and 3D graphical visualisation capabilities.

Effectively managing real estate portfolios requires accurate and up to date information.

The technology integrates with both AutoCAD drawings and Revit models, allowing you to take advantage of the rich set of information.


  • Automatic Space Measurement
  • Space Categorisation
  • Space Allocation
  • Space Chargeback
  • Cost Allocation
  • Move Management
  • Asbestos Management
  • Condition Surveys
  • Asset Data Collection
  • BIM to FM


  • Single source of truth with regard to space data
  • Highlight underused space across a property portfolio
  • Recharging of space allocation across six tiers of business structure
  • Plan complex moves to align property strategy with business needs
  • Provide asbestos information to engineers or contractors
  • Ensure that statutory documentation is stored against each location
  • Manage condition surveys tracking backlog costs
  • Collect asset data when commissioning a building post completion
  • Transfer data from an Autodesk Revit model (BIMtoFM)
  • Produces reports to drive improvements in performance across estate


£400 to £2200 per user per year

Service documents

G-Cloud 9


Excitech Limited

Richard Brayshaw

07540 824860


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to FSI Concept
Excitech FM
Cloud deployment model Private cloud
Service constraints Standard Support is Monday - Friday 8:30am - 6:00pm
Enhanced support is availible at extra cost
System requirements Microsoft IE, Google Chrome or Safari

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times Excitech support hours are Monday-Friday 08:00-18:00.

To ensure support work is appropriately prioritised, Excitech scores each support incident for business impact and assigns a priority level accordingly. Based on the selected severity level, Excitech aim to respond in the timescales listed below:

Response Target : Immediately or no longer than 15 minutes
Resolution Target: As soon as possible but no longer than 1 Working Day

Response Target: 30 minutes
Resolution Target: 1 Working Day

Response Target : 1 Hour
Resolution Target: 2 Working Day

Response Target: 4 Hours
Resolution Target: 5 Working Days
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Support can be provided on a fixed support contract basis or provided as retained services. Each support agreement is tailored to the needs of the users. Basic support contracts are available from £1,500/annum. Retained services are available from £900/day and can cover product support, technical support, configuration, customization and project work on site or remotely.

A technical account manager will be provided to manage this support contract or complete the retained services work as required.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Excitech have the ability to provide customisation, configuration, onsite training or online training dependent on the user needs. Documentation and online help is provided as standard with all installations.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Excitech are happy to provide a full copy of data back to the user on request in a form that can be transferred to an internal system or alternate provider at the end of the contract. Throughout the engagement with Excitech FM the data would remain the property of the user.
End-of-contract process Excitech are happy to provide a full copy of data back to the user on request in a form that can be transferred to an internal system or alternate provider at the end of the contract. Throughout the engagement with Excitech FM the data would remain the property of the user. Any consultancy around the import to the alternate system would be chargeable.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10+
  • Chrome
Application to install Yes
Compatible operating systems Windows
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility The service allows:

Usage with limited vision
Usage without perception of color
Usage without hearing
Usage with limited hearing
Usage without vocal capability
Usage with limited manipulation or strength
Usage with limited reach
Minimize photosensitive seizure triggers
Usage with limited cognition

The service is not currently suitable for:

Usage without vision
Accessibility testing N/A
What users can and can't do using the API Users (with appropriate access rights) can highly customise the interface such as.-
Modifying or creating data entry forms.
Defining floor plan based data visualisation layers.
Modifying and creating dashboard items
Modifying and creating reports.
Almost all configuration changes are made via the web interface (i.e. customisation forms).
API documentation Yes
API documentation formats
  • PDF
  • Other
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The majority of the application can be configured or customised, for example.-
Almost all data forms
All reports
All dashboards
Most security controls.
Floor plan data overlays.
Automated email delivery.
Status flows.
The majority of customisation is undertaken via the web interface with only a limited number of specific changes requiring any direct access to the server environment.
Access to the configuration elements is controlled via user privileges which can themselves be adjusted to further control access to different aspects of the configuration.


