Glider Technology Ltd

gliderbim

gliderbim is a secure, data-driven, Asset Information Model Common Data Environment (AIM CDE) and Project Information Model Common Data Environment (PIM CDE) providing document and information management capabilities using openBIM standards (COBie and IFC) integrating via API with CAFM and BMS systems for full asset lifecycle management and digital twins.

Features

  • Common Data Environment (CDE) to comply with ISO 19650 standards
  • Operation and Maintenance and COBie Asset Information Management
  • Asset Information Lifecycle Management & BIM platform for Facilities Management
  • Digital Plan of Work for Asset Information verification and validation
  • Automatic verification of asset data within BIM models
  • Import, enrich and export fully compliant COBie data
  • Real-time reporting of the asset data collation/O&M process
  • Integration API for Intelligent Building platforms (iBMS) and IoT devices
  • Integration API for EDMS, CAFM, BMS, CWMS, Room Booking
  • Online 3D model viewer with IFC support

Benefits

  • Automatically connect BIM models with asset/O&M data
  • Manage BIM deliverables from the supply chain
  • Version control and full audit trail for all models/data
  • Single source of truth for asset data and O&M information
  • No expensive CAD software required to view BIM models online
  • Automate manual workflows for data collation and verification
  • Integrate BIM with FM and building management systems
  • 24x7 rapid access to models, asset data and O&M information
  • Respond quickly to FM and O&M issues
  • Easily update and maintain models and asset data

Pricing

£12.50 to £25.00 a user a month

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@glidertech.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

9 7 7 6 5 1 5 3 4 8 9 6 3 7 0

Contact

Glider Technology Ltd Nick Hutchinson
Telephone: +44 203 8268 001
Email: info@glidertech.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
None
System requirements
Modern web browsers which support WebGL

User support

Email or online ticketing support
Email or online ticketing
Support response times
Please see Section 7 of our Service Definition.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
The GliderBIM license fees includes telephone and helpdesk support for the number of user licenses included in the order.

Each GliderBIM order is assigned a GliderBIM Account Manager.

All Users have access to the support team via the telephone and email helpdesk facility.

The GliderBIM support telephone and email help desk is accessible Monday to Friday inclusive from 8:30am to 5:30pm GMT excluding UK bank holidays.

The GliderBIM support team will assign one of the priorities below to each support request:

• Priority 1: a business-critical feature of the Software Service is unavailable to all users, and consequently users are unable to continue with their normal course of business.
• Priority 2: an important feature of the Software Service is unavailable to all users, which is a significant inconvenience, however does not prevent users from continuing with their normal course of business.
• Priority 3: a feature of the Software Service is unavailable to one or more users.
• Priority 4: a feature of the Software Service is either unavailable or not performing as it
should, but is causing minimal business impact.

Support requests shall be escalated should the customer not agree with the prioritisation of the request.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide onsite training, online training, and user documentation to suit the Buyer's requirements.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
GliderBIM provides automated export functionality for the following:
- BIM Models in IFC format,
- Asset registers in Excel, CSV, IFC formats,
- Documents in their native file format,
- COBie data in compliant Excel format.

Glider Technology can also provide digital archives on external hard drives to be shipped directly to the Buyer on request.
End-of-contract process
Upon termination of the Software-as-a-Service subscription, the following option is available for archiving of data (subject to contract):

• All model files, documents and schedules of asset data can be exported from GliderBIM and provided to the Customer via an external hard drive compatible with Windows or OSX operating systems. The hard drive can be encrypted as an option.

Without specific archiving instructions, customer data will be retained for a period of twelve calendar months after the subscription termination date before being destroyed.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
No differences in functionality.
The User Interface is responsively designed to suit the browser's screen resolution.
Service interface
Yes
Description of service interface
The service is entirely web browser-based and has many user interfaces to access, store, process, track and download information.
Accessibility standards
None or don’t know
Description of accessibility
The service is accessed via a web browser so therefore any common screen reading software can be used. The only exception is the 3D model viewer but there is no technical way to describe what can be seen.
Accessibility testing
No testing carried out to date. We plan to do so in 2019.
API
Yes
What users can and can't do using the API
The API is not available by default to Users.

The API can be made available to the Buyer for specific purposes to be agreed with the Supplier in writing. These purposes are usually regarding an integration with third party software.
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
GliderBIM is customised by the Buyer to meet the requirements of each individual project. Specifically, the Buyer can customise the following:
- the Digital Plan of Work module to suit the asset data requirements of the project,
- the Asset Register data schema verification rules
- Verifications rules for model/data imports
- Export formats for models and schedules of data
- O&M Manual templates
- Room Data Sheets
- Commissioning Test Sheets

Scaling

Independence of resources
Each project gets several distinct databases. This ensures that if a write lock escalates to a full-table lock, it does not affect other projects.

