Planon: Market leading Real Estate and Facility Management software
Planon is a global provider of IWMS (Integrated Workplace Management System) or CAFM (Computer Aided Facilities Management) software. Our 700 employees develop, implement and support the 100% web based Planon application, that is hosed in the cloud through our partner; Amazon Web Services (AWS).
- Best practice solutions for CAFM (IWMS), Service Providers and IFRS16
- Fully web based, no installation required for users, intuitive UI
- Highly configurable system easily managed by the customer without programming
- OOTB solution -standard reports, dashboards, workflows based upon 2,500 implementations
- Real-time dashboards, showing SLA, costs, performance and customer satisfaction
- Maintenance, soft services, lease, room booking in one integrated solution
- IFRS16 compliant system endorsed by leading global advisers
- Full life-cycle services- implementation, support, account management
- Mobile platforms for end users and for trades/contractors
- Easy to maintain and monthly functional improvements
- Be IFRS16 compliant
- Recognised market leading IWMS/CAFM system for facilities management
- Delivery of high-quality, real-time management information and dashboards
- OOTB solution saves time, money, risk free, proven implementation
- The solution provides a foundation for future growth without customisation
- Manage Space, Real Estate, Soft Services, Maintenance in one database
- Reduced maintenance backlog, increased trade efficiency through app
- Secure, compliant Cloud service on market leading platform
- Manage workplace risk through H&S and other statutory compliance
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Standstill = 15 minutes
Urgent = 4 hours
Minor = 1 working day
|User can manage status and priority of support tickets||No|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||Web chat|
|Web chat support availability||24 hours, 7 days a week|
|Web chat support accessibility standard||None or don’t know|
|How the web chat support is accessible||Standard Windows accessibility features can be used.|
|Web chat accessibility testing||Standard Windows accessibility features can be used.|
|Onsite support||Yes, at extra cost|
Planon provide 1st, 2nd and 3rd line support.
Standard support = 08:00 - 17:00 - Monday - Friday - Included in software costs
24x7 support = 6% of SaaS software costs per year (£15,600 minimum)
Planon provide Account Management support and technical / cloud support via our support desk.
|Support available to third parties||No|
Onboarding and offboarding
Planon will deploy an experience implementation team who will configure the system to match customer requirements. Planon help users start using our service through;
* Onsite training - Planon provide training for the buyers project team, System Administrator(s) and end user training, typically using a train-the-trainer approach.
* E-learning - Dedicated e-learning suite on all Planon core modules and System Administration tasks. Buyer specific e-learning can be provided if required.
* User documentation - This includes Module User Guides, Technical User Guides, System Administration User Guides and Business Process Descriptions (BPD’s)
|End-of-contract data extraction||All data within the system can be exported into CSV, HTML, PDF and Excel formats|
|End-of-contract process||There is no cost for contract end. Planon will assist the customer in data extraction if required|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||None|
|Description of service interface||
Planon have a service interface available for system users. The interface differs per role. At a high level there are 3 service interfaces:
- Back Office
- Self Service
- Mobile App
|Accessibility standards||None or don’t know|
|Description of accessibility||Standard accessibility features can be used.|
|Accessibility testing||Standard accessibility features can be used.|
|What users can and can't do using the API||
Planon is able to interface with any 3rd party system that supports API integration.
Planon's technical interfacing team will help all clients set up the service. All changes to the services can be completed by the customer or Planon as required.
