T SUMNER SMITH LTD.

F0CUS Work and Asset Management System

F0CUS is a work and asset management platform. With F0CUS you can manage the whole order lifecycle from job receipt and planning to operations and commercial. Use F0CUS to increase efficiency on your contracts, streamline your processes and manage your data all on one platform.

Features

• Commercial management - estimates, variations, managing value, contractual compliance
• Operations management – track orders, understand workstack, allocate tasks
• Real-time reporting – dashboards, standard, bespoke reports
• Plan and schedule work - tasks, appointments, travel, orders, projects
• Manage supplier accounts including applications and payments
• Workforce management – capacity, availability, time, skills, qualifications
• Capture data on site – task completion, HSEQ forms, reporting
• Manage documents and images including geospatial information
• GIS mapping capabilities – add, view, search on map
• Integrate with client and supplier systems for seamless working

Benefits

• Simplify daily processes and increase productivity
• Real-time insights in user-friendly visual formats
• Leave messy spreadsheets behind, remove user error
• Trust in one version of the truth
• Gain total confidence to make solid business decisions
• Built-in routines handle everyday tasks
• Seamless, paperless link between site teams and office
• Access and record information via mobile
• Reduce error by eliminating multiple data sources

£50.00 a licence a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@tssinfrastructure.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

210498469166781

Contact

Nick Smith
03333114400
tenders@tssinfrastructure.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: F0CUS is a web-based service and does not require any specific hardware and there are no service constraints.
• System requirements: Must use modern web browser (e.g. Chromium based)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support requests are assigned a priority which is agreed with the person who logged it. ; ; Standard response times within working hours (08:30-17:00):; Priority 1 – Critical Business Impact – Target Response 5 minutes; Target Fix 1 hour; Priority 2 – Moderate Business Impact – Target Response 1 hour; Target Fix 4 hours; Priority 3 – Minimum Business Impact – Target Response 4 hours; Target Fix 7 hours.; ; Weekend response (08:30-17:00):; P1 – Target Response 2 hours, Target Fix 1 hour on next working day; P2 and P3 – Target Response next working day, Target Fix as above next working day.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We have a standard support agreement which is our “Terms and Conditions – Supply of Software as a Service” which we have provided within the Documents section.; ; Our subscription cost includes the support levels stated within our standard support agreement cost including: ; ; - A named account manager who will be the primary point of contract and will hold regular service review meetings with your team to discuss our how F0CUS is working for you, our performance and any upcoming changes in requirements or functionality.; ; - Automated, regular reports will include performance dashboards on our contractual key performance indicators and service level agreements. ; ; - F0CUS Service Desk provides support to users including responding queries, additional training and process requests. The Service Desk is staffed by fully trained, UK-based in-house F0CUS specialists, experienced in supporting users with a range of abilities from novice to expert and providing step-by-step support.; ; - Users can log support calls at any time via the Support Portal (available 24/7/365).; ; Our service levels are ISO27001 compliant and designed in accordance with ITIL principles.; ; On-site support, bespoke training and additional out of hours cover are available at additional cost, which is priced on a case by case basis.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide full user training to help them to start using our service, easing the transition to a new system and ensuring business continuity. Our in-house training team usually delivers F0CUS training during the mobilisation period to ensure all users are aware of the system’s capabilities and can perform their role using F0CUS from Day 1.; ; Our interactive training sessions are engaging, accessible and impactful and include: ; -Overview / tour of system ; -Training specific to role function ; -Invite questions and feedback . ; ; Training can be delivered online via Teams or onsite in person. ; We also provide early training for F0CUS Champion/s which embeds ‘super users’ who can support their teams. ; ; Intensive early-life support can be provided including physical or virtual ‘floor walkers’, support sessions via Teams and in-person support from our technical team at the client’s offices.; ; Training materials are useful reference points for users as they familiarise themselves with the F0CUS system. These are available 24/7 via our online support portal and include:; -User Guides – straightforward and written in plain English providing structured, well-presented instructions on using F0CUS; -Training PowerPoint slides and training session recording; -Operating Manuals – technical documentation with configuration details for client technical teams.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: At the end of the contract we would appoint a F0CUS developer to work on a full extraction of the customer’s database and associated media. We would provide: ; - A backup copy of the customer’s F0CUS instance, provided as either a .bak file or a .bacpac file. This can be hosted in our cloud solution and access provided. ; - Access to the customer’s document and image repository via https in line with best practice at the time of demobilisation.
