QUANTACO LTD

Quantaco

Empowering owners, occupiers, and consultants, to make strategic and technical decisions to achieve Net Zero at scale with confidence, through investment grade rapid cleantech investment analysis. Quantaco provides: a)technical, b)financial and c)regulatory insights to accelerate retrofit projects delivery, achieve Net Zero faster and deliver substantial financial savings.

Features

• Comprehensive NetZero pathway modelling and multiple retrofit options analysis
• Smart optimisation of retrofit investments by building across portfolios
• Reporting tailored to senior executives to expedite decision making
• Deep analysis of six clean technologies, more in development
• Scope 3 embodied and environmental impacts of products assessed
• Database of thousands of commercially available technologies procurement compliant solutions
• Cost effective solution, reducing barriers to NetZero and expediting results
• Project tracking aligned with asset lifecycle replacement plans
• Measurement and verification of carbon and financial savings
• Portfolio and building level compliance with regulatory and voluntary standards

Benefits

• Accelerated retrofit solutions analysis, faster investment compared to traditional methods
• Quicker realisation of NetZero targets, lower operational and utility costs
• Procurement compliant vendor agnostic solutions ensures best fit by property
• Scalable across building typologies, ages and conditions
• Risk management to ensure resilient and future-proofed estate
• Deeper, and holistic portfolio level view, enabling strategic decision making
• Accelerates c-suite decision making through technical financial and regulatory insights
• Combinatorial analysis of millions of tech combinations, optimises investments
• Reliable results validated through university collaborations
• Transparent technology permutation analysis

£1,100 to £2,000 a unit a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at aneysha@quantaco.ai. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

230159861716396

Contact

Aneysha Minocha
07747047403
aneysha@quantaco.ai

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: NONE
• System requirements: The only requirement is an up to date browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 2 hours weekdays 9am to 5pm; Within 24 hours at weekends and bank holidays
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: One level of support. 8 hours five days a week. 0900 to 1700 Mon to Fri. Excluding bank holidays.; ; See "Availability" for service level agreements
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Will be providing online training videos, and user documentation
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: All data supplied by the customer will be returned in the same format as it was provided.; ; All results files will be exported and provided in CSV format within agreed timelines.
• End-of-contract process: 1. Data extraction as previously described. Included in price; ; 2. Pro rata refund based on remaining subscription excluding notice period.; ; 3. Additional costs if any customer would like any enhanced services during demobilisation. Priced on request.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile service for onboarding and accessing dashboards. Desktop service allows the user to upload energy data and invoices.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Ability to set up organisational details, multiple building onboarding, building technical information, and uploading energy data and invoices.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: None
• API: No
• Customisation available: No

Scaling

• Independence of resources: Scalable architecture in a multi-cloud solution, with elastic compute resources ensures services are not affected at any time.

Analytics

• Service usage metrics: Yes
• Metrics types: 1. Uptime report; ; 2. Login reports and usage reports provided.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: On request data is exported by Quantaco and provided in CSV format.; ; Clients can export their dashboard results in PDF format, self service functionality.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Pdf
  • Excel
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • PDF
  • Excel
  • Bmp
  • Jpeg
  • Png
  • API

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Service Level Agreement (SLA):; - Up time 99%; - Acknowledge 30 mins; - Time to response 2 hours; - Time to resolution dependent on priority; - P1 - Critical - No access to systems - 1 working day; - P2 - High - Key features not functioning - 3 working days; - P3 - Routine - Bugs - 10 working days; - P4 - Feature Request. Non contractual No SLA; ; Refunds based on the Uptime metric. Quantaco will refund 1% for every full percentage point that availability drops below 99%.
• Approach to resilience: We use Azure Managed Services, with Fail Over and Back-ups configured as part of the Service Agreement. This comes with 99.9% Uptime and Availability, with n+2 resilience.
• Outage reporting: Email alerts provided

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: Of the 3 key roles within our organisation that have the highest technical responsibilities (CEO, CTO and Senior Data Scientist), only 2 members are provided access to any resource at Admin level to restrict access in management interfaces. This includes frontend, backend architecture, databases, support, API management.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We have:; 1. Azure application monitoring with detailed logs in user access logins and authorisation.; 2. All users are 2-Factor Authenticated for every login instance, in the front end and the backend system.; 3. We have limitations and restrictions on number of Administrator roles/acces provisions.; 4. Encyrpted and Secure (OAuth2.0) APIs and Microsoft Entra encryptions in place.
• Information security policies and processes: 1. CEO and CTO are responsible for ensuring the team complies with the Security policy at all times.; 2. 100% of the team has been trained on Data Protection.; 3. Reporting, escalation and logging processes in place for all issues and incidents.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We use Agile Project management framework with a shared Kanban board. This tracks every feature, issue, bugs and results of all Testing in one place through their lifetime. This is reviewed every morning with the full development team.; Security impacts are assessed through best practice knowledge and rigorous internal testing, followed by customer testing.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: 1. Regular review of security posture, and critical bugs within languages and Azure platform.; 2. Issues patched according to priority. (Criticality and impact).; 3. From Python foundation bug tracker and from Microsoft's bug reporting.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: 1. Penetration testing and regular audit of non-approved traffic requests to internal functions.; 2. Validation and whitelisting of IP addresses and approved emails for front end access.; 3. Checking geographical domains for suspect logins.; 4. Respond by issuing ticket and prioritising by criticality and resolutions are as per our incident response and resolution process.
• Incident management type: Supplier-defined controls
• Incident management approach: 1. Yes we have defined processes and a system for capturing issues, where issues are prioritised according to client impact and security and escalated to CTO and CEO when required and in accordance with the established process. Issues are tracked and resolved in accordance with our resolution processes.; 2. Email for incident reporting followed by phone enquiries if required.; 3. Incident reports will be circulated via email to clients nominated recipients.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Reducing the carbon emitted by buildings through breaking down barriers to the installation and retrofit of clean technology at pace. Our solution specifically provides value aligned with the following UN Sustainable Development Goals:; 1. Goal 7 - Affordable and Clean Energy; 2. Goal 9 - Industry, Innovation and Infrastructure; 3. Goal 11 - Sustainable cities and communities; 4. Goal 12 - Responsible consumption and production; 5. Goal 13 - Climate action; ; Our service provides additionality for all of the above in the following ways:; 1. Accelerating decarbonisation of existing buildings b providing holistic, rapid and granular assessments that are investment grade to drive retrofit projects at scale - compared to the current process of retrofitting 1 building and 1 project at a time,; 2. Scope 3 emissions and life cycle environmental impacts are a fundamental part of each assessment - enabling customers to make product choices that encompass Scope 3 impacts along with operational Net Zero impacts.; 3. Our platform is focused on Renewable generation, decarbonisation of Heat and decarbonisation of Transport for each building.; 4. Quantaco brings thousands of TRL 7-9, commercially available products and assess the impact of each one for each building rapidly ensuring that climate and technology innovation is at the forefront of each choice the customer makes.

Pricing

• Price: £1,100 to £2,000 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at aneysha@quantaco.ai. Tell them what format you need. It will help if you say what assistive technology you use.