EcoOnline

EcoEHS

A market leading cloud-based EHS Management solution allowing customers to build deeper understanding of operational and EHS risks, streamlining processes and workflows and improving collaboration and time inefficiencies in one solution. With powerful real-time custom dashboards, reporting and insights EcoOnline EHS lets customers can monitor all health & safety activities.

Features

• Data Visualisation: Drill down into the data with visual reports
• Analytics: Establish patterns, underlying root causes and lagging indicators
• Mobile Enabled: Report events as soon as they happen
• Language Support: Wherever your incident occurs, record and translate easily
• Automatic Notifications: Notify and escalate incidents based on severity
• Detailed Reporting: Generate in-depth incident reports
• Action Tracking: Schedule actions for users and track completion
• Customisable Templates: Use our templates or create your own
• Best-Practice: Gather the what, why, when and how of incidents
• Consistent: Standardise your approach to incident investigations

Benefits

• Easily report incidents and accidents on any device
• Decrease time between an incident occurring and closing an investigation
• Manage and track all stages of the incident reporting process
• View real-time performance summaries to query all incident data instantly
• Track your leading and lagging indicators
• Pre-configured to help your organisation meet RIDDOR/OSHA requirements
• Protect sensitive data pertaining to incidents
• Report and escalate to the appropriate authority level
• Assign actions instantly based on required corrective measures
• Establish patterns and underlying root causes

£3,000 a unit a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@ecoonline.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

267521710656049

Contact

Bid Team
01926 844 200
bidteam@ecoonline.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Up to date internet browser and internet connection required.
• System requirements:
  • Web browser (no special plug-ins required)
  • Internet access
  • Apple or Android phone (for the Mobile App)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We do not offer support SLAs as standard, allowing us to provide clients with lower pricing. We work to internal targets so that customers have comfort that these issues are important to us. Our typical internal process is as follows:; Support hours: Monday to Friday 9:00am to 5:30pm ; Priority 1 - Major Defect - Within two business hours. ; Priority 2 - Critical Defect - Within four business hours.; Priority 3 - Non-Critical Defect - Within twelve business hours. Priority 4 - Error - Within twenty-four business hours. Within twelve business hours. ; Priority 4 - Error - Within twenty-four business hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: "Access to help-desk support (UK based) Monday-Friday during core business hours. A dedicated Account Manager is provided.; ; Access to the above included in Licence Hosting & Help-desk Support Annual Fees; ; We do not offer support SLAs as standard, allowing us to provide clients with lower pricing. We work to internal targets so that customers have comfort that these issues are important to us. Our typical internal process is as follows:; Support hours: Monday to Friday 9:00am to 5:30pm ; Priority 1 - Major Defect - Within two business hours. ; Priority 2 - Critical Defect - Within four business hours.; Priority 3 - Non-Critical Defect - Within twelve business hours. Priority 4 - Error - Within twenty-four business hours. Within twelve business hours. ; Priority 4 - Error - Within twenty-four business hours."
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The EcoOnline professional services team will provide a full setup of the EcoOnline system which comprises of onsite visits (if appropriate) or online meetings to understand the businesses requirements and objectives, User Acceptance Tests (UATs) and product delivery/roll-out. Built-in online help and documentation is provided coupled with classroom based train the trainer sessions.
• Service documentation: No
• End-of-contract data extraction: EcoEHS has a built-in export function to extract data. However when leaving a platform like EcoOnline, users usually require large volumes of data and some form of re-structuring which may require support, provided upon their instruction.
• End-of-contract process: Upon contract termination EcoOnline will act on the clients behalf to extract their data and structure in a format required. Depending on the amount of data and re-structuring will dictate the cost at our standard day rate. Additional costs may apply, dependent upon the level of support required.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The service is responsive and so will look different on some mobile browsers vs a desktop browser As well as being available on mobile browsers the service also has a dedicated mobile App available for Apple and Android devices
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: We have APIs or can offer direct access to a replica of our DataWarehouse which is a Microsoft SQL Server instance.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: As a best-practice solution, huge considerations have been made to ensure that our software is as feature rich as it is easy to use. Customisable forms and workflows, as well as flexible data relationships make the software highly configurable. Configuration is managed partly by our professional services team, but in the main it is managed by the clients system administrator(s)

Scaling

• Independence of resources: EcoOnline monitors the compute resources, in real-time, and increases if needed.

Analytics

• Service usage metrics: Yes
• Metrics types: On request EcoOnline will provide the average and peak login concurrency on the system.; ; Clients also have access to a service monitor page that displays the current system status.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can either export data from the user interface or contact EcoOnline to make a complete export of the data. Additional charges may apply.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We do not offer SLAs as standard. We work to internal targets so that customers have comfort that these issues are important to us, but we believe that the majority of our customers prefer the lower pricing that our position on SLAs enables us to offer.; ; Our internal uptime SLA is 99.5%
• Approach to resilience: Detailed information available upon request. EcoOnline is hosted only in world-class datacentres holding appropriate internationally-recognised accreditation and certification for their operations, security and resiliency with applications running from multiple data centres with most component in an active/active configuration.
• Outage reporting: Nominated contacts are informed should there be a service outage. Clients also have access to a service monitor page that displays the current system status. ; .