• End-of-contract process: At the end of the contract there are a number of activities that are required to occur. These include: ; Close down; - Compile records of open activities and orders to either migrate these to incoming provider, or close out within F0CUS. ; - Review security arrangements for customer staff, de-allocating users if required to reduce security footprint during final stages of contract. ; - Review and arrange handover of any outstanding development roadmap items requested by customer. ; -Provide process charts and user manuals to new provider. ; ; Handover; Customer data from F0CUS can be provided to any incoming service provider on formal instruction from the customer to maintain commercial sensitivity of their data. Should the only requirement be provision of contract data, we would expect to complete a full handover of data within 10 business days of instruction – with no further charge to the customer. ; ; We would expect to be able to complete a full handover to an incoming provider within six weeks of instruction (subject to the incoming provider’s mobilisation plan). This would be charged at our standard day rates for any time spent over and above completing the objectives listed in close down and handover, above.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Users accessing the website via a mobile device will receive a responsive version of the application. There is also a companion mobile application designed specifically for field engineers which allows them to capture data on site using a simplified interface.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: We aim to ensure that every user who interacts with F0CUS has the best possible user experience. To do this we:; - Keep the design simple; - Design dynamic step-by-step workflows ; - Consider system performance in all screens; - Interact with our users; - Intuitive navigation; - Extensively test the system.; ; By following these principles we aim to ensure that the user experience in F0CUS is positive, and that users are not frustrated when using the system. We take great care in our design and work with users to provide the best possible interface for their requirements.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: All modern web browsers have accessibility extensions (the most common being JAWS) – because F0CUS is web-based and WCAG compliant these extensions and technologies work well with the major components of F0CUS. ; ; F0CUS is ‘theme-able’ which enables us to override the default theme for specific users, providing a high contrast theme where required. ; ; For public-facing web pages we adopt the single function approach to pages, removing pop ups and dynamic HTML which improves the ability of assistive technology. We also ensure that high contrast options are available to toggle in an obvious way.; ; We have a screen reader plug-in which we use with F0CUS to test the user interface for blind or visually impaired users.
• API: Yes
• What users can and can't do using the API: Our API is designed to enable third party applications to access the software programmatically. As such, the API is designed around replicating user interface functionality, and not system set up. Users can work with orders and assets, and can perform the majority of tasks that a user could through the web or mobile interface such as booking commercial value, planning work to a team, calling batch processes for orders, and applying for payment. In addition, our reporting API allows users to extract data in a rationalised form for use in their own systems. ; ; Our API methodology is based around the Azure Cloud and as such can be connected easily to systems such as SAP, SalesForce and Oracle, and additional technologies such as SQL Server, MySQL, and the Microsoft suite of automation tools like power automate and the Microsoft Graph.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: F0CUS is a tried and tested work and asset management solution which has delivered time and cost savings for our clients. Providing a tailored solution, its modular design enables configuration to your exact needs. The key modules include, but are not limited to: ; • Order management ; • Document management ; • Asset management ; • Planning ; • Reporting ; • Commercial management; ; For each F0CUS implementation we configure the system to meet our client’s needs. Customisable elements include:; • Choice of modules; • Configure workflows to meet contract requirements; • Bespoke dashboards and reports are available in addition to our extensive bank of standard report and dashboard formats.; • Integrations with existing systems.; ; F0CUS is configured by our technical team during mobilisation. Collaborating closely with stakeholders, we follow our three-stage mobilisation process:; 1. Analysis and fact-finding – map existing systems and processes, define ‘to be’ configuration and processes.; 2. Configuration and pre-roll out – we configure F0CUS to meet client requirements agreed during Stage 1, undertake extensive testing including User Acceptance Testing and provide full user training.; 3. Active and operate.

