BCD Safety and Business Support Limited T/A Effective Software

Effective Software EHS Management System

The Effective Software platform is an Environmental Health and Safety Compliance Management System. Via a web platform and mobile apps, it allows for the management and monitoring of Incidents, Training, Audit, Risk, Contractors, Plant, PPE, Chemicals & CoSHH, Method Statements and DSE


  • Real time hazard & incident reporting
  • Integrated safety management system
  • Risk Assessment Software
  • CoSHH & Chemical Management
  • Audits & Inspection software
  • Plant & Asset Inspection software
  • Action Management Software
  • Training tracking software
  • Permit to Work software


  • Workforce engagement in safety through mobile
  • Social Safety transforming workplace engagement
  • Centralised safety information
  • Complete safety solution available on mobile
  • Standardise approach to risk management
  • Real time analytics and insights on your safety data


£6 to £44 per person per year

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 10


BCD Safety and Business Support Limited T/A Effective Software

Brenda Keating



Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints No constraints, available on all industry supported web browsers
System requirements Modern Web browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times The support desk is manned Monday-Friday 09:00-17:30 (UTC). BCD commits to achieving 4 business hour median first response times.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Not known
Web chat accessibility testing None
Onsite support Yes, at extra cost
Support levels Effective Software has a standard support level provided to all clients.

a) Email Support: Available for all Users for technical issues or general queries.
b) Help Centre Widget: Available to all Users.
- During business hours (9am-5:30pm UTC), the widget provides a Live Chat channel directly within the system for quick access by Users to support.
- Outside business hours the widget allows support issues to be submitted directly into the ticketing system.
- The widget also offers a dynamic response to the content the User is accessing within the system, suggesting relevant Help Centre articles that may assist the User.
c) Online Help Centre: Unlimited availability, this is the primary source of Self-Service help for all Users. Accessible 24/7, this resource contains a library of articles, videos, and best practice tips to improve the overall User experience.
d) Help Desk Phone Support: Super Users (High Level Administrators) only. May be used to submit critical technical issues only.
e) Dedicated Phone Support: Will be provided to Samworth as part of our proposed Support model.

The costs of any requirements outside the standard support provided are negotiated on a case by case basis.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started A typical implementation project includes a kick-off call where the short-term goals and roll-out process of the project are discussed and must be agreed by all involved parties for the project to move forward.

The project activities will include onsite days with the project team to identify priorities and milestones, along with weekly online webinars assessing progress and UAT at each stage.

Prior to the project roll-out, on-site training days are carried out in the style of train-the-trainer sessions to empower the client to promote adoption in the organisation.
Service documentation No
End-of-contract data extraction Effective Software provide clients with a JSON format export of all their data in the system within 30 days of contract termination
End-of-contract process All information is returned to the customer and upon agreement permanently deleted from our servers. Effective Software provides a JSON format export of all a client's data in the system within 30 days of contract termination as standard. Any requirements outside of this would be negotiated on a case by case basis.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The service is available as both a responsive web design and native apps designed for iOS & Android.
Accessibility standards None or don’t know
Description of accessibility Not known
Accessibility testing None
What users can and can't do using the API APIs are available to:
Push employee data to manage the master employee list
Push...Report Incidents
Push...Report Observations
Push & Pull training records to and from LMS
Pull data from our rich data source for external visualisation tools
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The web platform can be rebranded with clients' images and colours according to set templates provided by Effective Software. This only comes as standard with our Premium and Enterprise packages.

The modules in the system are highly configurable in order to align with clients' current Health and Safety Process and this is done by our clients themselves with the assistance of our Customer Success team.


Independence of resources The Effective Solution ensures each user in the system is attributed a session where all his/her actions are managed independently of other concurrent users.

Multiple servers with load balancers are in place to manage load. Notifications and alerts are in place where threshold limits are approached and servers are scalable within the hosting environment to add resource as required.


Service usage metrics Yes
Metrics types As part of regular executive business reviews, our Customer Success Managers provide our clients with metrics on system usage frequency, usage by module and customer support interaction and response/resolution times.
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process No
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach The Report Module within the Effective Software EHS Management System allows users to export much of their data in CSV format on demand. Any data export requirements outside that provided for in the reporting module must be discussed with the client's Customer Success Manager.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Legacy SSL and TLS (under version 1.2)
Data protection within supplier network Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Availability of 99.9% is committed to in our Enterprise SLA.

Refunds are agreed on a contract by contract basis but normally take the form of service credits applied to your account.
Approach to resilience The database is hosted on a 3-server cluster configured in fail-over mode. The servers are physically located on hardware in 3 separate racks, each with redundant power supplies, networks (ports, switches, firewall and carriers) and RAID5 disk arrays. The working database is snapshot once every hour on the VPS.

All uploaded attachments are further uploaded to Amazon AWS S3 (Europe Zone: Dublin) with 99.999999999% storage guarantees. We complete a full server nightly backup to Amazon AWS. We provide a standard 4-hour response time with disaster recovery testing showing a resumption of service within 2 hours on engineering machines (equivalent to a new environment)
Outage reporting Outages are published on our customer service dashboard (hosted separately to the service) and under certain SLA agreements notified by email to key customers.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Only client users with SuperUser access can grant access to that client's data. Each system module has multiple access levels to cater for various administrator and end-user needs which can further be restricted by site levels.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • All hosting providers are 27001 certified (Amazon & BT)
  • Our 27001 certification is due for approval June 2018

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We are applying the OWASP security principles to designing our software. This means we take in to account several considerations as we design new features and major architectural aspects for the system. These include: minimizing attack surface area; choose secure defaults; apply the principle of least privilege; fail securely (and so on). We also analyse our system for failure points, and introduce redundancy and failover to the critical service points across the Effective Platform.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We maintain a full specification and record of all system components, including hardware, servers, software, and all other configuration aspects of the system. This record is maintained in source control and tracks all changes to source, configuration and deployment.
We use automated tools to build and deploy
Source code control system tracks all changes. All features are tested on QA independent of live environment. Once tested, and verified, we use a deployment tool, to automatically push the new update to the live production system. That deployment tool also archives the existing system configuration, in case changes need to be reverted.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our process, at a high level, is that when a given risk materialises, we form an internal team to address and work on the issue, and follow the “playbook” we have created for that risk. A playbook defines the set of steps and things to check and do, in the event of some specific issue arising (such as a breach being detected, or a server becoming unavailable, and so on).
Protective monitoring type Supplier-defined controls
Protective monitoring approach We use a variety of tools and techniques to monitor the Effective Platform. These include tools such as Pingdom to check availability and response times of servers and services, monit to track resource use and thresholds of servers, OSquery to track server configuration changes, and tools such as PagerDuty and Slack to manage and co-ordinate responses in the event of an incident. Critical incidents have a 4hr resolution commitment in our Enterprise SLA
Incident management type Supplier-defined controls
Incident management approach In the event of an incident, we have a planned process to enable incidents to be captured, analysed and then managed, with associated escalation process when and if appropriate.

Users can report incidents through email, webchat, directly on our customer service portal or by phone in working hrs (or out of hours upon agreed SLAs)

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £6 to £44 per person per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Once an opportunity has been progressed to a point of preferred supplier appointment we offer a 60 day opt out of the service. This allows for the customer to run on a live environment for up to 60 days with any/all of the modules they have agreed to purchase.


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