This G-Cloud 10 service is no longer available to buy.

The G-Cloud 10 framework expired on Tuesday 2 July 2019. Any existing contracts with BCD Safety and Business Support Limited T/A Effective Software are still valid.
BCD Safety and Business Support Limited T/A Effective Software

Effective Software EHS Management System

The Effective Software platform is an Environmental Health and Safety Compliance Management System. Via a web platform and mobile apps, it allows for the management and monitoring of Incidents, Training, Audit, Risk, Contractors, Plant, PPE, Chemicals & CoSHH, Method Statements and DSE

Features

  • Real time hazard & incident reporting
  • Integrated safety management system
  • Risk Assessment Software
  • CoSHH & Chemical Management
  • Audits & Inspection software
  • Plant & Asset Inspection software
  • Action Management Software
  • Training tracking software
  • Permit to Work software

Benefits

  • Workforce engagement in safety through mobile
  • Social Safety transforming workplace engagement
  • Centralised safety information
  • Complete safety solution available on mobile
  • Standardise approach to risk management
  • Real time analytics and insights on your safety data

Pricing

£6 to £44 a person a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidsandtenders@effective-software.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 10

Service ID

9 9 9 1 3 8 5 2 7 3 9 0 8 4 7

Contact

BCD Safety and Business Support Limited T/A Effective Software Brenda Keating
Telephone: 0035361405455
Email: bidsandtenders@effective-software.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
No constraints, available on all industry supported web browsers
System requirements
Modern Web browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
The support desk is manned Monday-Friday 09:00-17:30 (UTC). BCD commits to achieving 4 business hour median first response times.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Not known
Web chat accessibility testing
None
Onsite support
Yes, at extra cost
Support levels
Effective Software has a standard support level provided to all clients.

a) Email Support: Available for all Users for technical issues or general queries.
b) Help Centre Widget: Available to all Users.
- During business hours (9am-5:30pm UTC), the widget provides a Live Chat channel directly within the system for quick access by Users to support.
- Outside business hours the widget allows support issues to be submitted directly into the ticketing system.
- The widget also offers a dynamic response to the content the User is accessing within the system, suggesting relevant Help Centre articles that may assist the User.
c) Online Help Centre: Unlimited availability, this is the primary source of Self-Service help for all Users. Accessible 24/7, this resource contains a library of articles, videos, and best practice tips to improve the overall User experience.
d) Help Desk Phone Support: Super Users (High Level Administrators) only. May be used to submit critical technical issues only.
e) Dedicated Phone Support: Will be provided to Samworth as part of our proposed Support model.

The costs of any requirements outside the standard support provided are negotiated on a case by case basis.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
A typical implementation project includes a kick-off call where the short-term goals and roll-out process of the project are discussed and must be agreed by all involved parties for the project to move forward.

The project activities will include onsite days with the project team to identify priorities and milestones, along with weekly online webinars assessing progress and UAT at each stage.

Prior to the project roll-out, on-site training days are carried out in the style of train-the-trainer sessions to empower the client to promote adoption in the organisation.
Service documentation
No
End-of-contract data extraction
Effective Software provide clients with a JSON format export of all their data in the system within 30 days of contract termination
End-of-contract process
All information is returned to the customer and upon agreement permanently deleted from our servers. Effective Software provides a JSON format export of all a client's data in the system within 30 days of contract termination as standard. Any requirements outside of this would be negotiated on a case by case basis.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The service is available as both a responsive web design and native apps designed for iOS & Android.
Accessibility standards
None or don’t know
Description of accessibility
Not known
Accessibility testing
None
API
Yes
What users can and can't do using the API
APIs are available to:
Push employee data to manage the master employee list
Push...Report Incidents
Push...Report Observations
Push & Pull training records to and from LMS
Pull data from our rich data source for external visualisation tools
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The web platform can be rebranded with clients' images and colours according to set templates provided by Effective Software. This only comes as standard with our Premium and Enterprise packages.

