The ELIAS SaaS technology provides customers with innovative asset management solutions from tablet-based data collection to configurable life cycle planning portals, risk analysis and BI reporting, all directly configurable with the customer Business Systems.


  • Configurable life cycle planning portal
  • Building Condition surveys
  • M & E surveys
  • Manage capital expenditure
  • Manage maintenance costs
  • Risk & complience analysis
  • BI reporting
  • Utilises a native web-based operating system.
  • Based extensively on Amazon Web Services
  • Real time


  • Clear visibility of their estate
  • Precise and accurate decision making.
  • Makes large volumes of data usable
  • Runs on any handheld device
  • Support direct integration in either direction
  • Direct data access and feedback
  • Fast, flexible, secure & economical solution
  • Supports a number of authentication and/or authorisation methods


£10000 per unit per year

Service documents


G-Cloud 11

Service ID

9 2 5 5 4 9 1 3 0 6 3 3 6 6 4



Graeme Ponton


Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
CAFM systems
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
System requirements
  • Modern operating system
  • Modern web browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
SLA to be agreed
User can manage status and priority of support tickets
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Onsite support
Support levels
SLAs are tailored to the needs of the individual project and can be discussed at the relevant point.
Support available to third parties

Onboarding and offboarding

Getting started
We provide documentation & training onsite.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
It's possible to extract data from the system, during, or at the end of the contract, using tools within the system.
End-of-contract process
At the end of the contract the client is free to take their data elsewhere. Additional integration or consultancy can be provided at additional cost.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Our applications are designed "mobile first", however certain data intensive features are not appropriate to a phone sized device.
Service interface
What users can and can't do using the API
Core asset management features are made available through the API, including the creation of floors, spaces & assets.
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment
Customisation available
Description of customisation
The shape of the data we manage, the way it's collected & the analysis tools provided are tailored to the needs of each client.


Independence of resources
We utilise AWS serverless/PaaS services to host the platform, including services such as Lambda which executes each individual request with its own resource allocation. This isolation ensures users do not impact each other.


Service usage metrics
Metrics types
Active users
Assets collected
Reporting types
  • Real-time dashboards
  • Regular reports


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users can export data from within the system, and this is frequently used to load data into a CAFM system, or to allow additional analysis to be applied to the data.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Our use of AWS hosting provides a very strong availability SLA - AWS will use commercially reasonable efforts to make the Included Services each available for each AWS region with a Monthly Uptime Percentage of at least 99.99%
Approach to resilience
Our use of AWS serverless components, and good solution architecture, allows us to benefit from AWS significant investment in resilience. Our solution is resilient across availability zones in the UK data centre (eu-west-2) and can be further configured for additional geographic redundancy, at additional cost.
Outage reporting
Availability and outages are monitored & reported on a monthly basis by email.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
User authorisation is managed via role based permissions. Access to management interfaces and support channels can be controlled via this.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
CSA STAR accreditation date
May 2017
CSA STAR certification level
Level 2: CSA STAR Attestation
What the CSA STAR doesn’t cover
Our underlying infrastructure is certified to level 2 (potentially level 5), and our application code is verified to level 1
PCI certification
Other security certifications
Any other security certifications
Cyber essentials plus

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
Other security governance standards
We are currently attaining cyber essentials plus and are working towards ISO 27001
Information security policies and processes
All our data processing processes and records are provided and audited by our Data Protection Officer (which is an external company). We have monthly meetings during which our progress is discussed and any resolutions for any shortfalls are agreed.

All data processing locations are defined within the Data Protection policy and Data Asset Register

Audit documentation is available to our external clients on request.
We also hold Cyber Essentials Plus accreditation which is also audited by an independent body.

Staff training is provided every 6-months with new staff receiving online training during their probation period.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All infrastructure and configuration is managed as a code asset via tools such as Terraform & AWS Cloud Formation. This code is managed via a GIT repository.

A git-flow model is used, where new changes are created on a feature branch and tested in a development environment before being peer reviewed & merged, and then deployed into test & subsequently production environments.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We regularly scan & test our systems, including as part of the annual cyber essentials plus certification.

We monitor threat reports on a regular basis to assess their applicability.

The services that store or transmit personal or confidential data are based on AWS managed services, which remove the need to worry about hardware provisioning, setup and configuration, throughput capacity planning, replication, software patching, or cluster scaling.

This removes REAMS administrative overhead of managing these details and assures us and our customers of always being in line with current best practice.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
We utilise AWS GuardDuty, which uses a multitude of public and AWS-generated data feeds and machine learning, to identify trends, patterns, and anomalies that are recognisable signs of an issue.

Where an issue is identified, our operations team pick it up and it runs through a process of verification & remediation.
Incident management type
Supplier-defined controls
Incident management approach
We use an ITIL based incident report process, running through identification, logging, categorization, prioritization & then response.

Users of the system can report incidents, and will receive incident reports via email.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£10000 per unit per year
Discount for educational organisations
Free trial available

Service documents

Return to top ↑