HITACHI DIGITAL SERVICES UK LIMITED

Energy Efficiency for Buildings

This platform serves as a unified system, designed to collect data from
relevant sources to provide real-time updates on energy utilisation to identify energy reduction opportunities. Allowing organizations with benchmarking data on their energy usage across physical building infrastructure, enabling comparative analysis and scoring to support energy efficiency improvement initiatives.

Features

• Automated Data Collection and Analysis
• Supplier engagement module for collaboration on emission reduction.
• Integration with ESG reporting frameworks for transparency.
• Continuous improvement and support for ongoing optimisation.
• Actionable insights and recommendations tailored to client goals.
• Open API into existing Digital Twin and BIM systems globally.

Benefits

• Advanced AI-driven analytics for deep insights.
• Streamlined compliance and reporting for regulatory requirements.
• Customisable and scalable to fit diverse organisational needs.
• Consolidate your building management solutions.

£30,000 to £300,000 a unit

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hcuk.bidteam@hitachids.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

186508486020038

Contact

Public Sector Team
07707585971
hcuk.bidteam@hitachids.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: No
• System requirements: Can be used and adjusted to meet any system

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Can be tailored to the buyer
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide a carbon accounting expert and a technical specialist for the account.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: To begin using our service, clients have multiple options tailored to their preferences. We offer a range of training options, including both onsite and online training sessions conducted by our experienced team of specialists. Additionally, comprehensive user documentation is provided to guide users through every aspect of the platform's functionalities. Clients can choose the training method that best suits their needs, whether it's hands-on onsite sessions for personalized support or convenient online training modules for flexibility. Our goal is to ensure that clients feel equipped and confident in utilizing our service to its fullest potential from the outset.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: At the end of the contract, users can easily extract their data through our platform's data export feature. This feature allows users to securely download their data in a standard format, ensuring seamless transition and compliance with data protection regulations. Our support team is available to assist throughout the process.
• End-of-contract process: At the end of the contract, users have the option to securely export their data from our platform. Any information we have from the users is treated with utmost confidentiality and in compliance with data protection regulations. We ensure that users retain ownership and control over their data throughout the process. Additionally, any ongoing support or training services included in the contract are concluded, although users may opt to extend these services if desired. It's important to note that unless otherwise agreed, all data is deleted six months after termination to uphold data privacy standards and compliance regulations. Our priority is to facilitate a smooth transition for users while respecting their privacy and data rights.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The service has been tailored to ensure that there is a seamless transition from Mobile to desktop.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: TBD
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: Import and Export data.; Changes are not possible through APIs
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Interfaces, Dashboards, KPIs, Data points, Reports, User level access.

Scaling

• Independence of resources: We guarantee uninterrupted service by utilizing scalable infrastructure and load-balancing techniques. Our systems dynamically adjust to demand, preventing performance degradation. Continuous monitoring and proactive resource scaling ensure consistent service levels. Data security measures safeguard user information, including access controls and encryption. Our commitment to reliability ensures users remain unaffected by fluctuations in demand.

Analytics

• Service usage metrics: Yes
• Metrics types: On request.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Available upon request

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can easily extract their data through our platform's data export feature. This feature allows users to securely download their data in a standard format, ensuring seamless transition and compliance with data protection regulations. Our support team is available to assist throughout the process.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.80%
• Approach to resilience: Available on request
• Outage reporting: API & email

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Access to management interfaces and support channels is restricted through several measures. We implement role-based access controls, limiting access to authorized personnel based on their job responsibilities. Multi-factor authentication is enforced to enhance security. Additionally, we employ IP whitelisting and VPN access for remote connections. Audit logs are regularly monitored to detect and respond to unauthorized access attempts promptly. Access requests undergo strict approval processes, ensuring accountability. Continuous training and awareness programs educate employees on security best practices. These measures collectively safeguard sensitive systems and data, mitigating the risk of unauthorized access and potential security breaches.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 14/04/2021
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We are compliant to ISO27001, Data Security Protection Toolkit (DSPT) and GDPR. We have a defined reporting structure which we will share on request.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Our configuration and change management processes meticulously track components throughout their lifecycle. We maintain comprehensive inventories, assign configuration baselines, and utilize version control to manage configurations. Proposed changes undergo formal approval workflows, extensive testing, and validation. Asset tracking systems monitor components from procurement to retirement, ensuring compliance and security. Throughout the lifecycle, components are monitored for updates and patches. End-of-life components undergo secure retirement and disposal processes, including data sanitization and environmentally responsible methods. These rigorous processes ensure the reliability, security, and compliance of our services.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our vulnerability management process is proactive and dynamic. We continuously assess potential threats through regular vulnerability scans, penetration testing, and monitoring of security advisories from trusted sources such as AWS Security Bulletins, CVE databases, and industry-specific threat intelligence feeds. In the event of identified vulnerabilities, we prioritize and deploy patches swiftly, leveraging automated deployment pipelines and adherence to a predetermined patch management schedule. Our goal is to swiftly address vulnerabilities to maintain the security and integrity of our services while minimizing potential risks to our startup's operations and reputation.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Our protective monitoring processes are robust and proactive. We employ continuous monitoring tools to detect potential compromises, including abnormal traffic patterns, unauthorized access attempts, and suspicious behavior. When a potential compromise is identified, we respond promptly by investigating the incident, isolating affected systems if necessary, and implementing corrective measures to mitigate the impact. Our response to incidents is swift, with designated response teams mobilizing immediately to address the issue and restore normal operations. Our goal is to minimize downtime and data exposure while ensuring the security and availability of our services.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We have pre-defined incident management processes for common events, outlined in our incident response plan. Users report incidents through various channels, including a dedicated support portal and email. Upon receiving a report, our incident response team mobilizes immediately to assess the situation, mitigate the impact, and restore normal operations. We provide incident reports to users through our communication channels, detailing the nature of the incident, its impact, actions taken for resolution, and preventive measures implemented to avoid recurrence. Our transparent approach ensures users are informed and confident in our ability to manage incidents effectively.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Our G-Cloud service provision contributes to fighting climate change by prioritizing environmentally sustainable practices throughout our operations. We achieve this by leveraging energy-efficient infrastructure and promoting remote work options to reduce carbon emissions associated with commuting. Additionally, our cloud-based services enable organizations to optimize resource utilization, minimizing energy consumption and carbon footprint. Furthermore, we actively support initiatives such as carbon offset programs and renewable energy investments.

Pricing

• Price: £30,000 to £300,000 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hcuk.bidteam@hitachids.com. Tell them what format you need. It will help if you say what assistive technology you use.