EVOTIX LIMITED

Evotix Assure Behavioural Safety Management Software

Evotix Assure Behavioural Safety Management health and safety software provides a tool allowing defined people within your organisation to carry out safety tours/inspections using pre-configured templates. These templates record both safe and unsafe observations, thus supporting positive reinforcement of good behaviour as well as identifying areas for development or improvement.

Features

  • Record safe and unsafe observations
  • Use pre-configured Behavioural audit templates or create your own
  • Monitor workforce performance through Safe and Unsafe Observation Reports
  • Suite of reports and graphs for analysis and evaluation
  • Highlights success or improvement and new areas to target
  • All staff can complete safe/unsafe observation report or audits
  • On-site completion through mobile and tablet devices

Benefits

  • Aid transition to proactive/generative safety culture
  • Aligns to your existing safety culture strategy
  • Involves all people within your organisation
  • Benchmark involvement and improvement to demonstrate progress
  • Mobile enabled, online and offline, for immediate reporting of observations
  • Identify areas for improvement through comprehensive reporting and clear visibility

Pricing

£9,495 an instance a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@evotix.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

1 8 5 1 3 2 6 0 5 6 7 8 2 7 0

Contact

EVOTIX LIMITED David Coley
Telephone: 03003033657
Email: gcloud@evotix.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
The Assure health and safety management solution from Evotix is modular. This means each Assure module works standalone, but integrates powerfully with others to provide you with a complete solution.
Cloud deployment model
Public cloud
Service constraints
99.9% service availability, assured by independent validation of assertion
System requirements
None

User support

Email or online ticketing support
Email or online ticketing
Support response times
We offer different response times for queries for our standard and premium support offering.

For standard support, we provide a 4 hour response time
For premium support, we provide a 3 hour response time.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 A
Web chat accessibility testing
N/a
Onsite support
Onsite support
Support levels
Our customers prize our expert and friendly support both during implementation and ongoing. 95% of our customers renew every year. Our UK based customer services team answer all calls promptly and resolve problems quickly whether they relate to training or configuration. We follow a 6 stage case management process. All cases, issues, or requests for change are, in the first instance, reported to the Help Desk as the central point of contact. As first line support, the Help Desk can be contacted by phone or email Monday to Friday 8:30-17:30. Requests are recorded and monitored in our case management system which ties the request to your customer account to provide a complete history. Where first line support is unable to solve the customer issue, the case is escalated to second line support. Here, our system experts will work to understand the customer issue and diagnose the problem. Once derived, the solution is communicated, by phone and/or email, to the customer in our outlined SLA. If second line support cannot resolve the customer issue, the case is escalated to third line support for root cause analysis and/or data fix.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Assure has been designed with the user in mind, combining an intuitive consumer style interface with a corporate strength backbone. As a result, it meets business requirements while being straightforward and intuitive to use - not just by experts but by your organisation at large.

We provide users with different training delivery options: our most popular training delivery is online via webinar sessions, specifically for your organisation, and will be tailored for your solution and audience. These can be recorded so you can revisit and reuse them. We also offer interactive video tutorials which can be reused. If required, onsite training can be delivered at an additional cost.

Although influenced by the number of, and the level to which, users are to be trained, the number of training days required is always at your discretion.

We will discuss with you a suitable number of days and which delivery method is best suited to your individual requirements. All licensed users of Assure have access to our Knowledge Base, which contains a variety of help videos and articles.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
The Customer should, no later than ten days after the effective date of the contract end, submit a written request for the delivery of the then most recent back-up of the Customer Data and any attachments that have been uploaded to the system.
End-of-contract process
If the customer is not renewing they can extract their data via the tools provided or the data extraction can be provided by Evotix at an additional cost.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
AssureGO+ is our next generation Progressive Web Application (PWA) which is ‘mobile first’ but eliminates app installation. The user interface reacts to the device using it so forms and content change to utilize the available screen – tablet, mobile or desktop.

Employees/contractors can easily capture hazards, near misses or incidents as well as completing audits, inspections or assessments 24/7, online or offline. If no internet is available, information is stored on the device until it can be synced.

AssureGO+ provides access to Assure forms anytime, anywhere on any device with a compatible browser.
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
Our Service Manager has been developed to provide a consumer level experience for logging Incidents and other Request Types by following a process of Progressive Capture. Progressive Capture is a graphical workflow tool that provides a new and simple way to define the capturing of information. Progressive Capture includes a number of small forms for collecting information related to the Incident. These forms are automatically configured depending on the information being captured.
Accessibility standards
WCAG 2.1 A
Accessibility testing
N/a
API
Yes
What users can and can't do using the API
Data insert using RESTful API.
API documentation
Yes
API documentation formats
  • PDF
  • Other
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
Assure combines complete out of the box health and safety functionality (allowing you to be up and running immediately) with an exceptional level of configurability - of forms, organisation, permissions, reports, dashboards, etc. The configurability is controlled by permission settings by user type. This meets all but the most specialist / bespoke requirements and satisfies 99% of customers.

