Effective Software EHS Management System
The Effective Software platform is an Environmental Health and Safety Compliance Management System. Via a web platform and mobile apps, it allows for the management and monitoring of Incidents, Training, Audit, Risk, Contractors, Plant, PPE, Chemicals & CoSHH, Method Statements and DSE
Features
- Real time hazard & incident reporting
- Integrated safety management system
- Risk Assessment Software
- CoSHH & Chemical Management
- Audits & Inspection software
- Plant & Asset Inspection software
- Action Management Software
- Training tracking software
- Permit to Work software
Benefits
- Workforce engagement in safety through mobile
- Social Safety transforming workplace engagement
- Centralised safety information
- Complete safety solution available on mobile
- Standardise approach to risk management
- Real time analytics and insights on your safety data
Pricing
£6 to £44 a person a year
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 10
Service ID
9 9 9 1 3 8 5 2 7 3 9 0 8 4 7
Contact
BCD Safety and Business Support Limited T/A Effective Software
Brenda Keating
Telephone: 0035361405455
Email: bidsandtenders@effective-software.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- No constraints, available on all industry supported web browsers
- System requirements
- Modern Web browser
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- The support desk is manned Monday-Friday 09:00-17:30 (UTC). BCD commits to achieving 4 business hour median first response times.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- Not known
- Web chat accessibility testing
- None
- Onsite support
- Yes, at extra cost
- Support levels
-
Effective Software has a standard support level provided to all clients.
a) Email Support: Available for all Users for technical issues or general queries.
b) Help Centre Widget: Available to all Users.
- During business hours (9am-5:30pm UTC), the widget provides a Live Chat channel directly within the system for quick access by Users to support.
- Outside business hours the widget allows support issues to be submitted directly into the ticketing system.
- The widget also offers a dynamic response to the content the User is accessing within the system, suggesting relevant Help Centre articles that may assist the User.
c) Online Help Centre: Unlimited availability, this is the primary source of Self-Service help for all Users. Accessible 24/7, this resource contains a library of articles, videos, and best practice tips to improve the overall User experience.
d) Help Desk Phone Support: Super Users (High Level Administrators) only. May be used to submit critical technical issues only.
e) Dedicated Phone Support: Will be provided to Samworth as part of our proposed Support model.
The costs of any requirements outside the standard support provided are negotiated on a case by case basis. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
A typical implementation project includes a kick-off call where the short-term goals and roll-out process of the project are discussed and must be agreed by all involved parties for the project to move forward.
The project activities will include onsite days with the project team to identify priorities and milestones, along with weekly online webinars assessing progress and UAT at each stage.
Prior to the project roll-out, on-site training days are carried out in the style of train-the-trainer sessions to empower the client to promote adoption in the organisation. - Service documentation
- No
- End-of-contract data extraction
- Effective Software provide clients with a JSON format export of all their data in the system within 30 days of contract termination
- End-of-contract process
- All information is returned to the customer and upon agreement permanently deleted from our servers. Effective Software provides a JSON format export of all a client's data in the system within 30 days of contract termination as standard. Any requirements outside of this would be negotiated on a case by case basis.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 10
- Internet Explorer 11
- Firefox
- Chrome
- Safari 9+
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- The service is available as both a responsive web design and native apps designed for iOS & Android.
- Accessibility standards
- None or don’t know
- Description of accessibility
- Not known
- Accessibility testing
- None
- API
- Yes
- What users can and can't do using the API
-
APIs are available to:
Push employee data to manage the master employee list
Push...Report Incidents
Push...Report Observations
Push & Pull training records to and from LMS
Pull data from our rich data source for external visualisation tools - API documentation
- Yes
- API documentation formats
- Open API (also known as Swagger)
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
The web platform can be rebranded with clients' images and colours according to set templates provided by Effective Software. This only comes as standard with our Premium and Enterprise packages.
The modules in the system are highly configurable in order to align with clients' current Health and Safety Process and this is done by our clients themselves with the assistance of our Customer Success team.
Scaling
- Independence of resources
-
The Effective Solution ensures each user in the system is attributed a session where all his/her actions are managed independently of other concurrent users.
