Planon Ltd

Planon: Market leading Real Estate and Facility Management software

Planon is a global provider of IWMS (Integrated Workplace Management System) or CAFM (Computer Aided Facilities Management) software. Our 700 employees develop, implement and support the 100% web based Planon application, that is hosed in the cloud through our partner; Amazon Web Services (AWS).


  • Best practice solutions for CAFM (IWMS), Service Providers and IFRS16
  • Fully web based, no installation required for users, intuitive UI
  • Highly configurable system easily managed by the customer without programming
  • OOTB solution -standard reports, dashboards, workflows based upon 2,500 implementations
  • Real-time dashboards, showing SLA, costs, performance and customer satisfaction
  • Maintenance, soft services, lease, room booking in one integrated solution
  • IFRS16 compliant system endorsed by leading global advisers
  • Full life-cycle services- implementation, support, account management
  • Mobile platforms for end users and for trades/contractors
  • Easy to maintain and monthly functional improvements


  • Be IFRS16 compliant
  • Recognised market leading IWMS/CAFM system for facilities management
  • Delivery of high-quality, real-time management information and dashboards
  • OOTB solution saves time, money, risk free, proven implementation
  • The solution provides a foundation for future growth without customisation
  • Manage Space, Real Estate, Soft Services, Maintenance in one database
  • Reduced maintenance backlog, increased trade efficiency through app
  • Secure, compliant Cloud service on market leading platform
  • Manage workplace risk through H&S and other statutory compliance


£2 to £118 per licence per month

Service documents


G-Cloud 11

Service ID

9 5 9 2 8 6 9 7 4 5 0 2 1 0 3


Planon Ltd

Robert Williams

01273 823557

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints None
System requirements
  • Requires internet browser and internet connectivity
  • Requires Planon software licences

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Standstill = 15 minutes
Urgent = 4 hours
Minor = 1 working day
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Standard Windows accessibility features can be used.
Web chat accessibility testing Standard Windows accessibility features can be used.
Onsite support Yes, at extra cost
Support levels Planon provide 1st, 2nd and 3rd line support.

Standard support = 08:00 - 17:00 - Monday - Friday - Included in software costs
24x7 support = 6% of SaaS software costs per year (£15,600 minimum)

Planon provide Account Management support and technical / cloud support via our support desk.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Planon will deploy an experience implementation team who will configure the system to match customer requirements. Planon help users start using our service through;

* Onsite training - Planon provide training for the buyers project team, System Administrator(s) and end user training, typically using a train-the-trainer approach.
* E-learning - Dedicated e-learning suite on all Planon core modules and System Administration tasks. Buyer specific e-learning can be provided if required.
* User documentation - This includes Module User Guides, Technical User Guides, System Administration User Guides and Business Process Descriptions (BPD’s)
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction All data within the system can be exported into CSV, HTML, PDF and Excel formats
End-of-contract process There is no cost for contract end. Planon will assist the customer in data extraction if required

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None
Service interface Yes
Description of service interface Planon have a service interface available for system users. The interface differs per role. At a high level there are 3 service interfaces:

- Back Office
- Self Service
- Mobile App
Accessibility standards None or don’t know
Description of accessibility Standard accessibility features can be used.
Accessibility testing Standard accessibility features can be used.
What users can and can't do using the API Planon is able to interface with any 3rd party system that supports API integration.
Planon's technical interfacing team will help all clients set up the service. All changes to the services can be completed by the customer or Planon as required.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Planon describe this as 'configuration' rather than 'customisation' as all changes can be made by the buyers System Administrator without the need for programming. The following can be configured in the system;
- Changing users permissions
- Adding / removing users
- Editing field terminology
- Editing field positions
- Determining mandatory and optional fields
- Adding / editing reports
- Changing workflows


Independence of resources The Planon cloud team monitors the performance of the cloud and its infrastructure on a 24/7 basis. Each Planon environment is installed with its own unique container.


