PIMSS Data Systems Ltd

PIMSS Compliance

PIMSS Compliance manages regulatory compliance across the ‘Big Six’ areas. It includes key workflows in each area, a visual dashboard of compliance and auditable remedial work tracking, providing 100% confidence properties are safe for all.

Fully integrated with PIMSS Asset Management maintaining the Golden Thread of accurate data.

Features

• Executive Summary dashboard with real time Compliance monitoring/reporting
• Big Six Statutory Compliance workflows with automated email alerts
• Non-Statutory Inspection regime workflows e.g. tree inspections, gutter cleaning programmes
• Links team members ensuring inspections are done by qualified staff
• Customisable workflows & flexible form designer
• Full mobile App including off-line working providing real-time updates
• PDF Reader to update Compliance from Contractor/ Third Party documents
• Barcode / QR coding for asset tagging
• Third Party system integration including with PIMSS Asset Management
• Mapping functionality showing RAG status of properties

Benefits

• Shows real time compliance for each Big Six area
• Central monitoring of your compliance in one place for convenience
• Regulation compliant workflows across risk areas, giving peace of mind
• Reduces risk, inefficiency and cost compared to spreadsheet based models
• Effective management and tracking of your remedial works and recommendations
• Visual reports with drill-through capability for ease of use
• Greater data confidence due to the Golden Thread between systems
• Workflow automation saves time/money and speeds up remedial processes
• Intuitive design with Mobile data capture for convenience & efficiency
• Designed by Asset Management Compliance experts for Asset Compliance users

£10,000 a licence a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pimssinfo@pimss.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

230149473056786

Contact

Alex Hardy
0800 121 8767
pimssinfo@pimss.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: PIMSS Asset Management
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our response times are in line with our Service Level Agreement
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide support and assistance in line with our Service Level Agreement. When a ticket is raised by a user a Client Impact Score is assigned to the ticket. ; ; Client Impact Score Response Time Target Fix Time ; 1. Cannot use the System at all Within 1 hour 1 working day; 2. Cannot use Parts of the System Within 1 hour 4 working days; 3. Something is not working Within 1 hour Next scheduled release; 4. Require help Within 1 hour Referral to training material / online user guides / FAQ's; ; Technical support and product maintenance are provided as part of the annual SaaS fee.; ; Helpdesk - 5 days per week 8.30am to 5pm for access by PIMSS Trained Users. (Excluding weekends & Bank Holidays)
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Our approach to onboarding uses the best practice PRINCE2 methodology. ; ; We frequently deliver complex implementations to tight deadlines and have been very successful in helping clients “achieve the impossible”. ; ; To ensure we “make it work” for you, we don’t just Onboard and forget. We believe in working in close partnership with you to an Ongoing Plan, helping get the very best out of your investment in our products and services.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: PDSL can provide full data extracts for clients who no longer wish to use the system at the end of the subscription period on request via our support team.
• End-of-contract process: All data extracts will be provided at an additional cost at the end of the contract, where the client is unable to successfully extract the data themselves.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The display of the application may adapt to the orientation and resolution of mobile devices.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The interface is for importing data to the service.
• Accessibility standards: None or don’t know
• Description of accessibility: The service interface is accessible through the application.
• Accessibility testing: None
• API: No
• Customisation available: Yes
• Description of customisation: Access levels. Custom fields. User defined data. Custom search queries and data modification. Configurable dashboard layouts.

Scaling

• Independence of resources: The service is provisioned as a shared service which can automatically adjust its compute resources based on demand to ensure consistent performance during low and peak periods. The service is regularly monitored for performance with any adjustments made where necessary..