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Only named personnel have access to the management interface and given authority to communicate with the support channel.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 03/02/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We hold ISO/IEC 27001:2013 certification which was gained from a UKAS accredited certification body. It is the specification for an Information Security Management System (ISMS).; The Company will:; - Comply with all applicable laws, regulations and contractual obligations;; - Implement continual improvement initiatives, including risk assessment and treatment strategies, while making the best use of its management resources to meet and improve information security system’s requirements;; - Adopt an information security management system (ISMS) comprising of a security manual and procedures that provides direction and guidance on information security matters relating to employees, customers, suppliers and interested parties who come into contact with the Company’s work;; - Work closely with their Customers, Business Partners and Suppliers in seeking to establish Information Security Standards;; - Adopt a forward-looking view on future business decisions, including the continual review of risk evaluation criteria, which may have an impact on Information Security;; - Train all members of staff in their needs and responsibilities for Information Security Management;; - Constantly strive to meet, and when possible exceed, its customers and staff expectations.; - Communicate its Information Security objectives and its performance in achieving these objectives, throughout the Company and to interested parties.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: The organisation has policies and procedures in place pertaining to Annex A.12.1.2 Change management of ISO/IEC 27001:2013 and these are audited by our UKAS accredited certification body annually
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: The organisation has policies and procedures in place pertaining to Annex A.12.6.1 Management of technical vulnerabilities of ISO/IEC 27001:2013 and these are audited by our UKAS accredited certification body annually.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: The organisation has policies and procedures in place pertaining to Annex A.12.1.3 Capacity management of ISO/IEC 27001:2013 and these are audited by our UKAS accredited certification body annually.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: The organisation has policies and procedures in place pertaining to Annex A.16 Information security incident management of ISO/IEC 27001:2013 and these are audited by our UKAS accredited certification body annually.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  EcoOnline’s business impact opportunities are driven by our innovative solutions and how they can accelerate and improve our customers’ sustainability performance. Yearly, our reporting systems plays a crucial role in helping businesses conduct, track and manage millions of risk assessments and incidents. With the result that thousands of organizations can implement corrective actions, improve safety protocols, and create a safer working environment for their employees. ; ; Through our sustainability management software, our clients are able to reduce their carbon footprint with precise, auditable data, enabling informed decision-making. And stay ahead of emissions regulations, ensuring compliance from today into the future.; ; In addition, the chemicals safety tools and solutions play a vital role in combating climate change by enabling companies to reduce the use of hazardous chemicals, minimize emissions, and promote responsible chemical handling practices.; ; Furthermore, EcoOnline has put into place an internal carbon reduction programme, committing to science-based targets for carbon neutrality by 2050.; ; Using 2022 as our baseline, we aim to reduce emissions by 42% (scopes 1 and 2) and 25% (scope 3) by 2030. Annual progress reports and improved data accuracy will track our journey. Full information can be found at https://insights.ecoonline.com/global-reports/ecoonline-2022-esg-and-sustainability-report

  Tackling economic inequality

  To address economic inequality, EcoOnline implements various mechanisms aimed at ensuring fair wages across all the markets in which we operate. We are committed to upholding a minimum wage standard that exceeds local requirements, thereby promoting economic stability and equity within our workforce. By providing competitive compensation packages and adhering to stringent wage standards, we aim to mitigate economic disparities and foster a more inclusive workplace environment. Additionally, we actively engage in initiatives and partnerships that support economic empowerment and upliftment, contributing to broader efforts to combat economic inequality on both local and global scales.

  Equal opportunity

  Our goal in EcoOnline is to leverage diversity, so that we can enhance performance, increase innovation and creativity, and achieve our sustainability goals together. ; Over the past year, EcoOnline has witnessed a remarkable stride towards gender equality and inclusivity within our workforce. In 2022, women represented 39% of our total full-time equivalent (FTE) employees, but by the end of 2023, this figure increased to an impressive 42%, marking a significant step towards narrowing the gender gap. Notably, within our extended management group, the representation of women also saw a notable uptick, climbing from 29% in 2022 to 40% in 2023. These positive developments underscore our commitment to fostering a diverse and equitable workplace culture, where everyone has equal opportunities to thrive and contribute to our shared success.; ; Nonetheless, we see that there is still room for improvement in terms of gender diversity. As a SaaS business operating in a global market, EcoOnline recognizes the challenges of recruiting women in traditionally male-dominated occupations, such as sales, product, and technology development. Throughout 2024 we will actively continue working towards gender equality within our business, striving to equalize the proportion of men-to-women in our workforce. We remain mindful of our desire to increase our diversity by hiring more women and underrepresented groups in the technology industry.; ; We have a zero-tolerance policy towards discrimination, we have an Equal Opportunity Policy committing to providing equal opportunities for all employees, workers, and job applicants, and to eliminating unlawful and unfair discrimination

  Wellbeing

  EcoOnline prioritizes the holistic wellbeing of its contract workforce, emphasizing both physical and mental health through a range of initiatives, including wellness programs and employee assistance resources. Recognizing the pivotal role of employee development, the company invests in learning and growth opportunities to enhance job satisfaction, engagement, and career progression. This includes comprehensive training for managers to foster a culture of recognition and value among employees, supported by progress reviews and personal coaching. ; ​​​; We offer a wide range of support globally which included​ within our MS Teams Channel: Wellbeing Hub​; ; ​Locally, our Health & Wellbeing leads share regular communication to promote local benefits, events and information quarterly. ; ; At the core of EcoOnline's mission is the creation of a diverse, supportive, and fulfilling work environment that prioritizes employee wellbeing and engagement. This commitment extends to stakeholders, with efforts to integrate health and wellbeing considerations into operations and service delivery. The company also promotes equality, diversity, and inclusion within its workforce, fostering a culture of respect and belonging.

Pricing

• Price: £3,000 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@ecoonline.com. Tell them what format you need. It will help if you say what assistive technology you use.