Scaling

• Independence of resources: Each client has their own F0CUS database. This ensures there is no loss of performance if another client’s usage model features resource-hungry queries or import operations.; ; F0CUS is run on an automatically scaling App Service in Microsoft Azure. Traffic is directed between instances of the application according to the utilisation of each instance. Should resource utilisation grow, either during peak hours or due to a large new implementation – then additional instances are added by Azure automatically.; ; Our databases use automatic index management functionality in Azure to provide a baseline which can be adjusted by our development team if needed.

Analytics

• Service usage metrics: Yes
• Metrics types: The system captures user usage and access details including which contract the user is working on, and which orders they have viewed. In addition, every transaction in F0CUS is time/date and user stamped. Our reporting allows us to drill into this information and produce logs not only of user access, but also the activity completed by the user and which orders / assets / records have been viewed or modified.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: F0CUS enables data from all modules to be combined into meaningful reports to drive better informed business decisions. ; ; All data captured via, or integrated into, F0CUS can be reported on ensuring consistency across business functions. Data is available through our reporting models and can be exported / imported to client reporting tools such as Power BI.; ; Generated reports can be presented as PDFs, Excel files, CSV, Crystal Reports and PowerBI. Mapping tools allow customers to import or link to GeoJSON files for map-based data.; ; Reporting, including real-time dashboards, can be automated and scheduled, driven by data, customer or security criteria.
• Data export formats: CSV
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • JSON
  • XML