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: All reports can also be exported to Excel, pdf, Word and other formats. Where graphical summaries are shown on the screen, these will be exported. Where a data table report or a drill-through detail level is showing, this is the data that will be exported. Compliance Event data can be exported directly from PIMSS Compliance.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • PNG
  • JPEG
  • PDF
  • SVG
  • XLS
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • XLS
  • PDF
  • MS Word
  • JPEG
  • PNG
  • SVG

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Our Servers are hosted on Microsoft Azure, our availability mirrors that provided by Microsoft Azure. Organizations get a 95 percent service-level agreement (SLA) assurance of uptime for VMs with Azure Availability Zones, according to Microsoft's Azure.
• Approach to resilience: High availability: Maintaining acceptable continuous performance despite temporary failures in services, hardware, datacentres, or fluctuations in load. Disaster recovery: Protection against loss of an entire region through asynchronous replication for failover of virtual machines. Backup: Replication of virtual machines and data.
• Outage reporting: Scheduled maintenance is notified to customers with a minimum of 3 working days notice. The system is continually monitored with automated alerts for service degradation or outage notified to our service desk.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Role based security, via security groups
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Available on request
• Information security policies and processes: The PIMSS system complies with the Cyber Essentials Security Scheme which is certified and acreddited by the IASME consortium We have and clearly defined policies, processes and procedures for compliance with GDPR data protection laws which are implemented by our internal management and reporting structures.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Changes to technical infrastructure are automatically auditted through Microsoft Azure. Changes to applications and services are tracked through our software development process. Service configuration is planned through our project management and delivery process, with changes documented and previous configurations backed up.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Antivirus and malware detection software is installed on the service with automated monitoring and alerting on the service. The software and components of the application are monitored for vulnerabilities and regularly updated. Technical infrastructure is also monitored and receives automated patches and updates.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Microsoft Azure employs service instrumentation and monitoring providing visibility when a service disruption is occurring and pinpointing its cause.
• Incident management type: Supplier-defined controls
• Incident management approach: We follow an established Microsoft process to facilitate a coordinated response to incidents. Identification: Notification through our customer support channel or automatic identification of system incidents are gathered and analyzed. Containment: Evaluate the scope and impact of an incident. Eradication: Eradicate any damage caused by the incident, identify the root cause for why the issue occurred. Recovery: During recovery, software or configuration updates are applied to the system and services are returned to a full working capacity. Lessons Learned: Each security incident is analyzed to protect against future reoccurrence.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Net Zero Cloud Hosting. ; ; We use Microsoft Azure for hosting all PIMSS cloud products. ; ; Microsoft Azure has been 100% Carbon Neutral since 2012 and is aiming to be Carbon Negative by 2030. This means Microsoft remove as much carbon as they emit, either by carbon removal (carbon offsetting) or by reducing carbon emissions. ; ; Internal IT – Transitioning to Net Zero Cloud Hosting.; ; As part of our Carbon Reduction initiative, we are transitioning all our internal servers, data storage and backup facilities to Microsoft Azure. This will be completed by the end of 2022. ; ; Hybrid Remote Working – No Commuting. ; ; We operate a hybrid remote working model across our business, saving the carbon cost of commuting and heating and cooling our offices. ; ; Training and Meetings Delivered Remotely via Video Call.; ; Where possible, all client, external and internal meetings and training are held via Teams. We actively encourage clients to use Teams for meetings and have dramatically reduced our level of business travel. We have no company cars. ; ; PIMSS Software Helps Our Clients With Decarbonisation. ; ; The UK housing sector has been set a significant Decarbonisation task across the 5 million properties under management. Our products and services help with this initiative: ; ; PIMSS Energy-: ; ; RdSAP calculations-; ; Generation of Energy Performance Certificates (EPCs)-; ; Displays current and potential indicators-; ; Energy efficiency ratings -; ; Environmental impact ratings -; ; Energy use -; ; CO2 emissions-; ; Improvement recommendations to reach EPC band C and above-; ; Automatic update of Energy Performance Reports (EPRs) so when improvements are made the new EPR is calculated automatically .; ; PIMSS Asset Management and Wrap-Around Services-; ; Helps plan and manage the cost of Decarbonisation.; ; Agility mobile App eliminates the environmental/carbon cost associated with paper-based surveying tools. ; ; Additional Decarbonisation reports.

Pricing

• Price: £10,000 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pimssinfo@pimss.com. Tell them what format you need. It will help if you say what assistive technology you use.