|API documentation formats|
|API sandbox or test environment||Yes|
|Description of customisation||
Planon describe this as 'configuration' rather than 'customisation' as all changes can be made by the buyers System Administrator without the need for programming. The following can be configured in the system;
- Changing users permissions
- Adding / removing users
- Editing field terminology
- Editing field positions
- Determining mandatory and optional fields
- Adding / editing reports
- Changing workflows
|Independence of resources||The Planon cloud team monitors the performance of the cloud and its infrastructure on a 24/7 basis. Each Planon environment is installed with its own unique container.|
|Service usage metrics||Yes|
|Metrics types||Up time (99.5% contracted availability) and performance against support ticket SLA's|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Other data at rest protection approach||Data at rest is protected using disk encryption based on the AWS KMS service (FIPS 140-2 compliant).|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||Planon's report writer allows users to select the fields required in the export. Once selected the user is able to export in CSV, HTML, PDF and MS Excel formats.|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||XML|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||
Availability and resilience
|Guaranteed availability||99.5% availability|
|Approach to resilience||
The data centre for UK clients is located in London
AWS’ data centers are state of the art, utilising innovative architectural and engineering approaches. Examples include:
o Automatic fire detection and suppression equipment
o Uninterruptible Power Supply (UPS) units
o Climate control
o Monitoring of electrical, mechanical, and life support systems
o Storage Device Decommissioning
All customer files and databases are stored on encrypted (AES-256) disks.
Planon’s Cloud solution has 99.5% contracted availability with ISO27001:2013 and SOC2 type II certifications.
Vulnerability scanning is performed every month.
Penetration test is performed annually.
Planon is audited annually by an independent external auditor for its cloud and development services.
All communication to the Cloud applications are encrypted using the HTTPS protocol.
An AWS region has a minimum of 2 datacentres.
Backups however are replicated between datacentres within the region. In a worst case scenario, the Planon application might not be available, but the backups can be used to set up the system again within the agreed time frame.
|Outage reporting||Email alerts|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||Planon supports role based access and controls access to information for each user down to field level. Planon's customers will be trained on how to restrict the interfaces as part of the implementation process.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||Public key authentication (including by TLS client certificate)|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Noordbeek IT Audit|
|ISO/IEC 27001 accreditation date||01/11/2017|
|What the ISO/IEC 27001 doesn’t cover||None|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||SOC2 type 2|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
Planon Cloud delivers a scalable cloud application with high availability providing tools that enables customers to control their environments without the need of a Planon (technical) consultant, speeding up any process the customer might need. Helping to protect the confidentiality, integrity and availability of our customers environments and data is of the utmost importance to Planon, as is maintaining customer trust and confidence.
Planon Cloud is audited and certified using the ISO27001 framework. Also a SOC2 type 2 report is available.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Planon runs regular vulnerability scans on the hosting environment and acts on the outcome. This is typically on a monthly basis.
We follow the OWASP guidelines including security testing on our product for the OWASP Top 10 vulnerabilities and applying the associated Java coding guidelines for secure applications. In our development process we use static code analysis tools like PMD and FindBugs to increase the quality and security of our code. On the deployment side, we offer server hardening for the JBoss/Wildfly and Tomcat servers, based on best practices and published standards for securing these servers.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||Security issues are treated according to their risk for the Planon application and/or the data containing it. Critical security vulnerabilities are addressed with a hotfix on our supported releases, where all other security issues are fixed in the next monthly Service Packs. Vulnerabilities can be reported by our vulnerability scan, penetration tests or by customers.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Planon runs regular vulnerability scans on the hosting environment and acts on the outcome.
Planon Cloud has setup multiple processes (like incident and change process) to maximize the confidentiality, availability and integrity of the cloud environments. The capacity of the systems are monitored using an application monitoring system. Planon Cloud has multiple infrastructure environments which are used for developing, testing and accepting new cloud features before these will be available to customers.
Planon Cloud has setup anti-virus / anti-malware software, safe storage of logs including all system administration activities and VPCFlowLogs (network traffic monitoring)
|Incident management type||Supplier-defined controls|
|Incident management approach||
The Support Desk can be contacted in 4 ways:
1. By phone
2. By email
3. Customer portal
4. Live chat
All calls are logged into a central Planon database and issued with a unique reference code. The Support Desk provides first line support. If escalation is necessary, calls are escalated to a team of second line support who in turn can access the software development team to assist with the most complex requests. The second line team and development team consist of over 140 expert staff.
Incident progress and reports are made available on the Planon Customer Portal
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£2 to £118 per licence per month|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||14 day free trail of the Planon's Apps|
|Link to free trial||https://planonsoftware.com/uk/register/request-planon-apps-demo/|