Multiple servers with load balancers are in place to manage load. Notifications and alerts are in place where threshold limits are approached and servers are scalable within the hosting environment to add resource as required.
Analytics
- Service usage metrics
- Yes
- Metrics types
- As part of regular executive business reviews, our Customer Success Managers provide our clients with metrics on system usage frequency, usage by module and customer support interaction and response/resolution times.
- Reporting types
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- European Economic Area (EEA)
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
- Physical access control, complying with another standard
- Data sanitisation process
- No
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- The Report Module within the Effective Software EHS Management System allows users to export much of their data in CSV format on demand. Any data export requirements outside that provided for in the reporting module must be discussed with the client's Customer Success Manager.
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- Legacy SSL and TLS (under version 1.2)
- Data protection within supplier network
- Legacy SSL and TLS (under version 1.2)
Availability and resilience
- Guaranteed availability
-
Availability of 99.9% is committed to in our Enterprise SLA.
Refunds are agreed on a contract by contract basis but normally take the form of service credits applied to your account. - Approach to resilience
-
The database is hosted on a 3-server cluster configured in fail-over mode. The servers are physically located on hardware in 3 separate racks, each with redundant power supplies, networks (ports, switches, firewall and carriers) and RAID5 disk arrays. The working database is snapshot once every hour on the VPS.
All uploaded attachments are further uploaded to Amazon AWS S3 (Europe Zone: Dublin) with 99.999999999% storage guarantees. We complete a full server nightly backup to Amazon AWS. We provide a standard 4-hour response time with disaster recovery testing showing a resumption of service within 2 hours on engineering machines (equivalent to a new environment) - Outage reporting
- Outages are published on our customer service dashboard (hosted separately to the service) and under certain SLA agreements notified by email to key customers.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
- Only client users with SuperUser access can grant access to that client's data. Each system module has multiple access levels to cater for various administrator and end-user needs which can further be restricted by site levels.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- Yes
- Any other security certifications
-
- All hosting providers are 27001 certified (Amazon & BT)
- Our 27001 certification is due for approval June 2018
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- We are applying the OWASP security principles to designing our software. This means we take in to account several considerations as we design new features and major architectural aspects for the system. These include: minimizing attack surface area; choose secure defaults; apply the principle of least privilege; fail securely (and so on). We also analyse our system for failure points, and introduce redundancy and failover to the critical service points across the Effective Platform.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
We maintain a full specification and record of all system components, including hardware, servers, software, and all other configuration aspects of the system. This record is maintained in source control and tracks all changes to source, configuration and deployment.
We use automated tools to build and deploy
Source code control system tracks all changes. All features are tested on QA independent of live environment. Once tested, and verified, we use a deployment tool, to automatically push the new update to the live production system. That deployment tool also archives the existing system configuration, in case changes need to be reverted. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Our process, at a high level, is that when a given risk materialises, we form an internal team to address and work on the issue, and follow the “playbook” we have created for that risk. A playbook defines the set of steps and things to check and do, in the event of some specific issue arising (such as a breach being detected, or a server becoming unavailable, and so on).
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- We use a variety of tools and techniques to monitor the Effective Platform. These include tools such as Pingdom to check availability and response times of servers and services, monit to track resource use and thresholds of servers, OSquery to track server configuration changes, and tools such as PagerDuty and Slack to manage and co-ordinate responses in the event of an incident. Critical incidents have a 4hr resolution commitment in our Enterprise SLA
- Incident management type
- Supplier-defined controls
- Incident management approach
-
In the event of an incident, we have a planned process to enable incidents to be captured, analysed and then managed, with associated escalation process when and if appropriate.
Users can report incidents through email, webchat, directly on our customer service portal or by phone in working hrs (or out of hours upon agreed SLAs)
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Pricing
- Price
- £6 to £44 a person a year
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- Once an opportunity has been progressed to a point of preferred supplier appointment we offer a 60 day opt out of the service. This allows for the customer to run on a live environment for up to 60 days with any/all of the modules they have agreed to purchase.