The Technology Forge

tf beacon Property Asset Management Software

A browser driven property asset management / facilities management (CAFM) system from TF. Core functions include compliance, maintenance, estates and condition. There are additional modules for valuations, capital accounting (IFRS), projects, asbestos, legionella, fire, DAA, grounds maintenance, utilities, risk assessments, DLO, BIM, CAD, GIS, suitability & sufficiency and more.


  • Property and asset managment
  • Facilities management (CAFM)
  • Statutory compliance
  • Estates management
  • Help Desk (reactive maintenance)
  • Surveying - condition, asbestos, fire, DAA, legionella
  • Mobile access from any device (Android, Apple, Windows)
  • Project management
  • Third party portal access - contractors, schools, surveyors etc
  • System integration to third party products through RESTful APIs


  • Manage property from any location
  • Rapid deployment, simple setup and completely scalable
  • Drive cost savings
  • Share real time information with internal staff and third parties
  • Cost effective and configurable system with customisable workflow
  • Access via PCs, laptops, tablets and smartphones
  • No software installation (browser based)
  • Mobile access from any device including offline access
  • Interfaces to third party systems to drive efficiencies
  • Powerful reporting and KPIs


£1008 per instance per year

  • Free trial available

Service documents


G-Cloud 11

Service ID

9 6 7 3 8 5 8 2 3 9 2 8 3 2 9


The Technology Forge

Tom Whittle

0113 288 2575

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints N/A
System requirements
  • Internet connection
  • Web browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times In line with the standard Help Desk SLA.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels All clients receive full support from our Help Desk at no extra cost. Support requests can be logged by phones, email or logged via our web portal. All calls are allocated a unique ID for tracking the issue through to completion. Each call is also assigned a priority in line with our standard SLAs. Support requests are categorised as Urgent, High, Medium or Low and responded to in line with urgency. In addition to unlimited Help Desk access, all clients can access highly experienced account managers, consultants and trainers.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started As part of the provision of tf beacon, we can supply services including project management, consultancy and training. These services can be delivered onsite or online, depending on user preference. User documentation is provided with all training and user guides can be downloaded from within the tf beacon system by users.
Service documentation No
End-of-contract data extraction At the end of the contract, the data would be retained by the client. Data is returned to the client within a set time period as defined in the Terms and Conditions. Users can extract their data at any time throughout the contract using data export routines.
End-of-contract process Tf beacon can be switched off at a time appropriate to the client and all data is retained by the client and not The Technology Forge. Data is returned to the client within a set time period as defined in the Terms and Conditions. There is no charge for the return of data or switching off the service at the end of the contract.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Tf beacon is available across desktop and mobile services. All that is required is a web browser and tf beacon's responsive design resizes the system the device screen.
Service interface Yes
Description of service interface There is API access available as described in the API section. This can be enabled by The Technology Forge as part of the contract so that the user has the necessary permissions and access tokens. The TF API supports all of the RESTful API using the four main methods - GET, PUT, POST and DELETE. There are no real limitations for users with the appropriate license and access permissions to use the relevant API.
Accessibility standards WCAG 2.1 AA or EN 301 549
Accessibility testing None.
What users can and can't do using the API API access can be enabled by The Technology Forge as part of the contract so that the user has the necessary permissions and access tokens. The TF API supports all of the RESTful API using the four main methods - GET, PUT, POST and DELETE. There are no real limitations for users with the appropriate license and access permissions to use the relevant API.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation There are various elements of the tf beacon system which are customisable including user defined fields, workflow functionality, the ability to change naming conventions and corporate branding options.


Independence of resources The platform is hosted on a shared storage infrastructure but dedicated servers. The hosted platform allows for more servers to be spun up on demand so we are able to ensure other users aren't impacting the service.


Service usage metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Users can export their data at any time during the contract, directly from the tf beacon system. There are extensive export options where data from different parts of the system can be exported to CSV or XLS format.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network Other
Other protection within supplier network We do not transmit data within our network.

Availability and resilience

Availability and resilience
Guaranteed availability We guarantee availability of 99.5% for the tf beacon service. All clients have the right to cancel based on non-performance. We do not have a standard agreement relating to refunding / service credits. However, with some of our clients we have entered into a service credit arrangement.
Approach to resilience Tf beacon is hosted within a virtualised failover clustered environment with separate web and SQL servers. This caters for hardware failure whereby the virtual server will transfer to another node in real time so there is no down time. The application is functional within a CSV (Cluster Shared Storage) so any file data is not lost in the event there would be a physical server failure. We use only UK data centres with one live centre with redundant power and external network connectivity.
Outage reporting We appreciate that system outage can have a significant impact on our customers and in the worst case scenario can prevent them from operating their normal business functions. Therefore, our software and infrastructure is designed to ensure that such outages do not occur. In the time that tf beacon has been in existence, there has never been a system outage. In the likely event of an outage, we would provide alert all clients by email. Where there are any planned outages, this would be done out of hours and we would notify users 2 weeks prior.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Management access is limited to user permissions.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 1 month and 6 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Alcumum ISOQAR
ISO/IEC 27001 accreditation date 08/03/2017
What the ISO/IEC 27001 doesn’t cover The scope of the certification relates to:

"The development and supply of property, facilities, estates and asset management software and associated services."

Anything outside of this scope would not be covered by our certification. However 100% of our business relates to the delivery of such software and services.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes The Technology Forge is ISO 27001 certified and we have robust policies and procedures which underpin this security management system. Policies include:

- Acceptable Use
- Backup
- Equipment Security
- Information Classification
- Network Management
- Physical Security
- Change Management
- Access Control
- Business Continuity
- Exchange of Information
- Development Security

We are required to follow these policies as part of the ISO 27001 certification. They are issued to all personnel and published on the company Intranet.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Any configuration / change management is processed via The Technology Forge Help Desk service. The Help Desk is available for logging any issues, raising enhancement requests or simply asking for advice. Users have unlimited access to the Help Desk as part of the ongoing contract. Any change requests are reviewed in the weekly operations meeting with representatives from each department to assess feasibility including demand and impact on security. If changes are approved, they feed directly into the development stream for the next release.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Any high priority or critical vulnerabilities will be patched as soon as a fix is available. Lower priority vulnerabilities will be patched at the next available maintenance window. Potential threats are identified via our regular penetration tests which produce a report identifying any vulnerabilities and the criticality of them.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach All systems are continually monitored by Rackspace, UKFast and The Technology Forge using Rackspace Monitoring Agent and Zabbix. These monitor everything from drive space to processor and network usage. Once a trigger is enabled, email is sent to the IT Manager who investigates the cause immediately.
Incident management type Supplier-defined controls
Incident management approach We have a detailed Security Incident Policy which we can supply upon request. There are predefined processes in place for common events and all incidents are flagged as either Critical, Significant or Minor. Users can report any incidents via the dedicated TF Help Desk service. Post resolution of an incident we conduct full reporting which is taken from the Help Desk system and summarises the incident, the impact, actions taken to resolve the incident and further actions being taken to mitigate the risk of future occurrence / impact.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £1008 per instance per year
Discount for educational organisations No
Free trial available Yes
Description of free trial We can supply potential clients with a free trial of tf beacon upon request. The included areas of the system would depend on the individual requirements of the user but we are able to make any modules available. The standard free trial period is 1 month.

Service documents

Return to top ↑