The modules in the system are highly configurable in order to align with clients' current Health and Safety Process and this is done by our clients themselves with the assistance of our Customer Success team.

Scaling

Independence of resources
The Effective Solution ensures each user in the system is attributed a session where all his/her actions are managed independently of other concurrent users.

Multiple servers with load balancers are in place to manage load. Notifications and alerts are in place where threshold limits are approached and servers are scalable within the hosting environment to add resource as required.

Analytics

Service usage metrics
Yes
Metrics types
As part of regular executive business reviews, our Customer Success Managers provide our clients with metrics on system usage frequency, usage by module and customer support interaction and response/resolution times.
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
No
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
The Report Module within the Effective Software EHS Management System allows users to export much of their data in CSV format on demand. Any data export requirements outside that provided for in the reporting module must be discussed with the client's Customer Success Manager.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Availability of 99.9% is committed to in our Enterprise SLA.

Refunds are agreed on a contract by contract basis but normally take the form of service credits applied to your account.
Approach to resilience
The database is hosted on a 3-server cluster configured in fail-over mode. The servers are physically located on hardware in 3 separate racks, each with redundant power supplies, networks (ports, switches, firewall and carriers) and RAID5 disk arrays. The working database is snapshot once every hour on the VPS.

All uploaded attachments are further uploaded to Amazon AWS S3 (Europe Zone: Dublin) with 99.999999999% storage guarantees. We complete a full server nightly backup to Amazon AWS. We provide a standard 4-hour response time with disaster recovery testing showing a resumption of service within 2 hours on engineering machines (equivalent to a new environment)
Outage reporting
Outages are published on our customer service dashboard (hosted separately to the service) and under certain SLA agreements notified by email to key customers.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Only client users with SuperUser access can grant access to that client's data. Each system module has multiple access levels to cater for various administrator and end-user needs which can further be restricted by site levels.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • All hosting providers are 27001 certified (Amazon & BT)
  • Our 27001 certification is due for approval June 2018

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
We are applying the OWASP security principles to designing our software. This means we take in to account several considerations as we design new features and major architectural aspects for the system. These include: minimizing attack surface area; choose secure defaults; apply the principle of least privilege; fail securely (and so on). We also analyse our system for failure points, and introduce redundancy and failover to the critical service points across the Effective Platform.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We maintain a full specification and record of all system components, including hardware, servers, software, and all other configuration aspects of the system. This record is maintained in source control and tracks all changes to source, configuration and deployment.
We use automated tools to build and deploy
Source code control system tracks all changes. All features are tested on QA independent of live environment. Once tested, and verified, we use a deployment tool, to automatically push the new update to the live production system. That deployment tool also archives the existing system configuration, in case changes need to be reverted.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Our process, at a high level, is that when a given risk materialises, we form an internal team to address and work on the issue, and follow the “playbook” we have created for that risk. A playbook defines the set of steps and things to check and do, in the event of some specific issue arising (such as a breach being detected, or a server becoming unavailable, and so on).
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We use a variety of tools and techniques to monitor the Effective Platform. These include tools such as Pingdom to check availability and response times of servers and services, monit to track resource use and thresholds of servers, OSquery to track server configuration changes, and tools such as PagerDuty and Slack to manage and co-ordinate responses in the event of an incident. Critical incidents have a 4hr resolution commitment in our Enterprise SLA
Incident management type
Supplier-defined controls
Incident management approach
In the event of an incident, we have a planned process to enable incidents to be captured, analysed and then managed, with associated escalation process when and if appropriate.

Users can report incidents through email, webchat, directly on our customer service portal or by phone in working hrs (or out of hours upon agreed SLAs)

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£6 to £44 a person a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Once an opportunity has been progressed to a point of preferred supplier appointment we offer a 60 day opt out of the service. This allows for the customer to run on a live environment for up to 60 days with any/all of the modules they have agreed to purchase.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidsandtenders@effective-software.com. Tell them what format you need. It will help if you say what assistive technology you use.