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We measure and report on F0CUS’s availability via an uptime report which is available at any time and included in monthly service review reports. ; ; Our SLA for availability is:; System Uptime – Minimum standard 99.5% - Expected 99.99%; ; We operate a Service Credits mechanism whereby the client can be compensated for total system downtime for all users and non-compliance with support request Service Level Targets. Further details available on request. ; ; In the last 2 years, we have achieved 99.99% uptime and experienced 0 instances which have affected the continuity of service.
• Approach to resilience: Our F0CUS Resiliency White Paper is available on request.
• Outage reporting: We operate a public uptime dashboard (https://tss.f0cus.co.uk/status/index) that details outages and uptime. In addition, we receive email alerts if there are any outages plus a daily digest email of the previous day’s availability. Our backend services are continually monitored through an internal service dashboard.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to management interfaces and support channels is restricted to authorised personnel within our business. Access is restricted to known IP addresses, and multi-factor authentication is in place for users accessing these channels. Users with access are regularly reviewed and reported on. Within the management interfaces we operate a granular security approach with users provided a least-access profile to complete the tasks they are required to complete. New user access to the management interfaces must be approved at board level in addition to resource owner.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Citation ISO Certification
• ISO/IEC 27001 accreditation date: 08/09/2021
• What the ISO/IEC 27001 doesn’t cover: N/A. All our business activities are covered by our ISO 27001 certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Our Information Security Policy (ISP) forms the basis of our Information Security Management System (ISMS) and is assessed as part of our ISO27001 and Cyber Essentials accreditations. Its main objective is to ensure that the information processed (including storage) by T Sumner Smith Ltd (TSS) is protected against internal and external threats, both deliberate and accidental. The policy ensures that:; · Confidentiality of information will be assured.; · Integrity of information will be maintained.; · Availability of information for business processes will be maintained.; ; Our ISMS roles and responsibilities and reporting structure is:; • Board of Directors – ultimately responsible for ISMS.; • Information Security Manager – responsible for implementing ISP and investigating actual, potential or suspected breaches.; • Data Protection Officer – responsible for developing and implementing data security policies.; • Infrastructure Manager – responsible for providing secure tools and infrastructure to control IT security, and logging and auditing of security management.; • Information Asset Owners - responsible for determining the information security risks associated with owned assets and reporting them to the Information Security Manager for inclusion on the risk register.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All significant changes have an audit trail through requests and change logs. Changes are subject to our strict version control processes. These ensure that all changes, regardless of scope or impact are versioned and can be reverted at any time. All versions and changes are stored in our ‘Git’ repository in Microsoft Azure. We operate a strict procedure for managing versions and ‘checking in’ code changes.; ; Proposed changes are evaluated to assess feasibility, impact and risks. Evaluation considers factors including resource requirements, time constraints, dependencies, potential conflicts with existing functionalities and security implications. Security considerations are included within non-functional requirements.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We operate a number of vulnerability scanning solutions both provided by Microsoft through their cloud Defender platform, and also through external providers. We install all critical or high security updates as soon as we are notified of a vulnerability, and also review third party components in our code base for vulnerabilities and deprecation. As standard, we only operate software within the business that operates using automated patch management.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We operate a number of vulnerability scanning solutions both provided by Microsoft through their cloud Defender platform, and also through external providers. We install all critical or high security updates as soon as we are notified of a vulnerability, and also review third party components in our code base for vulnerabilities and deprecation.; ; We operate an incident management procedure for any incidents that arise, as part of our ISO27001 and GDPR toolkits. The procedure provides a clear route for reporting incidents and a framework of management responsibilities and actions for containment, mitigation and recovery.
• Incident management type: Supplier-defined controls
• Incident management approach: We operate an incident management procedure for any incidents that are raised as part of our ISO27001 and GDPR toolkits. The procedure includes pre-defined processes for a range of potential scenarios.; Users report incidents using the Ticket Centre within the F0CUS Support Portal. Tickets categorised as security incidents will be dealt with as a high priority by the F0CUS Security Team. ; ; The incident management procedure details a framework of management responsibilities and actions for containment, mitigation and recovery. Incident reports compiled upon resolution of the incident. Relevant stakeholders immediately notified of significant incidents and kept updated regarding resolution progress throughout.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  TSS is committed to minimising our carbon footprint and to tackling our impact on climate change. Our commitment is set out in our Carbon Policy. The implications of carbon emissions on climate change has been recognised as one of the most serious long-term threats to normal everyday life. We are aware of the risks that climate change poses to the business and the wider environment and will continue to develop and improve the accuracy and completeness of our carbon footprint.; ; We intend to be as transparent as possible and capture and record as many emissions as is possible with a view to taking action to gaining reductions wherever possible. To enable us to achieve this goal we will develop and deploy a strategic programme aimed at gaining year on year emission reductions.; ; Our reduction strategy involves investments in low carbon technologies and products and encourage employees to adapt their behaviours to reduce emissions associated with their daily work routines; and to adopt these behaviours within their family lives.; ; Examples of our carbon reduction initiatives include:; • Actively promote use public transport for commuting and work-related travel. ; • Recent office refurbishment includes showers and breakout areas to encourage fitness, exercise and active travel among staff. ; • Responsible sourcing of office consumables and equipment. ; • Provide office recycling facilities and encourage responsible use of resources and recycling. ; • Promote waste minimisation, recycling, sustainability and environmental protection initiatives in our contracts.

