Energy and Compliance Technology Ltd

C365Cloud CAFM Software

C365Cloud CAFM system allows organisation to proactively and by exception manage and monitor compliance across multiple companies, sub-companies, premises, and groupings. With hundreds of individual modules to choose from: HelpDesk, PPM, Asset Management, Fire, Gas, Electric, Asbestos, LOLER, Legionella. Enable your workforce to manage by exception with C365Cloud.

Features

• Live, interactive dashboards to overview compliance.
• Manage the big 6 compliance areas.
• Provides management of all third-party suppliers and internal operatives.
• On device quality assurance.
• Real-time, RAG compliance dashboards to determine compliance status.
• Mobile working offers cross platform support across Apple IOS/Android/Windows.
• Planned and reactive maintenance.
• Interactive floor plan to highlight where assets are located.
• Barcode/QR code scanning of assets.

Benefits

• Intuitive and easy to use.
• Real time reporting.
• Manage by Exception with automated alerts and scheduled reporting.
• Reduction in administration errors, cost and time by automating workflows.
• Increase field worker productivity.
• Customisable workflows - automatically route actions to nominated personnel.
• An award winning audit trail function.
• Quickly upload and categorise thousands of historic electronic reports.
• Unlimited users.

£10,000.00 an instance a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jelwis@compliance365.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

914029427614476

Contact

James Elwis
01924 669940
jelwis@compliance365.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: C365Cloud is a modular software. This means each C365Cloud module can work as a standalone module but can be seamlessly integrated with others to provide organisations with one system for compliance management.
• Cloud deployment model: Public cloud
• Service constraints: Access to the internet and a modern internet browser.
• System requirements: Internet access 1Mbps minimum

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Client specfic SLA timescales are applied
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Once the system has implemented the C365Cloud Help Desk manage in accordance with the following Key Performance Indicators;; ; Priority 1 – Core System Critical: downtime affecting all C365Cloud service users; Response time: Respond within 2 hours and recover within 4 working hours (During normal working hours) – 95%; ; Priority 2 – Incidents which result in an interruption to business performance but not causing major disruption; Response time: Respond within 8 hours and recover within 24 hours – 95%; ; Priority 3 – Bug Fix – Incident causing an individual disruption without a suitable work around and being available; Response time: 2 working days – 95%; ; Priority 4 – Minor Bug – Incident causing an individual disruption without a suitable work around being available; Response time: Next feature release
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: All clients receive direct support in on-boarding specific to their requirements.; ; We apply a “Just in Time” Training methodology to ensure maximum effectiveness in line with roles and responsibilities and relevant areas of C365Cloud. Our usual approach is train-the-trainer, which is typically the preferred approach of our clients. ; ; User manual PDFs covering all functions are also issued at mobilisation and re-issued by automated email ahead of new version releases. Role Specific User Manuals and ‘how to’ guides are also available to individual Users based on their level of access and/or responsibility via their various dashboards.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: All data is provided back to the client in a pre-agreed secure format.
• End-of-contract process: The end of contract process is agreed with the client at the start of the service.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: No
• API: No
• Customisation available: Yes
• Description of customisation: C365Cloud has an outstanding level of customisation available to customers – permissions, forms, reports, dashboards, branding etc.

Scaling

• Independence of resources: Load balancing and automatic scaling of backend services are used to ensure demand is met for each client.

Analytics

• Service usage metrics: Yes
• Metrics types: Metrics supplied are based on client requirements.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be exported directly from the website in a variety of formats.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • Word
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • PDF
  • Word
  • Excel

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99% System Availability
• Approach to resilience: Availability zones allow us to provide redundancy across 3 phisically separated loacations.
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Management access is limited based on client requirements using pre-defined roles based access.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We have a full Information Security Management System using ISO27001 Guidelines.
• Information security policies and processes: We have a full Information Security Management System using ISO27001 Guidelines.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our processes are aligned with ISO27001 and incorporate specific policies for change and release management.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: AWS Security Hub is used as a central point for internal vulnerability monitoring. This is composed of several additional services allowing for monitoring of Firewall, User and System configurations. In addition, AWS GuardDuty is utilised to monitor malicious activity and unauthorized behaviour.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: AWS GuardDuty is used to monitor malicious activity and unauthorized behaviour.
• Incident management type: Supplier-defined controls
• Incident management approach: Our incident management approach is aligned with ISO27001. Specific incident management policies are in place with named staff responsible for managing an incident. The policy is regularly reviewed.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £10,000.00 an instance a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jelwis@compliance365.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.