Scaling

Independence of resources
Real-time monitoring of server load with alerts on critical components EG. CPU load, memory load, throughput. Application servers are load balanced.

Analytics

Service usage metrics
Yes
Metrics types
All system fields
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Report and download (templates and bespoke) into Excel
Reports in JSON format
Active data connections to Excel
SSIS
Data export formats
  • CSV
  • Other
Other data export formats
  • JSON
  • Microsoft Word
  • Microsoft Excel
  • PDF
Data import formats
  • CSV
  • Other
Other data import formats
  • API
  • Initial data import by Evotix as an implementation service

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
IP restricted access

Availability and resilience

Guaranteed availability
99.9% uptime, scheduled and notified maintenance schedules, clawback in contract
Approach to resilience
Environmental Controls are implemented to help mitigate against the risk of service interruption caused by fires, floods and other forms of natural disasters.

The Datacentre electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week. Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility. Datacentres use generators to provide back-up power for the entire facility.
Outage reporting
Dedicated 24/7 monitoring at service centre. Real-time dashboard and email alerts.

Identity and authentication

User authentication needed
Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication
The user can integrate with their own SSO provider if it supports the WS-Fed protocol.
Access restrictions in management interfaces and support channels
For environment administration, access can only be provided via VPN from a whitelisted IP address to authorised users confirmed by MFA.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Description of management access authentication
Whitelisted IP address.

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
ISO Quality Services Limited
ISO/IEC 27001 accreditation date
20/06/2021
What the ISO/IEC 27001 doesn’t cover
N/a
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
A full suite of information security policies and processes is in place as required by ISO 27001.

Internal auditing checks take place to ensure that all security controls are being observed. This includes policies

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Our hosting provider maintains documented operational procedures for both infrastructure operations and customer-facing support functions. Newly provisioned infrastructure undergoes appropriate testing procedures to limit exposure to any hardware failure. Documented procedures and configuration version controls provide protection from errors during configuration. Changes to an existing infrastructure are controlled by a technical change management policy, which enforces best practice change management controls including impact/risk assessment, customer sign off, and back-out planning.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Patches to solution every 2 weeks unless critical, then immediate.
Penetration testing and internal code testing (peer reviewed and deployment testing services)
Employ best practice to mitigate against known issues (e.g. SQL Injection)
Regular automated vulnerability testing with risk based timescales for remediation if any issues are found.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Evotix uses AWS GuardDuty firewalls to protect the Assure systems, this includes the following protections: Access Control Lists, DDOS, Intrusion prevention, threat detection, API monitoring, log analysis and VPC analysis
One of its functions is checking for unusual events, based on a common baseline.
When alerts come in these logs \ areas are checked. Manual reviews are also carried out. These are done ad hoc to avoid pattern forming
Virtual firewalls (security groups) are used to restrict ingress between the layers of the platform in the VPC.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Where an Incident is identified, an Incident Response team is convened, the incident is classified, immediate action taken and an investigation is commenced.
It will be escalated internally to an appropriate level of management.
Following immediate action and investigation, follow up actions will be identified to implement corrective actions to resolve the incident and mitigate the potential for recurrence.
A customer will be notified if their information has been affected as soon as practical.
Whilst investigation is happening, the customer will receive updates. A full investigation will be completed and a report will be issued.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

Our solution offers the ability to track and report carbon emissions. Using this information customers can identify solutions to reduce their emissions.
Covid-19 recovery

Covid-19 recovery

Our solution is being used nationally to deliver valuable skills and training to communities, helping to get more people back into work post the COVID-19 Pandemic.
Tackling economic inequality

Tackling economic inequality

Our solution is being used nationally to deliver valuable skills and training to communities, helping to get more people back into work post the COVID-19 Pandemic.
Wellbeing

Wellbeing

We have a wellbeing toolkit, delivered through GLOW that provides a wellness and wellbeing framework from which to assess and diagnose areas of strength and weakness around mental health and general wellbeing. GLOW contains tools, advice and resources for users to address potential issues and create more resilience in this space, helping them be fit for work.

Pricing

Price
£9,495 an instance a year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
- Immediate access to the AssureGO+ App
- See how easy it is for anybody to engage in health and safety
- Experience first hand how you can collect more consistent data
- Unlimited access
Link to free trial
https://www.evotix.com/assurego-request-your-free-trial-now

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@evotix.com. Tell them what format you need. It will help if you say what assistive technology you use.