MRI Software Limited

MRI Horizon

Horizon delivers a single source of the truth for all property and asset related information across all business units, streamlining processes and fostering communication. Horizon is a multi-language, multi-currency, web-based solution. Modules include General Ledger, AP, AR, IFRS16, Invoice Scanning, Cash Management, Service Charges, FM, Projects, Forecasting, & Transaction Management.

Features

• Property Management, Lease Management, Asset Management, Facilities Management, Document Management
• Wide-ranging configuration options that meet the most complex of needs
• Comprehensive Facilities Management functionality (IWMS, CAFM, FMS, CMMS)
• Workflow and Transaction Management functionality
• Diary alert functionality for key dates and events
• Business intelligence tools, graphical homehubs, dashboards and reports
• Security ISO 27001:2013 certified
• Intuitive web-based user interface and dedicated mobile apps
• Fully auditable change history
• Full IFRS 16 lease accounting functionality

Benefits

• Web-based solution accessed via a web-browser, supports mobile working
• Fully-configurable workflow and alerter functionality automates previously time-consuming tasks
• Specialised and powerful accounting functionality provides auditable financial reporting
• Single source of truth for asset information for all departments
• Extensive planning and forecasting capabilities supports risk mitigation
• Collect rents and pay landlords with greater visibility and auditability
• Reduce administration time spent on operating properties
• Effortlessly assign tasks with workflow functionality
• Supports cross department collaboration to streamline management of IFRS 16
• Identify the true cost of building occupation

£25,500 to £151,000 an instance a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@mrisoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

234608500376076

Contact

Claire Brown
020 3861 7100
tenders@mrisoftware.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: Planned maintenance is typically scheduled outside of regular business hours.
• System requirements:
  • Current Web Browser
  • Current Operating System
  • Office
  • Abode/PDF Reader

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: MRI’s Global Client Support group will make every reasonable effort to ensure that submitted cases are assigned the proper level of Severity. Submitted cases will be responded to in the order in which they are received, with consideration given for higher Severity levels. Response; Time is the time it takes before a Global Client Support agent makes initial contact with the individual who submitted case.; Bundled Service; (Normal Priority 6 Hours,; Serious Priority 3 hours,; Critical Priority Live Call Only); Concierge Standard; (Normal Priority 4 Hours,; Serious Priority 2 hours,; Critical Priority Live Call Only)
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We include support within our annual fee. Support includes a named Account Manager and a Client Support Helpdesk. The Client Support Helpdesk also serves as the contact for all cloud support requests for trained users. Cases and incidents can be recorded and viewed in the myMRI portal on a 24/7 basis. The myMRI Portal provides clients with information on support cases, regardless of whether a call is logged via a phone call or via the portal. Various information, documentation, forums and resources are also available on the portal.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our training program is designed to help you achieve the maximum return on investment. Our in-house team of professional trainers have extensive knowledge of our solutions. During the implementation phase we will train your core project team to have a strong understanding of the system. Your project team will learn how data is structured in Horizon, the available configuration options within the standard product and how the specific processes operate. This process involves reviewing your business processes as they are mapped to system functionality. It is your decision whether we deliver end user training or if you would prefer to adopt the ‘Train the Trainer’ approach. The implementation process will provide your core project team with a strong foundation to train co-workers. Our end user training services are delivered by our in-house team and tailored to suit your needs. We offer both classroom and webinar training. After commencement of live use of Horizon you will have access to our client portal for user guides, video clips, forums and helpdesk support.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: We can provide a full data extract via Oracle Data Pump Export (this can be made available weekly / at an agreed interval / at time of contract termination agreement) over SFTP (PGP / SSH).
• End-of-contract process: Following termination of the contract (for whatever reason), buyer shall certify that it has returned or destroyed all copies of the applicable software and confidential information of supplier and acknowledges that its rights to use the same are relinquished. Buyer shall use its commercially reasonable efforts to remove all buyer data from any software or SaaS service prior to termination of the contract. Buyer may engage supplier to assist buyer in removing such buyer data at supplier''s then standard rates. If any buyer data remains in the software or SaaS service more than thirty (30) calendar days after the effective date of termination, supplier may, in its sole discretion and without notice, delete any and all buyer data.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile apps are available for specific functional areas (e.g. Facilities Management). Lightweight interface is available allowing access to key functionality on a tablet (e.g. iPad) Full system functionality is available via supported browser on a desktop / laptop / tablet
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Data templates completed by the user and standard data load APIs are used to validate and upload data into Horizon as part of initial data take on. Horizon supports RESTful / SOAP Web Services and flat file exchange including CSV, Tab Separated and XML over SFTP (PGP / SSH) for interface exchange with 3rd party systems allowing insert / delete / update activity validated according to system processes. Specific interface requirements will be discussed and agreed with the user as part of the project implementation and associated configuration complete in partnership.
• API documentation: Yes
• API documentation formats:
  • HTML
  • ODF
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Horizon is highly-configurable, providing the flexibility to fit your unique business needs. The configuration options within Horizon can be controlled and managed your in-house team, with few exceptions. We will work together on the set-up of Horizon during the implementation phase to empower your team to make their own configuration changes. This System Administration training will give you all the tools and knowledge required to make changes, without the intervention or need to commission our employees, although we will be available to provide support, as needed.

