arbnco Ltd

arbn estates - Commercial property portfolio management of EPCs

arbn estates allows users to manage an entire portfolio of properties, using the data from their non-domestic Energy Performance Certificates. It can filter and search among the properties and can provide fully costed improvement reports for any property. The solution for MEES compliance, and also for energy efficiency management.

Features

• Commercial property portfolio management
• MEES compliance
• Identify fully costed energy efficiency measures
• EPC quality assessment
• Energy project scoping for zero carbon target
• Identify and regsiter MEES exemptions
• Define net-zero carbon projects across portfolio
• Identify energy savings
• Identify carbon savings
• EPC Improvement reporting

Benefits

• Ensure compliance with MEES regulations
• Identify properties for energy improvement
• Audit the quality of EPC reports
• Calculate updated EPC ratings for older assessments
• Scope energy efficiency improvement projects across the portfolio
• Plan carbon reduction projects across the portfolio
• Produce ESOS reports from existing asset data
• Identify potential EPC risks for MEES impact
• Identify and register MEES exemption properties
• Define scope of projects for net-zero carbon targetting

£1,500 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at spreece@arbnco.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

847873134200739

Contact

Stephen Preece
07377665536
spreece@arbnco.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: The EPC modelling platform is limited to level 3 and 4 EPC models and requires the upload of the .inp file from the non-domestic energy assessor.
• System requirements: No specific system requirements and browsers are listed later.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We would typically respond on the same day to issues raised, however this would not apply at weekends.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We have UK based sales and software staff who will be available to support any customer enquiries raised.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Users will need to contact arbnco for setting up and registration for licence and invoicing arrangements.; They will receive a welcome mail once registered with links to our training material and video content, as well as contact details for our sales and support staff.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: By request from any user, we would remove their data from our system at the end of contract and confirm this to them by e-mail.
• End-of-contract process: The price for each building uploaded includes access to the model for a period of 12 months. Users can run as many simulations and download reports during this period. If they wish to extend the period of access for a given property model file, they would need to pay for a second year of access.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• API: No
• Customisation available: Yes
• Description of customisation: Users can provide a logo which can be uploaded to their account. This will show on screen and also on downloaded reports. All reports can be downloaded in Word format and then then be customised as required.

Scaling

• Independence of resources: Being based in the cloud, it’s easy for us to scale our resources so we can meet our user’s demand via the cloud load balancing.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: EU-US Privacy Shield agreement locations
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: There are 4 different standard reports available from the platform, all of which can be downloaded in .pdf format and 2 of which are available in Word format as well.; Additional bespoke reports can be generated on request. These would usually be data extract reports and provided in the form of a spreadsheet for further analysis.
• Data export formats: Other
• Other data export formats:
  • Pdf
  • Word
• Data import formats: Other
• Other data import formats:
  • Inp data file from non-domestic EPC model
  • Zip file containing multiple .inp files

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We are not in a position to offer specific SLAs for availability
• Approach to resilience: This information can be made available on request.
• Outage reporting: We do not report outages at the moment.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Access in our service can be restricted through the use of three different user roles – admin, manager, and regular user. Admin users would be our own internal staff, while our customers can act as managers and regular users.; ; Then, on third party solutions we use, management interfaces are only available for lead developers and managers.
• Access restriction testing frequency: Less than once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Proactively, the cloud solutions used are able to provide data that enable analysis and detection of malfunction and threats our service may be subject to. Reactively, we also employ logging solutions that send alerts in real time when any malfunction is experienced. We thenrespond to these alerts, coordinating the development team, together with the Chief Technical Officer.
• Information security policies and processes: Internal security policies aim to deliver data Integrity, Availability and Confidentiality.; ; Our service provides data integrity through automatic backups from both databases and file systems and also through automated sanity tests that happen periodically.; ; Availability is offered through a scalable database as a service which can be easily scaled and tweaked to serve more users.; ; Confidentiality comes hand in hand with our compliance with GDPR and the training of all internal staff on it.; ; Then, if a customer needs to report any issues, he has a clear support channel to do so. Meanwhile, if we detect security incidents, affected customers are directly reached by email.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Due to the very nature of the cloud operators we use as basis for our service, components are automatically tracked in regards of location and configuration. This comes hand in hand with source code versioning and automatic backups. ; ; Then, changes to these components are first tested in either a local development environment or a staging server so that security can also be asserted and if any issues are detected they are fixed before reaching productions and, hence, our customers.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Potential threats to our services are assessed during a careful analysis conducted prior to any development and further testing routines prior to deployment. Security threatening patches can be applied in less than a day, while aesthetic issues can be fixed within a week. Information on threats are identified during testing routines and even through analysis of logs kept and statistics from cloud providers.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We have never experienced any compromises; hence, this is not a formal process clearly defined for us yet. Currently, we would rely on a Security company identifying it and reporting that to us, such as it happens usually. Then, we would be prompt to act on immediate notice.
• Incident management type: Supplier-defined controls
• Incident management approach: We have defined processes for the most common incidents our users may experience. The sales and support teams have been trained to answer for the most typical issues experienced by our customers. Then, if needed they would contact development management to report anything that was not yet defined, so we can extend our processes further. Users are able to report incidents wither through tickets, by email, or simply contacting our landline directly. If we detect a user has been affected by any incident, that user would be directly contacted either by email or by phone.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £1,500 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Users can register for free on arbn consult, which allows the same basic functionality for an individual building. They will need to apply for a licence to upgrade their registration to arbn estates, providing the full database portfolio features, including the re-simulation to the latest version of SBEM as standard.
• Link to free trial: https://app.arbnco.com/register

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at spreece@arbnco.com. Tell them what format you need. It will help if you say what assistive technology you use.