Agile Applications Limited

Agile SaaS: Building Control

Agile Building Control manages all aspects of Building Regulations work. Productivity tools (Microsoft suite integration, intuitive GIS, workflow) help preserve service profitability. Online submissions and secure, remote staff access to full application flow. Stand-alone, linked with our full suite (Land Charges, Environmental Health, Licensing) or fully integrated with Agile Planning.


  • Application flow from registration to completion
  • Full application details, inspections/diary and workflow, regardless of location
  • Automatic alerts of new applications or amendments
  • Initial notices, dangerous structures, unauthorised works, competent persons
  • Full history including enforcements, inspections and fees
  • In-built Competent Persons database
  • Easy tracking of time planned and projects completed
  • Flexible fee calculator easily changed to suit new charging schemes
  • Integrates with third party financial systems for automated invoicing/receipting
  • Comprehensive standard reports for management information and statutory returns


  • Facilitates self-service - intuitive Citizen Portal for online submissions
  • Keeps pace with changing legislation
  • Adapts to new working styles such as shared services
  • Combines time saving functions with knowledge resources
  • Helps officers to manage and prioritise workloads
  • Keeps management informed via escalation and alerts
  • Facilitates information sharing and billing for substantive advice
  • Full functionality for remote working - not cut down
  • Take action on the move with Agile@WORK


£25 to £100 per user per month

  • Free trial available

Service documents


G-Cloud 11

Service ID

9 0 5 8 8 1 9 1 8 1 6 2 7 6 1


Agile Applications Limited

Jared Crane

0330 100 3675

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Agile SaaS: Building Control is a comprehensive system which can be implemented "standalone" or as an element in Agile Applications' Built Environment Suite (which provides Planning and Local Land Charges as well as Building Control functionality).
Cloud deployment model Private cloud
Service constraints No
System requirements HTML 5 Browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We commit to response times in our SLA. Response time is dependent on urgency/prioritisation. System down response time is 1 hour, next level of priority response time 4 or 8 hours, with a two working days response time for enquiries or less urgent calls. The helpdesk system sends an acknowledgement email within 5 minutes when a call is logged.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We offer 3 levels of support: • Our standard service is available from 9.00am to 5.30pm Monday to Friday (excluding public holidays) and is included in our price. • Extended cover is available from 8.00am to 8.00pm Monday to Friday (excluding public holidays) at an additional charge. • 24 hours a day cover for critical applications is available at additional charge.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Agile Applications provides full project management and implementation services working in partnership with your IT and Project staff (with full ongoing support services thereafter). Agile's implementation package includes:

• Project Management (onsite / remote) throughout the process
• Data Migration
• Configuration consultancy
• Training needs analysis, delivery and associated documentation (onsite / remote)
• Onsite support during and immediately following “go live”.

Training is provided to ‘Super Users’ (System Admins) and ‘End Users’ by our Business Consultants and Training team. We provide user guides for our software (which also has inbuilt help for end users).

Post implementation, we provide:

• Onsite support on request • Account Management throughout the term of our agreement • Help desk service with option for extended cover • Support via remote dial up to the client’s system.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Agile Applications will provide an extract from the data as an export in CSV format for testing purposes. Following written sign off from the customer, the final data export will then be produced in CSV format as standard. This is charged at £5,000. Data export in formats other than CSV is by negotiation at our SFIA published rates.
End-of-contract process When the contract expires naturally, we will let the customer know that the exit process is underway. The process is managed via a plan delivered by a nominated Agile Project Manager working in partnership with the customer’s nominated transition manager. We expect to deliver customer data within 10 working days' notice of termination. We will provide an extract from the data as an export in CSV format for testing purposes. Following written sign off from the customer, the final data export will be produced in CSV format as standard (with other formats by negotiation). All related customer specific material is securely deleted from the hosted environment. Data is kept until full validation and sign-off by the customer. Beyond a data retention period of (a number of days agreed as per the contract) after the project work has been completed, this data will be securely deleted. The charge for this service is £5,000. However, if the customer chooses to terminate ahead of the normal contract expiry date, there may be additional Services costs associated with the off-boarding process.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service In terms of Desktop and Mobile for public access (citizens) the service and features are the same, although the user experience varies for some components and pages. For example, tables with several columns would need horizontal scroll to view all the data on a mobile or smaller screen devices.
Service interface Yes
Description of service interface The Citizen Portal is designed to provide straightforward, intuitive access to public users of the Agile SaaS service.
Accessibility standards WCAG 2.1 AA or EN 301 549
Accessibility testing The Portal supports the assistive technology features provided by the browsers listed.
What users can and can't do using the API Our APIs are accessible via RESTful communications with payload and data provided via JSON data format enabling integration with compatible third-party applications.
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation The solution is highly configurable including letter templates, emails and web content, information access (which can be set down to individual field level) and processes such as letter production. Our process-based workflow is also fully configurable by each application type. All changes can be made by the customer without assistance or charge from Agile once they have had the required training.