We have automatic monitoring systems that look at system load and trigger new servers to be launched, in the event that a processing queue becomes backed up for example.

Analytics

Service usage metrics
Yes
Metrics types
- Server uptime performance
- Storage metrics
- User sessions including page visits
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Users can export via the following means:
- export the asset register to Excel/CSV,
- export the asset register to COBie compliant Excel document,
- export IFC/IFC.zip models with or without asset data pushed into the model.
- export all documents in their native format.
Data export formats
  • CSV
  • Other
Other data export formats
  • IFC (Industry Foundation Class)
  • IFCZIP
  • Microsoft Excel (.xlsx)
  • COBie
Data import formats
  • CSV
  • Other
Other data import formats
  • IFC
  • IFCZIP
  • Microsoft Excel (.xlsx)
  • COBie (Excel)

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
If required we can set up a peering relationship via AWS Direct Connect or a hardware VPN.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We offer a 99.95% service level agreement, but we do not offer a saving to customers.
Approach to resilience
All our servers are managed by Amazon; they will be automatically relaunched if the hardware fails. We monitor system load and automatically launch new servers as required to deal with it.

When files are uploaded to our system, they are automatically replicated off-site in Frankfurt within a second or two. This hot replica is available in the event of a regional outage.

Our database server is also replicated off-site in real-time. It has a transactional backup every 5 minutes and has a full backup every 24 hours.

We can fail-over to the off-site Frankfurt datacenter within about 30 minutes in the event of an AWS regional outage. It is also worth noting that our application is stored in the Ireland region which has never experienced a total outage.
Outage reporting
We have a status dashboard for GliderBIM users. Users can sign up and receive e-mail alerts in the event of the system experiencing an outage or degraded performance.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
A user cannot access a project without being a member of it; they must temporarily add themselves. This is an administrative function that is audited so we can know which of our staff had access to which projects at which time. Any changes that user made to the project would also be audited.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
The British Assessment Bureau
ISO/IEC 27001 accreditation date
27/04/2020
What the ISO/IEC 27001 doesn’t cover
Not applicable
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Our Information Security Management System contains detailed security policies and processes, which we will summarise here.

1. All staff computer hard drives must be encrypted
2. All communications over the public internet must be encrypted with a valid SSL certificate
3. All internal communications in our datacenter must be encrypted
4. All customer data must be encrypted at rest
5. When using a shared internet connection, network communication must go via a VPN.
6. If customer data is required to diagnose an issue, it must be securely erased within 48 hours of the issue being resolved.
7. Passwords and other security critical tokens can only be stored in the company password safe. They must never be e-mailed or texted.
8. 2FA is required when connecting to any AWS or mail account

We audit this regularly by issuing employee questionnaires and audits where we check the configuration of employee workstations.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Changes are requested either by a customer or internally. The development committee meets every fortnight to discuss the next fortnight's work, and what features should be prioritised. A technical specification is prepared by the senior technical staff and signed off by the technical director. After a developer prepares the changes, they are code reviewed reviewed by the technical director and senior staff. During the code review, we identify potential security risks and mitigate them wherever possible. We use the same approach for changes to servers, patches or configurations.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We are subscribed to the Ubuntu and Windows security alerts mailing list and RSS feed. We review it daily to ensure that no software we use is specified in this list.

In most cases, we deploy patches to our staging environment and test them for 2-3 days to ensure there are no effects. In the event of a high-profile serious issue we will accelerate this process and aim to have it done within a day or less.

We maintain a risk register and review it regularly to ensure that we are aware of our security profile.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We have numerous automated methods of identifying potential compromises. We would be happy to discuss this on request but not to announce the details publicly.

When a potential compromise is identified, we first determine whether it is possible it was triggered by mistake by a developer calling an API call that they didn't mean to.

If it appears that a system is compromised then it is isolated from the network for analysis. If necessary we will firewall the entire environment until an assessment can be made.

Alerts raise SMS alerts to senior technical staff and are assessed within minutes.
Incident management type
Supplier-defined controls
Incident management approach
We have an internal playbook which details common issues and their solutions. This is proactively updated as we add more elements to the system.

Users report incidents via our online ticketing mechanism, or by contacting their account manager. However, we have automatic monitoring systems that usually tell us about any problem before any customer notices. In most cases we are informed about a potential problem (such as high CPU usage) before it becomes an outage and fix it without downtime.

Incident reports are provided to all subscribers of our status web service.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£12.50 to £25.00 a user a month
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@glidertech.com. Tell them what format you need. It will help if you say what assistive technology you use.