Service usage metrics Yes
Metrics types Up time (99.5% contracted availability) and performance against support ticket SLA's
Reporting types
  • Real-time dashboards
  • Regular reports


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
Other data at rest protection approach Data at rest is protected using disk encryption based on the AWS KMS service (FIPS 140-2 compliant).
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Planon's report writer allows users to select the fields required in the export. Once selected the user is able to export in CSV, HTML, PDF and MS Excel formats.
Data export formats
  • CSV
  • Other
Other data export formats
  • HTML
  • PDF
  • MS Excel
Data import formats
  • CSV
  • Other
Other data import formats XML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability 99.5% availability
Approach to resilience The data centre for UK clients is located in London

AWS’ data centers are state of the art, utilising innovative architectural and engineering approaches. Examples include:
o Automatic fire detection and suppression equipment
o Uninterruptible Power Supply (UPS) units
o Climate control
o Monitoring of electrical, mechanical, and life support systems
o Storage Device Decommissioning

All customer files and databases are stored on encrypted (AES-256) disks.

Planon’s Cloud solution has 99.5% contracted availability with ISO27001:2013 and SOC2 type II certifications.

Vulnerability scanning is performed every month.
Penetration test is performed annually.

Planon is audited annually by an independent external auditor for its cloud and development services.

All communication to the Cloud applications are encrypted using the HTTPS protocol.

An AWS region has a minimum of 2 datacentres.
Backups however are replicated between datacentres within the region. In a worst case scenario, the Planon application might not be available, but the backups can be used to set up the system again within the agreed time frame.
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels Planon supports role based access and controls access to information for each user down to field level. Planon's customers will be trained on how to restrict the interfaces as part of the implementation process.
Access restriction testing frequency At least once a year
Management access authentication Public key authentication (including by TLS client certificate)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Noordbeek IT Audit
ISO/IEC 27001 accreditation date 01/11/2017
What the ISO/IEC 27001 doesn’t cover None
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications SOC2 type 2

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Planon Cloud delivers a scalable cloud application with high availability providing tools that enables customers to control their environments without the need of a Planon (technical) consultant, speeding up any process the customer might need. Helping to protect the confidentiality, integrity and availability of our customers environments and data is of the utmost importance to Planon, as is maintaining customer trust and confidence.

Planon Cloud is audited and certified using the ISO27001 framework. Also a SOC2 type 2 report is available.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Planon runs regular vulnerability scans on the hosting environment and acts on the outcome. This is typically on a monthly basis.

We follow the OWASP guidelines including security testing on our product for the OWASP Top 10 vulnerabilities and applying the associated Java coding guidelines for secure applications. In our development process we use static code analysis tools like PMD and FindBugs to increase the quality and security of our code. On the deployment side, we offer server hardening for the JBoss/Wildfly and Tomcat servers, based on best practices and published standards for securing these servers.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Security issues are treated according to their risk for the Planon application and/or the data containing it. Critical security vulnerabilities are addressed with a hotfix on our supported releases, where all other security issues are fixed in the next monthly Service Packs. Vulnerabilities can be reported by our vulnerability scan, penetration tests or by customers.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Planon runs regular vulnerability scans on the hosting environment and acts on the outcome.

Planon Cloud has setup multiple processes (like incident and change process) to maximize the confidentiality, availability and integrity of the cloud environments. The capacity of the systems are monitored using an application monitoring system. Planon Cloud has multiple infrastructure environments which are used for developing, testing and accepting new cloud features before these will be available to customers.

Planon Cloud has setup anti-virus / anti-malware software, safe storage of logs including all system administration activities and VPCFlowLogs (network traffic monitoring)
Incident management type Supplier-defined controls
Incident management approach The Support Desk can be contacted in 4 ways:

1. By phone
2. By email
3. Customer portal
4. Live chat

All calls are logged into a central Planon database and issued with a unique reference code. The Support Desk provides first line support. If escalation is necessary, calls are escalated to a team of second line support who in turn can access the software development team to assist with the most complex requests. The second line team and development team consist of over 140 expert staff.

Incident progress and reports are made available on the Planon Customer Portal

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £2 to £118 per licence per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial 14 day free trail of the Planon's Apps
Link to free trial

Service documents

Return to top ↑