Independence of resources Customer environments are segregated and continuously monitored for performance. Where appropriate, resource configuration is altered to provide the best possible performance levels.


Service usage metrics Yes
Metrics types Details available on request.
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest Other
Other data at rest protection approach Azure Storage Service Encryption for data at rest
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach The report writer solution provided will output any query straight to XML, Excel, CSV, word, HTML or PDF as required.
Data export formats
  • CSV
  • Other
Other data export formats XML
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks IPsec or TLS VPN gateway
Data protection within supplier network
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network Data in transit between our APIs and back office applications (via browser based or 3rd party API communications) are encrypted with TLS v1.2 and HTTPS. Site to site or point to point communications take place via VPN connections authenticated with PSK with an IPSec tunnel.

Availability and resilience

Availability and resilience
Guaranteed availability The hosting provider's infrastructure is highly resilient. SLAs are subject to contract.
Approach to resilience Available on request.
Outage reporting Via email alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels A user cannot access the system without a username, password etc. The system provides for varying levels of security (full access, view only or no access) at group or individual levels. These levels of security can be applied at module, screen, process or field levels to provide a totally configurable security regime which can be changed as and when required (by "Super Users" for example).
Access restriction testing frequency At least every 6 months
Management access authentication 2-factor authentication

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 QMS International Ltd
ISO/IEC 27001 accreditation date 17th November 2015
What the ISO/IEC 27001 doesn’t cover N/a
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Our Information Security Management Policy (under ISO27001 certification) applies to all key areas and is subject to both internal and external audit. Policies include, but are not limited to:
• Access Control Policy
• Cryptographic Controls Policy
• Data Protection Policy
• Information Exchange Policy
• Information Sensitivity Policy
• Network Systems Monitoring Policy
• Remote Access and Mobile Computing Policy
• Security Incident Reporting Policy.

Policies are reviewed quarterly at meetings under the direction of a board representative and as required in response to any internal and external audit issues raised.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Configuration management on the VM servers used to deliver Agile SaaS is tracked (i.e. recorded, initialled and time stamped). All requested changes to the SaaS environment are submitted via a formal, documented process and the potential security/service impact is assessed. This includes careful consideration of notification, rollback and testing. Changes are deployed to QA for checking prior to approval and final release to staging and production.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Patch deployments are made to non-live systems and reviewed before being implemented on Live customer facing systems.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Resource usage and system functionality are periodically monitored. Patterns of usage that fall outside normal thresholds are flagged for investigation with the Infrastructure team for immediate investigation.
Incident management type Supplier-defined controls
Incident management approach Incidents are either raised internally by members of our support team or raised externally by customers via phone, email or directly in our service desk portal. Procedures for any recurring incidents are implemented immediately by the support team. Escalation can be either to a higher tier of the support team, with assistance from other teams including development or testing, or to any external supplier.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £25 to £100 per user per month
Discount for educational organisations No
Free trial available Yes
Description of free trial We offer a one week free trial for two customer nominated users in the final stages of procurement and prior to the signing of the G Cloud Call-Off Agreement. Short duration (typically 2 – 3 hours) “guided tours” are also available.

Service documents

Return to top ↑