  Covid-19 recovery

  The Covid-19 pandemic forced all businesses to change the way they worked and to adapt to new social distancing and lockdown regulations. Being an agile SME focused on providing technological solutions to problems, we were able to react quickly and implement remote working for our workforce. ; ; The pandemic led to new ways of working and our team, clients and stakeholders now have the systems and processes to facilitate remote and home working. We take a proactive, structured approach to communication to ensure we work effectively and efficiently with our clients whether we are working in person or remotely. ; ; It has been parituclarly important to support our workforce during Covid-19 and during the recovery since the pandemic. Our line managers received training to help them support team members working remotely, with daily check-ins to ensure their wellbeing. We provide Mental Health in the Workplace training to our managers and staff to identify potential problems and support our team. We also have Mental Health Champions who have received specific training to provide peer support to their colleagues.; ; We are proud to have supported our clients during Covid-19. We have achieved this through adopting a proactive and flexible working approach. To operate safely and effectively in the event of a pandemic, we would implement proactive, flexible and remote working practices. This includes the use of F0CUS, providing remote access to a centralised system and ‘one version of the truth’, our Microsoft Teams conferencing suites and collaborative tools such as SharePoint.

  Tackling economic inequality

  We work hand-in-hand with our clients to deliver community benefits and social value, and tackle economic inequality through the work that we do together.; ; TSS volunteers time to attend digital training events and workshops at day-care centres for the elderly to increase digital inclusion (and therefore potentially increase social and financial inclusion). ; ; We recently updated our IT equipment, donating 20 laptops and associated hardware to Child Action North West (CANW). Our donation helped children in affected by digital poverty to continue their education and develop their skills to the same level as their peers. ; ; We work to break down barriers and creating access to work. To improve employment opportunities, TSS: ; • Supports under 18s and further education students. We attend further education events to provide careers advice. ; • Offers work experience for students or people over 50 looking to return to work or change career. ; • Provides apprenticeships and supports employees undertaking further education programmes and professional qualifications. ; • Provides training to upskill client teams to use our F0CUS system. Becoming proficient in using such a work management system is a transferrable skill which can have a positive career impact on client teams and stakeholders.

  Equal opportunity

  We provide a welcoming work environment for all, and we actively promote our equality agenda. TSS employs a diverse workforce with both similarities and differences among employees in terms of age, cultural background, physical abilities and disabilities, race, religion, gender, and sexual orientation. We also actively promote the employment of females and other underrepresented groups.; ; TSS actively supports older employees by providing semi-retirement opportunities rather than having to take full retirement. Measurable targets reported to the Board include monthly and weekly reporting cycles of key health, safety and wellbeing indices i.e. sickness absence by type and whether short/long-term; accident, incident and near miss reporting; staff turnover, utilisation and reasons for joining/leaving.

  Wellbeing

  We are committed to good employment practices, effective employee engagement and good and fair employment. We are accredited by Investors in People, a supporter of the Greater Manchester Good Employment Charter and we support the Woodland Trust. TSS staff attend activity days and we support the Woodland Trust through donations so that they can create, protect and restore wildlife-rich woods to benefit nature, climate and people now and in the future.; ; TSS is an accredited Living Wage Employer and we pay all our staff above the Real Living Wage. We buy local where possible, e.g., using a small, local catering company and a local cleaning contractor. 58% of our annual spend goes to local suppliers. We will continue our carbon reduction initiatives including paperless working, minimising waste, recycling, reducing travel through remote working and encouraging active travel.; ; Being an SME affords TSS the opportunity to build a family team culture and the wellbeing of our team is paramount in maintaining this. We work across the UK in many regulated business environments, client side, and for large tier 1 contractors. Our projects are often complex pieces of work or problematic situations which demand that our team are equipped and able to complete the tasks in hand.; ; • To ensure our teams are “match fit”, we minimise travel wherever possible which also aligns with our company Carbon Reduction Plan and Environmental Policies. ; • We embrace technology to improve the wellbeing of our team, for example using video conferencing to conduct meetings and measure hours worked via our cloud-based technology. ; • We provide Mental Health in the Workplace training to our managers and staff to identify potential problems and support our team. ; • We have Mental Health Champions who have received specific training to provide peer support to their colleagues.

Pricing

• Price: £50.00 a licence a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@tssinfrastructure.com. Tell them what format you need. It will help if you say what assistive technology you use.