Planon Ltd

Planon: Market leading Real Estate and Facility Management software

Planon is a global provider of IWMS (Integrated Workplace Management System) or CAFM (Computer Aided Facilities Management) software. Our 700 employees develop, implement and support the 100% web based Planon application, that is hosed in the cloud through our partner; Amazon Web Services (AWS).

Features

  • Best practice solutions for CAFM (IWMS), Service Providers and IFRS16
  • Fully web based, no installation required for users, intuitive UI
  • Highly configurable system easily managed by the customer without programming
  • OOTB solution -standard reports, dashboards, workflows based upon 2,500 implementations
  • Real-time dashboards, showing SLA, costs, performance and customer satisfaction
  • Maintenance, soft services, lease, room booking in one integrated solution
  • IFRS16 compliant system endorsed by leading global advisers
  • Full life-cycle services- implementation, support, account management
  • Mobile platforms for end users and for trades/contractors
  • Easy to maintain and monthly functional improvements

Benefits

  • Be IFRS16 compliant
  • Recognised market leading IWMS/CAFM system for facilities management
  • Delivery of high-quality, real-time management information and dashboards
  • OOTB solution saves time, money, risk free, proven implementation
  • The solution provides a foundation for future growth without customisation
  • Manage Space, Real Estate, Soft Services, Maintenance in one database
  • Reduced maintenance backlog, increased trade efficiency through app
  • Secure, compliant Cloud service on market leading platform
  • Manage workplace risk through H&S and other statutory compliance

Pricing

£2 to £118 per licence per month

Service documents

Framework

G-Cloud 11

Service ID

9 5 9 2 8 6 9 7 4 5 0 2 1 0 3

Contact

Planon Ltd

Robert Williams

01273 823557

Robert.williams@planonsoftware.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
None
System requirements
  • Requires internet browser and internet connectivity
  • Requires Planon software licences

User support

Email or online ticketing support
Email or online ticketing
Support response times
Standstill = 15 minutes
Urgent = 4 hours
Minor = 1 working day
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Standard Windows accessibility features can be used.
Web chat accessibility testing
Standard Windows accessibility features can be used.
Onsite support
Yes, at extra cost
Support levels
Planon provide 1st, 2nd and 3rd line support.

Standard support = 08:00 - 17:00 - Monday - Friday - Included in software costs
24x7 support = 6% of SaaS software costs per year (£15,600 minimum)

Planon provide Account Management support and technical / cloud support via our support desk.
Support available to third parties
No

Onboarding and offboarding

Getting started
Planon will deploy an experience implementation team who will configure the system to match customer requirements. Planon help users start using our service through;

* Onsite training - Planon provide training for the buyers project team, System Administrator(s) and end user training, typically using a train-the-trainer approach.
* E-learning - Dedicated e-learning suite on all Planon core modules and System Administration tasks. Buyer specific e-learning can be provided if required.
* User documentation - This includes Module User Guides, Technical User Guides, System Administration User Guides and Business Process Descriptions (BPD’s)
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
All data within the system can be exported into CSV, HTML, PDF and Excel formats
End-of-contract process
There is no cost for contract end. Planon will assist the customer in data extraction if required

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
None
Service interface
Yes
Description of service interface
Planon have a service interface available for system users. The interface differs per role. At a high level there are 3 service interfaces:

- Back Office
- Self Service
- Mobile App
Accessibility standards
None or don’t know
Description of accessibility
Standard accessibility features can be used.
Accessibility testing
Standard accessibility features can be used.
API
Yes
What users can and can't do using the API
Planon is able to interface with any 3rd party system that supports API integration.
Planon's technical interfacing team will help all clients set up the service. All changes to the services can be completed by the customer or Planon as required.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Planon describe this as 'configuration' rather than 'customisation' as all changes can be made by the buyers System Administrator without the need for programming. The following can be configured in the system;
- Changing users permissions
- Adding / removing users
- Editing field terminology
- Editing field positions
- Determining mandatory and optional fields
- Adding / editing reports
- Changing workflows

Scaling

Independence of resources
The Planon cloud team monitors the performance of the cloud and its infrastructure on a 24/7 basis. Each Planon environment is installed with its own unique container.