Independence of resources Excitech use Microsoft Azure to host the Excitech FM solution, as it provides a high degree of dynamic scalability allowing both application and database server performance to be increased at short notice. Currently Escitech FM deployments are being successfully operated on the lower end of Azure’s performance spectrum providing significant headroom for growth if required. Excitech will manage this requirement to ensure performance is not affected by changing demand.


Service usage metrics Yes
Metrics types Excitech can provide reports on request highlighting user numbers, device accessed from, time spent within the application.
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users are able to extract data from the solution using the dynamic reports engine, defining the requirement and querying the database as required. Alternatively Excitech is happy to provide an export of all data on request.
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability The availability of services is 24 hours/day, 365 days per year.

• For the last 12 month up time was in excess of 99.9%
• Call resolution was within defined response in excess of 95%

Any service outage is seen as critical:
Response Type : An immediate and sustained effort using adequate resources until resolved. An on-site visit or vendor assistance may be essential
Response Target : Immediately or no longer than 15 minutes
Resolution Target: As soon as possible but no longer than 1 Working Day

Service Level Agreements can be defined on a customer by customer basis, including any recompense around levels of availability.
Approach to resilience This information is available on request.
Outage reporting All users of Excitech FM are notified by email of any service outages. They will also be kept updated by email as the situation progresses and is resolved.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Excitech FM uses Microsoft Azure to host the application. Azure manages and controls the identity and user access to their environments, data and applications by federating user identities to Azure Active Directory and enabling multi-factor authentication for a more secure sign-in. Excitech can restrict access based on the need to know and least privilege security principles. Azure Role-Based Access Control (RBAC) can be used to assign permissions to users, groups, and applications at a certain scope. The scope of a role assignment can be a subscription, a resource group, or a single resource.
Access restriction testing frequency Less than once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
Information security policies and processes Excitech have an extensive document outlining all information security policies. The main objectives of this are to ensure that:

All employees understand information security in the organisation and their duties to maintaining compliance.
Access to the company network is limited to authenticated company employees using approved company equipment. Access to the network by persons other than employees must be agreed in each instance by the IT department.
Access to the company network should be possible from anywhere in the world using a secure connection.
Information should be protected external threats posed by viruses, internet, email and other external connections.
Company servers and other information storage media should be kept physically secured.

The Information Security Officer is responsible for ensuring that staff are aware of these policies and that they are adhered to. They are also responsible for the production, maintenance and review of the information security policy document (on at least an annual basis) and ensuring that threats to this policy are understood and raised to the board.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Changes to application are tracked using GIT based internal processes.
Security considerations are manually reviewed on a case by case basis as deemed necessary.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Azure uses integrated deployment systems to manage the distribution and installation of security updates for Microsoft software. Azure is also able to draw on the resources of the Microsoft Security Response Center (MSRC), which identifies, monitors, responds to, and resolves security incidents and cloud vulnerabilities around the clock, each day of the year. Patches to any identified vulnerability are applied as quickly as possible.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Microsoft Azure has a global, 24x7 incident response service that works to mitigate the effects of attacks and malicious activity. The incident response team follows established procedures for incident management, communication, and recovery, and uses discoverable and predictable interfaces with internal and external partners. Excitech looks upon potential compromises as requiring critical support and will act in conjunction with Microsoft and affected users (as appropriate) to resolve within the appropriate timescale.
Incident management type Supplier-defined controls
Incident management approach Incidents can be raised and reported by users by phone or email. Incidents detected by the Excitech team or Microsoft will be communicated to customers as and when required.

Upon detection the incident will then pass through a 4 phase process of assessment, diagnosis, recovery (where the team will put in place a plan to minimize risk and affects) and resolution once the issue has been completely dealt with. Following resolution the team will assess learning to mitigate the risk of such an incident occurring again.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £400 to £2200 per user per year
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