MRI Software Limited

MRI Housing Enterprise

A comprehensive solution to manage your social housing properties, tenants and leaseholders. Feature-rich, it gives you everything to drive effective management in a single location. Including rent accounting, tenancy/property, CRM, booking repairs, empty homes, anti-social behaviour, allocations, service charges, customer feedback, visits, estate management, homeownership, money advice, residential involvement .

Features

• CRM Call/Contact Management, 360 View of Customer, Quick Actions
• Document Management Store/Retrieve, Search, Tag, Retention Rules, OCR, Go Paperless
• Income Property and Tenancy Charges, Arrears recommendations, Analytics, Payment Interfaces
• Property Management Calculate/Manage Service Charges, Multiple Ownership Models, Asset Management
• Allocations Choice Based Lettings (CBL) or Property Lettings, Exchanges
• Void Management Single View Repairs/ Lettings Void Activity, Mobile Application
• Tenancy Management The full life-cycle of tenancy or lease, complaints
• ASB and Estate Management Cases, Escalation, Risk Assessment, Survey, Mobile
• Reactive Repairs Self Appointed, Diagnostic Tools, SOR, Contractors, Mobile Working
• Temporary Accommodation, Homelessness

Benefits

• Mobility Web based, Use on tenant visits, secure remote working
• Integration with finance, arrears analytics, self-service, mobile and asset solutions
• Collaboration Share and approve communications, transfer work, integrated solutions
• Tasks Electronic In-Tray, Transfer Work, Workflow to Aid staff
• Annual Fees Predictable budgeting for solution costs
• Communications SMS, email, web messaging, statements, letters, capture customer interactions
• Reporting Fast effective reporting, dashboards, Auditing, integrates with reporting systems

£82,724.01 to £233,038.33 a licence a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@mrisoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

161423474866109

Contact

Claire Brown
020 3861 7100
tenders@mrisoftware.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: Planned maintenance is typically scheduled outside of regular business hours.
• System requirements: Compatible access devices/operating systems

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: MRI’s Global Client Support group will make every reasonable effort to ensure that submitted cases are assigned the proper level of Severity. Submitted cases will be responded to in the order in which they are received, with consideration given for higher Severity levels. Response Time is the time it takes before a Global Client Support agent makes initial contact with the individual who submitted case. Bundled Service (Normal Priority 6 Hours, Serious Priority 3 hours, Critical Priority Live Call Only)
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We include support within our annual fee. Support includes a named Account Manager and a Client Support Helpdesk. The Client Support Helpdesk also serves as the contact for all cloud support requests for trained users. Cases and incidents can be recorded and viewed in the myMRI portal on a 24/7 basis. The myMRI Portal provides clients with information on support cases, regardless of whether a call is logged via a phone call or via the portal. Various information, documentation, forums and resources are also available on the portal.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Clients will be provided with data loading file formats which can be used for the mass upload of the modular data. Throughout the project, our data migration consultant will advise on the mapping of Orchard Housing fields to the current sources to ensure the data is loaded accurately. The process will be iterative, and as part of the validation exercise, our consultants will be in regular contact to advise on data cleansing and corrections as necessary.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: A full data extract is available via data export (this can be made available at time of contract termination agreement over SFTP (PGP / SSH).
• End-of-contract process: The data will be provided in a predetermined format. If there are requirements which are different from our standard approach, we can discuss these with Clients to draw up an appropriate exit plan.; ; The initial de-commissioning (powering down of client-server images and movement to non-production storage) takes place on the agreed date (e.g. contract end date) with permanent de-commissioning taking

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Full functionality is available on all devices although a tablet is the smallest screen size on which practical operation is sensible
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: There are a number of APIs designed for integration with third party systems. Typically, they are used for data transfer and viewing of data between systems.
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: There are a large number of system parameters which control the behaviour of the service in its various modules. Lookup lists can all be user-defined, albeit controlled by a comprehensive user permissions structure.

Scaling

• Independence of resources: Each client has their own working environment with servers configured to match the clients requirements.

