PIMSS Data Systems Ltd

PIMSS Compliance

PIMSS Compliance manages regulatory compliance across the ‘Big Six’ areas. It includes key workflows in each area, a visual dashboard of compliance and auditable remedial work tracking, providing 100% confidence properties are safe for all.

Fully integrated with PIMSS Asset Management maintaining the Golden Thread of accurate data.


  • Executive Summary dashboard with real time Compliance monitoring/reporting
  • Big Six Statutory Compliance workflows with automated email alerts
  • Non-Statutory Inspection regime workflows e.g. tree inspections, gutter cleaning programmes
  • Links team members ensuring inspections are done by qualified staff
  • Customisable workflows & flexible form designer
  • Full mobile App including off-line working providing real-time updates
  • PDF Reader to update Compliance from Contractor/ Third Party documents
  • Barcode / QR coding for asset tagging
  • Third Party system integration including with PIMSS Asset Management
  • Mapping functionality showing RAG status of properties


  • Shows real time compliance for each Big Six area
  • Central monitoring of your compliance in one place for convenience
  • Regulation compliant workflows across risk areas, giving peace of mind
  • Reduces risk, inefficiency and cost compared to spreadsheet based models
  • Effective management and tracking of your remedial works and recommendations
  • Visual reports with drill-through capability for ease of use
  • Greater data confidence due to the Golden Thread between systems
  • Workflow automation saves time/money and speeds up remedial processes
  • Intuitive design with Mobile data capture for convenience & efficiency
  • Designed by Asset Management Compliance experts for Asset Compliance users


£10,000 a licence a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pimssinfo@pimss.com. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

2 3 0 1 4 9 4 7 3 0 5 6 7 8 6


PIMSS Data Systems Ltd Alex Hardy
Telephone: 0800 121 8767
Email: pimssinfo@pimss.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
PIMSS Asset Management
Cloud deployment model
Private cloud
Service constraints
System requirements

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our response times are in line with our Service Level Agreement
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
We provide support and assistance in line with our Service Level Agreement. When a ticket is raised by a user a Client Impact Score is assigned to the ticket.

Client Impact Score Response Time Target Fix Time
1. Cannot use the System at all Within 1 hour 1 working day
2. Cannot use Parts of the System Within 1 hour 4 working days
3. Something is not working Within 1 hour Next scheduled release
4. Require help Within 1 hour Referral to training material / online user guides / FAQ's

Technical support and product maintenance are provided as part of the annual SaaS fee.

Helpdesk - 5 days per week 8.30am to 5pm for access by PIMSS Trained Users. (Excluding weekends & Bank Holidays)
Support available to third parties

Onboarding and offboarding

Getting started
Our approach to onboarding uses the best practice PRINCE2 methodology.

We frequently deliver complex implementations to tight deadlines and have been very successful in helping clients “achieve the impossible”.

To ensure we “make it work” for you, we don’t just Onboard and forget. We believe in working in close partnership with you to an Ongoing Plan, helping get the very best out of your investment in our products and services.
Service documentation
Documentation formats
End-of-contract data extraction
PDSL can provide full data extracts for clients who no longer wish to use the system at the end of the subscription period on request via our support team.
End-of-contract process
All data extracts will be provided at an additional cost at the end of the contract, where the client is unable to successfully extract the data themselves.

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The display of the application may adapt to the orientation and resolution of mobile devices.
Service interface
User support accessibility
None or don’t know
Description of service interface
The interface is for importing data to the service.
Accessibility standards
None or don’t know
Description of accessibility
The service interface is accessible through the application.
Accessibility testing
Customisation available
Description of customisation
Access levels. Custom fields. User defined data. Custom search queries and data modification. Configurable dashboard layouts.


Independence of resources
The service is provisioned as a shared service which can automatically adjust its compute resources based on demand to ensure consistent performance during low and peak periods. The service is regularly monitored for performance with any adjustments made where necessary..


