MRI Software EMEA Limited


MRI PM is an industry leading real estate software application that provides a complete end to end property management solution for over 500 organisations. Our property management solution includes comprehensive property accounting, purchase ledger, maintenance management, document management, diary management, integration with MS office, mobile apps and web portals.


  • Service charge management: budgets, caps, multiple schedules, apportionments, reconciliation
  • Full property accounting: charging/collecting rents, ground rents, turnover rents
  • Comprehensive financial reporting including P&L and balance sheet by property
  • Bank reconciliation and links to banking systems
  • Maintenance management, both planned and reactive activities
  • Diary management: including inspections, rent reviews, lease expiries, gas checks
  • Customisable tenant correspondence and demands
  • 24/7 tenant/leaseholder self-service portal including tenant payments
  • Flexible reporting features, including income analysis and forecasting
  • Links with Microsoft products including Outlook and Excel


  • A fully-integrated solution which streamlines processes
  • Significant efficiency savings that facilitate business growth
  • Increased control of real estate income and expenditure
  • Zero duplication of data provides complete transparency
  • Automated and interactive reporting provides business insights
  • Customisable user interface and reporting to meet your business needs
  • Improved financial reporting provides greater visibility
  • Easy to implement and cost effective solution
  • Tenant/leaseholder self-service portal reduces operating costs
  • Mobile working


£300 to £1400 per user per year

  • Education pricing available

Service documents


G-Cloud 11

Service ID

8 7 0 8 9 9 9 7 8 5 7 3 9 8 9


MRI Software EMEA Limited

Steven Fox

020 3861 7100

Service scope

Software add-on or extension
Cloud deployment model
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
Unless otherwise agreed, scheduled MRI PM SaaS Infrastructure Maintenance (e.g. Routine Technical Platform Patching) is generally undertaken between the hours of 06:00 Saturday and 22:00 Sunday, two weekends per calendar quarter with notification issued to customer(s) in advance. Unless otherwise agreed, essential MRI PM SaaS Infrastructure Maintenance (e.g. Critical Security Patching, Device Restart) is generally undertaken between the hours of 20:00 and 00:00 Monday to Friday, or between the hours of 06:00 Saturday and 00:00 Sunday with notification issued to customer(s) at least 2 hours in advance. Daily system 2 hour backup window. Note: Times shown are BST / GMT.
System requirements
  • Compatible access devices/operating systems
  • Environment that support the Microsoft RDP client
  • Windows 7 or above

User support

Email or online ticketing support
Email or online ticketing
Support response times
MRI’s Global Client Support group will make every reasonable effort to ensure that submitted cases are assigned the proper level of Severity. Submitted cases will be responded to in the order in which they are received, with consideration given for higher Severity levels. Response Time is the time it takes before a Global Client Support agent makes initial contact with the individual who submitted case. Bundled Service (Normal Priority 6 Hours, Serious Priority 3 hours, Critical Priority Live Call Only) Concierge Standard (Normal Priority 4 Hours, Serious Priority 2 hours, Critical Priority Live Call Only)
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
We include support within our annual fee. Support includes a named Account Manager and a Client Support Helpdesk. The Client Support Helpdesk also serves as the contact for all cloud support requests for trained users.
Support available to third parties

Onboarding and offboarding

Getting started
Our training program is designed to help you achieve the maximum return on investment. Our in-house team of professional trainers have extensive knowledge of our solutions. During the implementation phase we will train your core project team to have a strong understanding of the system. Your project team will learn how data is structured in MRI PM, the available configuration options within the standard product and how the specific processes operate. This process involves reviewing your business processes as they are mapped to system functionality.
It is your decision whether we deliver end user training or if you would prefer to adopt the ‘Train the Trainer’ approach. The implementation process will provide your core project team with a strong foundation to train co-workers. Our end user training services are delivered by our in-house team and tailored to suit your needs. We offer both classroom and webinar training. After commencement of live use of MRI PM, you will have access to our client portal for user guides, video clips, forums and helpdesk support.
Service documentation
Documentation formats
  • ODF
  • PDF
  • Other
Other documentation formats
End-of-contract data extraction
Data can be exported from the system via reporting tools in CSV format to MS Excel which can then be used to import into other applications.
End-of-contract process
Following termination of the contract (for whatever reason), buyer shall certify that it has returned or destroyed all copies of the applicable software and confidential information of MRI and acknowledges that its rights to use the same are relinquished. Buyer shall use its commercially reasonable efforts to remove all buyer data from any software or SaaS service prior to termination of the contract. Buyer may engage MRI to assist buyer in removing such buyer data at MRI’s then standard rates. If any buyer data remains in the software or SaaS service more than thirty (30) calendar days after the effective date of termination, MRI may, in its sole discretion and without notice, delete any and all buyer data.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Mobile apps are available for specific functional areas.
Service interface
What users can and can't do using the API
MRI PM’s API is delivered via web services (SOAP and RESTful). The services enable integration with our partners and other MRI applications to provide the ability to create, update or delete data and transfer documents. Where there are specific interface requirements these can be discussed and agreed with the user as part of the project implementation and associated configuration complete in partnership.
API documentation
API documentation formats
  • HTML
  • ODF
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
Users can select which field colours, fonts and columns are displayed on tables of data and the order of function buttons. Custom notes may be built to store additional data which may be fully reported on. These changes are made through the standard application user interface. The customer's defined system administrator can customise the field labels used throughout the system to organisational standards. Users can be restricted to a subset of the data by the use of enforced filters.