Scaling

• Independence of resources: Horizon SaaS utilises VMware to provide clustered host resource pools (vCPU, RAM, Storage) and features including High Availability (HA) and Distributed Resource Scheduler (DRS) which ensure resources are available to support current and future growth of customer systems. Each customer has dedicated virtual images (Application and Database Server) with appropriate resource reservations (vCPU, RAM, Storage) according to user and business process needs.

Analytics

• Service usage metrics: Yes
• Metrics types: Customer defined Horizon System Administrators have the ability to run reports to view user metrics / usage (successful / unsuccessful login, session termination, data changes) through the standard user interface.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data returned within the Horizon screens can be exported to Excel / Word by users based on data filters / functionality secured by Horizon roles. Full data extract is available via Oracle Data Pump Export (this can be made available weekly / at an agreed interval) over SFTP (PGP / SSH).
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • SQL Server Integration Services (SSIS) supported formats
  • Tab delimited, XML, Web Services (Horizon SaaS or 3rd party)
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • SQL Server Integration Services (SSIS) supported formats
  • Tab delimited, XML, Web Services (Horizon SaaS or 3rd party)
  • Excel Data Templates

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We use commercially reasonable efforts to ensure availability twenty -four (24) hours a day, seven (7) days a week, except for: (a) planned downtime (of which we provide adequate notice and will schedule to the extent practicable during the weekend hours), or (b) any unavailability caused by circumstances beyond our reasonable control, including without limitation, Force Majeure events or internet service provider failures or delays. We host our solution in a UK-based Tier 3 data centre that is designed to deliver high availability.
• Approach to resilience: Available on request
• Outage reporting: Salesforce support desk is used to manage customer / support interaction for specific customer system issues. E-mail advisories are in place and used to alert multiple customers / contacts of unplanned outages.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Management interfaces and support channels are managed according to ISO 27001:2013 ISMS controls and processes including Access Control Policy, Roles and Responsibilities, Information Classification, Data Encryption, Clear Desk Policy, Equipment Security Policy and Third Party Security Policies. In summary, the least privilege required for a role principal is followed in all areas. Authorised customer contacts are held within our online help desk system and verified as part of support request processing.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: ISO / IEC 27001:2013 gained 19/06/2014, annual audits undertaken April thereafter
• What the ISO/IEC 27001 doesn’t cover: ISMS Scope statement “The Information Security Management System relating to the provision of the Horizon Software as a Service (SaaS) solution including the implementation, support and management of the Horizon solution installed within our virtual private cloud. This is in accordance with the Statement of Applicability version 1.3, dated April 2016.” Scope Details The scope of the ISMS applies to the implementation and support of the Horizon software solution (SaaS) installed in MRI's virtual private cloud. The scope boundaries also includes: -Private Cloud infrastructure management by the infrastructure team -Horizon architecture management by the solution architecture team -Horizon implementation services by the professional services team -Horizon support services by the support team -Horizon development services by the development team Exclusions -HR outside of Horizon Business unit, Sales, Marketing, Finance, Admin -All other offices, except the London King Street office
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO 27001:2013 certification