Service usage metrics


Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
All reports can also be exported to Excel, pdf, Word and other formats. Where graphical summaries are shown on the screen, these will be exported. Where a data table report or a drill-through detail level is showing, this is the data that will be exported. Compliance Event data can be exported directly from PIMSS Compliance.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • PNG
  • JPEG
  • PDF
  • SVG
  • XLS
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • XLS
  • PDF
  • MS Word
  • JPEG
  • PNG
  • SVG

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Our Servers are hosted on Microsoft Azure, our availability mirrors that provided by Microsoft Azure. Organizations get a 95 percent service-level agreement (SLA) assurance of uptime for VMs with Azure Availability Zones, according to Microsoft's Azure.
Approach to resilience
High availability: Maintaining acceptable continuous performance despite temporary failures in services, hardware, datacentres, or fluctuations in load. Disaster recovery: Protection against loss of an entire region through asynchronous replication for failover of virtual machines. Backup: Replication of virtual machines and data.
Outage reporting
Scheduled maintenance is notified to customers with a minimum of 3 working days notice. The system is continually monitored with automated alerts for service degradation or outage notified to our service desk.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Role based security, via security groups
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
No audit information available
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Available on request
Information security policies and processes
The PIMSS system complies with the Cyber Essentials Security Scheme which is certified and acreddited by the IASME consortium We have and clearly defined policies, processes and procedures for compliance with GDPR data protection laws which are implemented by our internal management and reporting structures.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Changes to technical infrastructure are automatically auditted through Microsoft Azure. Changes to applications and services are tracked through our software development process. Service configuration is planned through our project management and delivery process, with changes documented and previous configurations backed up.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Antivirus and malware detection software is installed on the service with automated monitoring and alerting on the service. The software and components of the application are monitored for vulnerabilities and regularly updated. Technical infrastructure is also monitored and receives automated patches and updates.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Microsoft Azure employs service instrumentation and monitoring providing visibility when a service disruption is occurring and pinpointing its cause.
Incident management type
Supplier-defined controls
Incident management approach
We follow an established Microsoft process to facilitate a coordinated response to incidents. Identification: Notification through our customer support channel or automatic identification of system incidents are gathered and analyzed. Containment: Evaluate the scope and impact of an incident. Eradication: Eradicate any damage caused by the incident, identify the root cause for why the issue occurred. Recovery: During recovery, software or configuration updates are applied to the system and services are returned to a full working capacity. Lessons Learned: Each security incident is analyzed to protect against future reoccurrence.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks

Social Value

Fighting climate change

Fighting climate change

Net Zero Cloud Hosting.

We use Microsoft Azure for hosting all PIMSS cloud products.

Microsoft Azure has been 100% Carbon Neutral since 2012 and is aiming to be Carbon Negative by 2030. This means Microsoft remove as much carbon as they emit, either by carbon removal (carbon offsetting) or by reducing carbon emissions.

Internal IT – Transitioning to Net Zero Cloud Hosting.

As part of our Carbon Reduction initiative, we are transitioning all our internal servers, data storage and backup facilities to Microsoft Azure. This will be completed by the end of 2022.

Hybrid Remote Working – No Commuting.

We operate a hybrid remote working model across our business, saving the carbon cost of commuting and heating and cooling our offices.

Training and Meetings Delivered Remotely via Video Call.

Where possible, all client, external and internal meetings and training are held via Teams. We actively encourage clients to use Teams for meetings and have dramatically reduced our level of business travel. We have no company cars.

PIMSS Software Helps Our Clients With Decarbonisation.

The UK housing sector has been set a significant Decarbonisation task across the 5 million properties under management. Our products and services help with this initiative:

PIMSS Energy-: 

RdSAP calculations-

Generation of Energy Performance Certificates (EPCs)-

Displays current and potential indicators-

Energy efficiency ratings -

Environmental impact ratings -

Energy use -

CO2 emissions-

Improvement recommendations to reach EPC band C and above-

Automatic update of Energy Performance Reports (EPRs) so when improvements are made the new EPR is calculated automatically .

PIMSS Asset Management and Wrap-Around Services-

Helps plan and manage the cost of Decarbonisation.

Agility mobile App eliminates the environmental/carbon cost associated with paper-based surveying tools.

Additional Decarbonisation reports.


£10,000 a licence a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pimssinfo@pimss.com. Tell them what format you need. It will help if you say what assistive technology you use.