Independence of resources
MRI PM SaaS utilises VMware to provide clustered host resource pools (vCPU, RAM, Storage) and features including High Availability (HA) and Distributed Resource Scheduler (DRS) which ensure resources are available to support current and future growth of customer systems. Each customer has dedicated virtual images (Application and Database Server) with appropriate resource reservations (vCPU, RAM, Storage) according to user and business process needs.


Service usage metrics
Metrics types
Customer defined MRI PM System Administrators have the ability to run reports to view user metrics/usage (successful/unsuccessful login, session termination, data changes).
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data can be exported in multiple ways including Excel, csv, text and xml. We can also develop customer exports as required.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • Text
  • XML
Data import formats
  • CSV
  • Other
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We use commercially reasonable efforts to ensure availability twenty -four (24) hours a day, seven (7) days a week, except for: (a) planned downtime (of which we provide adequate notice and will schedule to the extent practicable during the weekend hours), or (b) any unavailability caused by circumstances beyond our reasonable control, including without limitation, Force Majeure events or internet service provider failures or delays. We host our solution in a UK-based Tier 3 data centre that is designed to deliver high availability.
Approach to resilience
Available on request
Outage reporting
Salesforce support desk is used to manage customer / support interaction for specific customer system issues. E-mail advisories are in place and used to alert multiple customers / contacts of unplanned outages.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Management interfaces and support channels are managed according to ISO 27001:2013 ISMS controls and processes. The least privilege required for a role principal is followed in all areas. At the implementation phase, we define the principle customer contacts and allow only these authorised users to request management changes. We verify user identity as part of change request process.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Data centre Infrastructure and associated services are managed according to ISO 27001:2013 controls and processes.

MRI PM security controls and processes are used to manage the Application Platform.
Information security policies and processes
Data centre Infrastructure and associated services are managed according to ISO 27001:2013 controls and processes.

MRI PM security controls and processes are used to manage the Application Platform.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
MRI PM is managed according to ISO 27001:2013 ISMS including technical platform patching (e.g. non-production testing, sign-off), risk assessment and corrective action tracking. MRI PM code is version controlled using Subversion and GIT, allowing code changes to be tracked at line level. The application is built from Subversion or GIT, depending on the component, and subjected to separate Development and Test cycles within dedicated non-customer environments. Releases to the customer are through our ftp site or CD, for the customer to download. An external Application / Penetration Test is undertaken annually against the latest MRI PM Application build.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Data centre vulnerabilities are managed according to ISO 27001:2013 ISMS controls and processes which allow risks to be tracked throughout the risk life (identification, assessment and treatment). Quarterly Scheduled Maintenance is undertaken to ensure that the technical platform is routinely patched to the latest available security guidelines/patches. Short notice (2 hours) Essential Maintenance may be undertaken based on a risk assessment to ensure that critical vulnerabilities are addressed outside of Quarterly Scheduled Maintenance as required. 3rd party security forums and alert services (e.g. ISC) are subscribed to along with automatic security device signature updates.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Protective monitoring and associated responses are managed according to ISO 27001:2013 ISMS controls and processes utilising a mixture of automated features at security device level (e.g. automatic blocking based on severity/signatures) and manual interaction based on alerts (e.g. manual investigation of alert before intervention).
Incident management type
Supplier-defined controls
Incident management approach
Incidents are managed according to ISO 27001:2013 ISMS controls and processes which includes a defined "Security Incident Management Policy" including reporting mechanisms for both Information Technology and Physical Security incidents, incident logging, communication to internal and external parties, escalation, reporting, planning, implementation of preventative actions, securing / forensic evidence and continued improvement incident review.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£300 to £1400 per user per year
Discount for educational organisations
Free trial available

Service documents

Return to top ↑