Analytics

Service usage metrics
Yes
Metrics types
Up time (99.5% contracted availability) and performance against support ticket SLA's
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
Other data at rest protection approach
Data at rest is protected using disk encryption based on the AWS KMS service (FIPS 140-2 compliant).
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Planon's report writer allows users to select the fields required in the export. Once selected the user is able to export in CSV, HTML, PDF and MS Excel formats.
Data export formats
  • CSV
  • Other
Other data export formats
  • HTML
  • PDF
  • MS Excel
Data import formats
  • CSV
  • Other
Other data import formats
XML

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
99.5% availability
Approach to resilience
The data centre for UK clients is located in London

AWS’ data centers are state of the art, utilising innovative architectural and engineering approaches. Examples include:
o Automatic fire detection and suppression equipment
o Uninterruptible Power Supply (UPS) units
o Climate control
o Monitoring of electrical, mechanical, and life support systems
o Storage Device Decommissioning

https://d1.awsstatic.com/whitepapers/Security/Intro_Security_Practices.pdf

All customer files and databases are stored on encrypted (AES-256) disks.

Planon’s Cloud solution has 99.5% contracted availability with ISO27001:2013 and SOC2 type II certifications.

Vulnerability scanning is performed every month.
Penetration test is performed annually.

Planon is audited annually by an independent external auditor for its cloud and development services.

All communication to the Cloud applications are encrypted using the HTTPS protocol.

An AWS region has a minimum of 2 datacentres.
Backups however are replicated between datacentres within the region. In a worst case scenario, the Planon application might not be available, but the backups can be used to set up the system again within the agreed time frame.
Outage reporting
Email alerts

Identity and authentication

User authentication needed
Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
Planon supports role based access and controls access to information for each user down to field level. Planon's customers will be trained on how to restrict the interfaces as part of the implementation process.
Access restriction testing frequency
At least once a year
Management access authentication
Public key authentication (including by TLS client certificate)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Noordbeek IT Audit
ISO/IEC 27001 accreditation date
01/11/2017
What the ISO/IEC 27001 doesn’t cover
None
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
SOC2 type 2

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Planon Cloud delivers a scalable cloud application with high availability providing tools that enables customers to control their environments without the need of a Planon (technical) consultant, speeding up any process the customer might need. Helping to protect the confidentiality, integrity and availability of our customers environments and data is of the utmost importance to Planon, as is maintaining customer trust and confidence.

Planon Cloud is audited and certified using the ISO27001 framework. Also a SOC2 type 2 report is available.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Planon runs regular vulnerability scans on the hosting environment and acts on the outcome. This is typically on a monthly basis.

We follow the OWASP guidelines including security testing on our product for the OWASP Top 10 vulnerabilities and applying the associated Java coding guidelines for secure applications. In our development process we use static code analysis tools like PMD and FindBugs to increase the quality and security of our code. On the deployment side, we offer server hardening for the JBoss/Wildfly and Tomcat servers, based on best practices and published standards for securing these servers.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Security issues are treated according to their risk for the Planon application and/or the data containing it. Critical security vulnerabilities are addressed with a hotfix on our supported releases, where all other security issues are fixed in the next monthly Service Packs. Vulnerabilities can be reported by our vulnerability scan, penetration tests or by customers.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Planon runs regular vulnerability scans on the hosting environment and acts on the outcome.

Planon Cloud has setup multiple processes (like incident and change process) to maximize the confidentiality, availability and integrity of the cloud environments. The capacity of the systems are monitored using an application monitoring system. Planon Cloud has multiple infrastructure environments which are used for developing, testing and accepting new cloud features before these will be available to customers.

Planon Cloud has setup anti-virus / anti-malware software, safe storage of logs including all system administration activities and VPCFlowLogs (network traffic monitoring)
Incident management type
Supplier-defined controls
Incident management approach
The Support Desk can be contacted in 4 ways:

1. By phone
2. By email
3. Customer portal
4. Live chat

All calls are logged into a central Planon database and issued with a unique reference code. The Support Desk provides first line support. If escalation is necessary, calls are escalated to a team of second line support who in turn can access the software development team to assist with the most complex requests. The second line team and development team consist of over 140 expert staff.

Incident progress and reports are made available on the Planon Customer Portal

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£2 to £118 per licence per month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
14 day free trail of the Planon's Apps
Link to free trial
https://planonsoftware.com/uk/register/request-planon-apps-demo/

Service documents

Return to top ↑