arbnco Ltd

arbn consult - non-domestic EPC improvement modelling

arbn consult allows users to upload a data file from any non-domestic Energy Performance Certificate and produces a fully costed set of improvement strategies for the property. Designed for MEES compliance, it can also scope energy efficiency retrofit projects and identify carbon savings.


  • EPC Improvement reports
  • MEES compliance
  • Energy efficiency measures
  • EPC quality assessment
  • Energy project scoping
  • Identify MEES exemptions
  • Register MEES exemptions
  • Identify energy savings
  • Identify carbon savings


  • low cost building improvement reports
  • provides the complete MEES compliance solution
  • Audit the quality of EPC reports
  • Easily identify MEES exemptions
  • confirm the cost of MEES compliance
  • choose from a selection of improvement measures for any building


£50 to £650 per unit

Service documents

G-Cloud 11


arbnco Ltd

Stephen Preece


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints The EPC modelling platform is limited to level 3 and 4 EPC models and requires the upload of the .inp file from the non-domestic energy assessor.
System requirements No specific system requirements and browsers are listed later.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We would typically respond on the same day to issues raised, however this would not apply at weekends.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We have UK based sales and software staff who will be available to support any customer enquiries raised.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Users can register for free through our website, providing the minimum of contact details and 2 stage e-mail confirmation.
They will receive a welcome mail once registered with links to our training material and video content, as well as contact details for our sales and support staff.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction By request from any user, we would remove their data from our system at the end of contract and confirm this to them by e-mail.
End-of-contract process The price for each building uploaded includes access to the model for a period of 12 months. Users can run as many simulations and download reports during this period. If they wish to extend the period of access for a given property model file, they would need to pay for a second year of access.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices No
Service interface No
Customisation available Yes
Description of customisation Users can provide a logo which can be uploaded to their account. This will show on screen and also on downloaded reports. All reports can be downloaded in Word format and then then be customised as required.


Independence of resources Being based in the cloud, it’s easy for us to scale our resources so we can meet our user’s demand via the cloud load balancing.


Service usage metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency Never
Protecting data at rest Encryption of all physical media
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach There are 4 different reports available from the platform, all of which can be downloaded in .pdf format and 2 of which are available in Word format as well.
Data export formats Other
Other data export formats
  • Pdf
  • Word
Data import formats Other
Other data import formats Inp data file from non-domestic EPC model

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability We are not in a position to offer specific SLAs for availability
Approach to resilience This information can be made available on request.
Outage reporting We do not report outages at the moment.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Access in our service can be restricted through the use of three different user roles – admin, manager, and regular user. Admin users would be our own internal staff, while our customers can act as managers and regular users.

Then, on third party solutions we use, management interfaces are only available for lead developers and managers.
Access restriction testing frequency Less than once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Proactively, the cloud solutions used are able to provide data that enable analysis and detection of malfunction and threats our service may be subject to. Reactively, we also employ logging solutions that send alerts in real time when any malfunction is experienced. We thenrespond to these alerts, coordinating the development team, together with the Chief Technical Officer.
Information security policies and processes Internal security policies aim to deliver data Integrity, Availability and Confidentiality.

Our service provides data integrity through automatic backups from both databases and file systems and also through automated sanity tests that happen periodically.

Availability is offered through a scalable database as a service which can be easily scaled and tweaked to serve more users.

Confidentiality comes hand in hand with our compliance with GDPR and the training of all internal staff on it.

Then, if a customer needs to report any issues, he has a clear support channel to do so. Meanwhile, if we detect security incidents, affected customers are directly reached by email.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Due to the very nature of the cloud operators we use as basis for our service, components are automatically tracked in regards of location and configuration. This comes hand in hand with source code versioning and automatic backups.

Then, changes to these components are first tested in either a local development environment or a staging server so that security can also be asserted and if any issues are detected they are fixed before reaching productions and, hence, our customers.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Potential threats to our services are assessed during a careful analysis conducted prior to any development and further testing routines prior to deployment. Security threatening patches can be applied in less than a day, while aesthetic issues can be fixed within a week. Information on threats are identified during testing routines and even through analysis of logs kept and statistics from cloud providers.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We have never experienced any compromises; hence, this is not a formal process clearly defined for us yet. Currently, we would rely on a Security company identifying it and reporting that to us, such as it happens usually. Then, we would be prompt to act on immediate notice.
Incident management type Supplier-defined controls
Incident management approach We have defined processes for the most common incidents our users may experience. The sales and support teams have been trained to answer for the most typical issues experienced by our customers. Then, if needed they would contact development management to report anything that was not yet defined, so we can extend our processes further. Users are able to report incidents wither through tickets, by email, or simply contacting our landline directly. If we detect a user has been affected by any incident, that user would be directly contacted either by email or by phone.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £50 to £650 per unit
Discount for educational organisations No
Free trial available Yes
Description of free trial Users can register for free on our platform. They will then have access to five demonstration properties that they can explore to see the type of reports available and the range of measures that can be identified.
Link to free trial

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