TETRA CONSULTING LIMITED

PRISM

PRISM is a property risk management software that provides complete compliance visibility accompanied by the ability to track and manage all tasks, events and actions relating to the management of a property portfolio.

Features

• Web-based solution accessible from anywhere 24/7
• Enterprise platform and open API
• Fully bespoke with customer branding as standard
• Customisable easy-to-use graphical front-end dashboard
• Unlimited user access, licenced by property
• Fully configurable settings to match clients’ hierarchy and structures
• Easy-to-use document storage, track against tasks, actions, suppliers, property
• Comprehensive real time analytics and reporting
• Diary view of planned/outstanding tasks across single or multiple properties
• Regular software upgrades as part of annual property licence fee

Benefits

• Reduced risk
• Increased efficiency
• Shares best practice
• Ensures consistency
• Reduction in non-compliance and hazards
• Automated workflow
• Instant access and control across all compliance/statutory safety requirements
• Collects compliance data in one place
• Greater visibility of safety information and ability to detect trends
• Management reports provide better information resulting in better decisions

£1,420.00 a unit a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids@tetraconsulting.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

208296587247967

Contact

Debs Rider, Bid Manager
020 8875 2516
bids@tetraconsulting.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: None currently known
• System requirements:
  • There are no system requirements
  • PRISM works on any web connection with a modern browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Same day response within UK business hours. There is no support outside of UK business hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: We don’t have specific support levels. Support is provided as part of the ongoing usage licence by dedicated PRISM support staff.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide comprehensive training and product setup for all users. PRISM has a published user guide available in PDF format.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Data is provided to users via a download link.
• End-of-contract process: We provide clients with all of their images (relating to actions) and all of their documents, together with a guide explaining the related folder structure.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile App includes forms – desktop version does not have forms.; Mobile App has screen ratios suitable for mobile devices.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: All major functionality within PRISM can be done via our API. Users can decide to use a read-only or read and update version of our API. Our API is clearly documented on a Swagger API website. Example code is available on our Swagger API website. Users can start on a trial server (staging) and when they are satisfied with their results, can migrate to the production server. Our API can be real-time or schedule synching, dependent on user preference.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: PRISM runs on an Amazon Web Services (AWS) elastic server, which will automatically scale on server load.

Analytics

• Service usage metrics: Yes
• Metrics types: High-level reporting only, showing most recent log in and what tasks and actions require completion by individuals.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Not applicable – users don’t export their data.
• Data export formats: CSV
• Data import formats: Other
• Other data import formats:
  • Users cannot import their data
  • Data is imported by our PRISM administrators using CSV format

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: PRISM operates via a private cloud service; there is no connection between the buyer’s network and our network.
• Data protection within supplier network: Other
• Other protection within supplier network: PRISM operates via a private cloud service hosted on a third-party hosting environment in the UK. Tetra chose to partner with AWS as its datacentre hosting partner; AWS complies with:; - SOC 1/ISAE 3402, SOC 2, SOC 3; - FISMA, DIACAP, and FedRAMP; - PCI DSS Level 1; - ISO 9001, ISO 27001, ISO 27018

Availability and resilience

• Guaranteed availability: PRISM is available 24/7, 365 days a year, and can be accessed from anywhere with an internet connection using PC, laptop or mobile device. AWS offers 99.99% uptime, with no outages experienced to date.
• Approach to resilience: Available on request.
• Outage reporting: Monitoring of all servers takes place 24/7. Responsibility remains with our development team, who are informed of any issues via an automated messaging system.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Access is restricted via username and password.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: It is Tetra’s policy to ensure that information is protected from a loss of:; ; • Confidentiality – information is accessible only to authorised individuals; • Integrity – accuracy and completeness of information is maintained; • Availability – information is accessible to authorised users and processes when required; ; All data processing and information collection is conducted in strict compliance with UK legislation, notably the Data Protection Act and General Data Protection Regulation (GDPR).; ; The Information Security Policy and its supporting controls, processes and procedures apply to all information used at Tetra and all individuals with access to Tetra’s information and technologies.
• Information security policies and processes: Tetra has in place an Information Security Policy that sits alongside its Acceptable Use Policy and Data Protection Policy. It is aligned to the Cyber Essentials and Cyber Essentials Plus Schemes and follows the guidelines of the ISO 27001 Code of Practice for Information Security Management.; ; Tetra complies with the requirements of the Cyber Essentials and Cyber Essentials Plus Schemes. The Company has been assessed and certified previously as meeting the Cyber Essentials and Cyber Essentials Plus implementation profiles, with its ICT defences assessed as satisfactory against commodity based cyber-attack. It is currently undergoing recertification but maintains the related standards.; ; Tetra ensures that management and staff have an appropriate level of awareness, knowledge and skill to allow them to minimise the occurrence and severity of information security incidents and has established responsibility and accountability for information security within the organisation.; ; Tetra’s Directors are ultimately responsible for ensuring that adherence to the Information Security Policy is observed and for overseeing compliance by users under their direction, control, or supervision. Each User is responsible for their own actions and must ensure all actions relating to using Tetra’s network and IT Services adheres to the principles and requirements of the policy.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: These processes are managed by our PRISM Project Manager together with our software development team.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Potential threats are managed via regular penetration tests with related reaction being implemented as immediately as possible.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We have Splunk monitoring our services and, where necessary, we automatically and immediately activate an IP block. During a previous penetration test, we achieved a successful lockout within three seconds of the attempt.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We have a comprehensive logbook of incidents that is managed by our Associate Director of Technology.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  In terms of delivering actual Social Value, Tetra has focussed on providing employment opportunities to individuals who live in close, or reasonable commuting proximity, to specific contract areas. Tetra employs several people locally, particularly office-based staff; however, with the nature of our activities and the geography within which we operate, finding key personnel holding the appropriate qualifications and experience is paramount. Tetra prides itself on an extremely good staff retention rate and so does not have the need to recruit on a very regular basis; this usually occurs in line with company growth. In terms of apprenticeships/trainees and/or offering opportunities to the unemployed, Tetra is very open-minded.; ; Tetra seeks to create an environment which attracts and retains employees of the highest calibre and in which employees will feel valued for their contribution to the company’s performance; in order to achieve this, Tetra will:; ; • Provide a safe working environment for its employees and ensure that employees fully understand their own responsibility with regard to health and safety matters; • Provide a framework, including any necessary training, which will assist employees to develop their capability to their full potential; • Provide its employees, where appropriate, with the opportunity to engage in activities that will benefit the industry; • Offer employment opportunities in a fair and equal manner regardless of race, colour, gender, sexual orientation or religious beliefs; • Implement and observe codes of conduct which are designed to protect employees from harassment or discrimination in any form and provide equality of opportunity; ; Tetra is also a signatory of the Armed Forces Covenant, pledging support for the Armed Forces Community. Support for the Armed Forces is at the heart of Tetra. We actively recruit ex Armed Forces personnel, and are proud that over 15% of our employees are ex Armed Forces.

Pricing

• Price: £1,420.00 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids@tetraconsulting.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.