Analytics

• Service usage metrics: Yes
• Metrics types: Backup related – yes. Daily managed reports for backup related activities including DR information for each server.; ; Non-backup related – yes, as per the agreed Managed Service contract.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: There are around 150 standard reports as part of the system. Each can be run with a huge number of data filters. In addition any table in the system can be exported directly to Excel in a couple of clicks. Some of the modules allow for the export in .xml format.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Excel
  • Word
  • XML
  • Delimitted
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XML
  • Delimitted

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We use commercially reasonable efforts to ensure availability twenty -four (24) hours a day, seven (7) days a week, except for: (a) planned downtime (of which we provide adequate notice and will schedule to the extent practicable during the weekend hours), or (b) any unavailability caused by circumstances beyond our reasonable control, including without limitation, Force Majeure events or internet service provider failures or delays. We host our solution in a UK-based Tier 3 data centre that is designed to deliver high availability.
• Approach to resilience: Available on request.
• Outage reporting: The client support desk is used to manage client/support interaction for specific customer system issues. E-mail advisories are in place and used to alert multiple clients/contacts of unplanned outages.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Access to management services is restricted by user identity. As users are added to the system settings are used to define which apps, which features and what is accessible by a security level setting.; ; All management tasks can be limited using a VPN. 2FA and specific RBAC.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Data centre infrastructure and associated services are managed according to ISO 27001. The least privilege required for a role principle is followed in all areas, server access is restricted to only those employees who have reason to access it.
• Information security policies and processes: Data centre infrastructure and associated services are managed according to ISO 27001:2013 controls and processes. Our privilege access management system provides location-independent role-based access control and compliance with single-click access diagnostic tools and device history.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Change management is a matter of regular review with the management team. At each review, all new software fixes and enhancements are assessed for overall impact on such as system security, performance and functionality before being approved for scheduling in the development plans. All new developments are subject to in-depth analysis of security, functionality and practicality for inclusion in future releases. ; ; All configurations are documented as per the agreed project plan (meeting client requirements and documentation standards). All high and low-level design documents will document the agreed configurations, in detail and form a solid basis for change control.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Critical and Important updates are applied automatically upon release. Other updates are checked for relevance to software/operating system installation and are installed as part of the scheduled maintenance where relevant.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Protective monitoring and associated responses are managed according to ISO 27001:2013 controls and processes utilising a mixture of automated features at security device level (e.g. automatic blocking based on severity/signatures) and manual interaction based on alerts (e.g. manual investigation of alert before intervention). Access to the application/infrastructure is restricted to authorised personnel.
• Incident management type: Supplier-defined controls
• Incident management approach: Comprehensive monitoring tools are used to highlight potential problems before they become an issue. A defined "Security Incident Management Policy" includes reporting mechanisms for both Information Technology and Physical Security incidents, incident logging, communication to internal and external parties, escalation, reporting, planning, implementation of preventative actions, securing / forensic evidence and continued improvement incident review.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Tackling economic inequality:

  Tackling economic inequality

  Whilst not a certified living wage employer, our employees are all contracted and salaried fairly, in line with the Living Wage standards. We do not employ anyone on zero hours contracts and have a strong commitment to regularly review salaries in line with our appraisal process. We have a number of apprentices in the business who we are supporting to complete degree level qualifications, who all receive above the apprentice minimum wage.
• Equal opportunity:

  Equal opportunity

  We work hard to ensure our employees have a voice. We have various committees in place within our business, for example a Diversity, Equity and Inclusion committee, An Events Group which helps us to understand how employees are feeling about working at MRI and helping us drive forward inclusive events. We have also very recently launched our first ERG – employee resource group for Women and Allies. As a business with over 250 employees in the UK we are required to produce a Gender Pay Gap report. We very much welcome this initiative and our latest report will be available via our website from 4th April 2022. This report shows the impact we have on reducing our Gender Pay Gap and also highlights the many initiatives we have underway to further reduce our gap.
• Wellbeing:

  Wellbeing

  Work hard, play hard. From the day we opened our doors we set out to build flexible, game-changing solutions to make people's lives better. We do this by providing our clients with solutions which can enable them to provide better places to live, work and do business. The only way to carry out that mission is to hire the best employees and keep them. We are dedicated to creating a working environment which supports and develops our staff. Some of the benefits that we offer are: Gym reimbursements Medical assistance, including mental health tools Flexible working opportunities, including hybrid working Employee engagement is key to MRI's success and we hold quarterly spirit weeks to both connect and enthuse our teams globally. These weeks are themed and where staff are encouraged to learn about different topics or take part in activities that they might not typically have time for. These include fitness sessions, cooking sessions, engagement with families for those working from home or targeting one big event where we can globally feel like we are one team with the same goal. We also carry our bi-annual employee engagement surveys to ensure employees can express their views. With our most recent survey we had an 89% completion rate and we are currently creating actions to help us improve as a business as a result of our employee feedback

Pricing

• Price: £82,724.01 to £233,038.33 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@mrisoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.