REAMS (GB) LIMITED

ELIAS

The ELIAS SaaS technology provides customers with innovative asset management solutions from tablet-based data collection to configurable life cycle planning portals, risk analysis and BI reporting, all directly configurable with the customer Business Systems.

Features

  • Configurable life cycle planning portal
  • Building Condition surveys
  • M & E surveys
  • Manage capital expenditure
  • Manage maintenance costs
  • Risk & complience analysis
  • BI reporting
  • Utilises a native web-based operating system.
  • Based extensively on Amazon Web Services
  • Real time

Benefits

  • Clear visibility of their estate
  • Precise and accurate decision making.
  • Makes large volumes of data usable
  • Runs on any handheld device
  • Support direct integration in either direction
  • Direct data access and feedback
  • Fast, flexible, secure & economical solution
  • Supports a number of authentication and/or authorisation methods

Pricing

£10000 per unit per year

Service documents

Framework

G-Cloud 11

Service ID

9 2 5 5 4 9 1 3 0 6 3 3 6 6 4

Contact

REAMS (GB) LIMITED

Graeme Ponton

07776006605

public-contracts@realestateams.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
CAFM systems
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
No
System requirements
  • Modern operating system
  • Modern web browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
SLA to be agreed
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Onsite support
Support levels
SLAs are tailored to the needs of the individual project and can be discussed at the relevant point.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide documentation & training onsite.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
It's possible to extract data from the system, during, or at the end of the contract, using tools within the system.
End-of-contract process
At the end of the contract the client is free to take their data elsewhere. Additional integration or consultancy can be provided at additional cost.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Our applications are designed "mobile first", however certain data intensive features are not appropriate to a phone sized device.
Service interface
No
API
Yes
What users can and can't do using the API
Core asset management features are made available through the API, including the creation of floors, spaces & assets.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The shape of the data we manage, the way it's collected & the analysis tools provided are tailored to the needs of each client.

Scaling

Independence of resources
We utilise AWS serverless/PaaS services to host the platform, including services such as Lambda which executes each individual request with its own resource allocation. This isolation ensures users do not impact each other.

Analytics

Service usage metrics
Yes
Metrics types
Active users
Assets collected
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users can export data from within the system, and this is frequently used to load data into a CAFM system, or to allow additional analysis to be applied to the data.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Our use of AWS hosting provides a very strong availability SLA - AWS will use commercially reasonable efforts to make the Included Services each available for each AWS region with a Monthly Uptime Percentage of at least 99.99%
Approach to resilience
Our use of AWS serverless components, and good solution architecture, allows us to benefit from AWS significant investment in resilience. Our solution is resilient across availability zones in the UK data centre (eu-west-2) and can be further configured for additional geographic redundancy, at additional cost.
Outage reporting
Availability and outages are monitored & reported on a monthly basis by email.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
User authorisation is managed via role based permissions. Access to management interfaces and support channels can be controlled via this.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
May 2017
CSA STAR certification level
Level 2: CSA STAR Attestation
What the CSA STAR doesn’t cover
Our underlying infrastructure is certified to level 2 (potentially level 5), and our application code is verified to level 1
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber essentials plus

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
We are currently attaining cyber essentials plus and are working towards ISO 27001
Information security policies and processes
All our data processing processes and records are provided and audited by our Data Protection Officer (which is an external company). We have monthly meetings during which our progress is discussed and any resolutions for any shortfalls are agreed.

All data processing locations are defined within the Data Protection policy and Data Asset Register

Audit documentation is available to our external clients on request.
We also hold Cyber Essentials Plus accreditation which is also audited by an independent body.

Staff training is provided every 6-months with new staff receiving online training during their probation period.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All infrastructure and configuration is managed as a code asset via tools such as Terraform & AWS Cloud Formation. This code is managed via a GIT repository.

A git-flow model is used, where new changes are created on a feature branch and tested in a development environment before being peer reviewed & merged, and then deployed into test & subsequently production environments.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We regularly scan & test our systems, including as part of the annual cyber essentials plus certification.

We monitor threat reports on a regular basis to assess their applicability.

The services that store or transmit personal or confidential data are based on AWS managed services, which remove the need to worry about hardware provisioning, setup and configuration, throughput capacity planning, replication, software patching, or cluster scaling.

This removes REAMS administrative overhead of managing these details and assures us and our customers of always being in line with current best practice.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
We utilise AWS GuardDuty, which uses a multitude of public and AWS-generated data feeds and machine learning, to identify trends, patterns, and anomalies that are recognisable signs of an issue.

Where an issue is identified, our operations team pick it up and it runs through a process of verification & remediation.
Incident management type
Supplier-defined controls
Incident management approach
We use an ITIL based incident report process, running through identification, logging, categorization, prioritization & then response.

Users of the system can report incidents, and will receive incident reports via email.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£10000 per unit per year
Discount for educational organisations
No
Free trial available
No

Service documents

Return to top ↑