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Horizon SaaS Infrastructure is managed according to ISO 27001:2013 ISMS including technical platform patching (e.g. non-production testing, sign off), risk assessment and corrective action tracking. Horizon is developed according to Secure Coding Practice Guidelines utilising a Subversion repository allowing code changes to be tracked at line level. Executables are built from Subversion and subjected to separate Development, System Test and Release Testing cycles within dedicated non-customer environments. Releases to customer environments are authorised by the customer via a release notice and sign off test plan. An external Application / Penetration Test is undertaken annually against the latest Horizon Application build.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Horizon vulnerabilities are managed according to ISO 27001:2013 ISMS controls and processes which allow risks to be tracked throughout the risk life (identification, assessment and treatment). Quarterly Scheduled Maintenance is undertaken to ensure that the technical platform is routinely patched to the latest available security guidelines / patches. Short notice (2 hours) Essential Maintenance may be undertaken based on a risk assessment to ensure that critical vulnerabilities are addressed outside of Quarterly Scheduled Maintenance as required. 3rd party security forums and alert services (e.g. ISC) are subscribed to along with automatic security device signature updates.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Horizon vulnerabilities are managed according to ISO 27001:2013 ISMS controls and processes which allow risks to be tracked throughout the risk life (identification, assessment and treatment). Quarterly Scheduled Maintenance is undertaken to ensure that the technical platform is routinely patched to the latest available security guidelines / patches. Short notice (2 hours) Essential Maintenance may be undertaken based on a risk assessment to ensure that critical vulnerabilities are addressed outside of Quarterly Scheduled Maintenance as required. 3rd party security forums and alert services (e.g. ISC) are subscribed to along with automatic security device signature updates.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incidents are managed according to ISO 27001:2013 ISMS controls and processes which includes a defined "Security Incident Management Policy" including reporting mechanisms for both Information Technology and Physical Security incidents, incident logging, communication to internal and external parties, escalation, reporting, planning, implementation of preventative actions, securing / forensic evidence and continued improvement / incident review

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Tackling economic inequality:

  Tackling economic inequality

  Whilst not a certified living wage employer, our employees are all contracted and salaried fairly, in line with the Living Wage standards. We do not employ anyone on zero hours contracts and have a strong commitment to regularly review salaries in line with our appraisal process. We have a number of apprentices in the business who we are supporting to complete degree level qualifications, who all receive above the apprentice minimum wage.
• Equal opportunity:

  Equal opportunity

  We work hard to ensure our employees have a voice. We have various committees in place within our business, for example a Diversity, Equity and Inclusion committee, An Events Group which helps us to understand how employees are feeling about working at MRI and helping us drive forward inclusive events. We have also very recently launched our first ERG – employee resource group for Women and Allies. As a business with over 250 employees in the UK we are required to produce a Gender Pay Gap report. We very much welcome this initiative and our latest report will be available via our website from 4th April 2022. This report shows the impact we have on reducing our Gender Pay Gap and also highlights the many initiatives we have underway to further reduce our gap.
• Wellbeing:

  Wellbeing

  Work hard, play hard. From the day we opened our doors we set out to build flexible, game-changing solutions to make people's lives better. We do this by providing our clients with solutions which can enable them to provide better places to live, work and do business. The only way to carry out that mission is to hire the best employees and keep them. We are dedicated to creating a working environment which supports and develops our staff. Some of the benefits that we offer are: Gym reimbursements Medical assistance, including mental health tools Flexible working opportunities, including hybrid working Employee engagement is key to MRI's success and we hold quarterly spirit weeks to both connect and enthuse our teams globally. These weeks are themed and where staff are encouraged to learn about different topics or take part in activities that they might not typically have time for. These include fitness sessions, cooking sessions, engagement with families for those working from home or targeting one big event where we can globally feel like we are one team with the same goal. We also carry our bi-annual employee engagement surveys to ensure employees can express their views. With our most recent survey we had an 89% completion rate and we are currently creating actions to help us improve as a business as a result of our employee feedback.

Pricing

• Price: £25,500 to £151,000 an instance a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@mrisoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.