EcoOnline

Chemical Manager

A leading cloud-based chemical management tool that gives control back to employees who manage chemical safety. Our COSHH Management and Risk Assessment software lets your employees easily create usable, relevant and compliant risk assessments that will help you in managing the risks associated with chemical usage.

Features

• COSHH Management: Making it easy to manage COSHH related risks
• Chemical Risk Mapping: Map out different hazard groups automatically
• COSHH Risk Assessment: Build compliant task based risk assessments
• Customised COSHH Assessments: Build your own COSHH assessment Template
• COSHH Assessment Builder: Step-by-step process in the creation of assessments

Benefits

• Deliver relevant, focused COSHH/chemical risk assessments to your staff
• Design a template specific to the needs of your organisation
• Full management of revision numbers and archiving of old assessments
• Log all updates to COSHH/chemical assessments by registered users
• Avail of pre-filled GHS classification information
• Instant access to information for your staff
• Users can download PDFs of COSHH/Chemical Assessments quickly
• Efficiently manage user read confirmation from one central location
• Calculate the degree of risk with mapping tools
• Ability to create complex risk matrices - 3x3, 5x5

£2,445 a unit a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@ecoonline.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

299259595165007

Contact

Bid Team
01926 844 200
bidteam@ecoonline.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Up to date internet browser
• System requirements:
  • Web browser (no special plug-ins required)
  • Internet access
  • Apple or Android phone (for the Mobile App)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We do not offer support SLAs as standard, allowing us to provide clients with lower pricing. We work to internal targets so that customers have comfort that these issues are important to us. Our typical internal process is as follows:; Support hours: Monday to Friday 9:00am to 5:30pm ; Priority 1 - Major Defect - Within two business hours. ; Priority 2 - Critical Defect - Within four business hours.; Priority 3 - Non-Critical Defect - Within twelve business hours. Priority 4 - Error - Within twenty-four business hours. Within twelve business hours. ; Priority 4 - Error - Within twenty-four business hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: "Access to help-desk support (UK based) Monday-Friday during core business hours. A dedicated Account Manager is provided.; ; Access to the above included in Licence Hosting & Help-desk Support Annual Fees; ; We do not offer support SLAs as standard, allowing us to provide clients with lower pricing. We work to internal targets so that customers have comfort that these issues are important to us. Our typical internal process is as follows:; Support hours: Monday to Friday 9:00am to 5:30pm ; Priority 1 - Major Defect - Within two business hours. ; Priority 2 - Critical Defect - Within four business hours.; Priority 3 - Non-Critical Defect - Within twelve business hours. Priority 4 - Error - Within twenty-four business hours. Within twelve business hours. ; Priority 4 - Error - Within twenty-four business hours."
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The EcoOnline professional services team will provide a full setup of the EcoOnline system which comprises of onsite visits (if appropriate) or online meetings to understand the businesses requirements and objectives, User Acceptance Tests (UATs) and product delivery/roll-out. Built-in online help and documentation is provided coupled with classroom based train the trainer sessions.
• Service documentation: No
• End-of-contract data extraction: Chemical Manager has a built-in export function to extract data. However when leaving a platform like EcoOnline, users usually require large volumes of data and some form of re-structuring which may require support, provided upon their instruction.
• End-of-contract process: Upon contract termination EcoOnline will act on the clients behalf to extract their data and structure in a format required. Depending on the amount of data and re-structuring will dictate the cost at our standard day rate. Additional costs may apply, dependent upon the level of support required.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The service is responsive and so will look different on some mobile browsers vs a desktop browser As well as being available on mobile browsers the service also has a dedicated mobile App available for Apple and Android devices
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Chemical Manager does not have open API’s as it is back-end solution consists of REST APIs that power the front-end. As it is within the umbrella of EcoOnline, our products have open API’s to help connect the relevant software if required.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: As a best-practice solution, huge considerations have been made to ensure that our software is as feature rich as it is easy to use. Customisable forms and workflows, as well as flexible data relationships make the software highly configurable. Configuration is managed partly by our professional services team, but in the main it is managed by the clients system administrator(s)

Scaling

• Independence of resources: EcoOnline monitors the compute resources, in real-time, and increases if needed.

Analytics

• Service usage metrics: Yes
• Metrics types: On request EcoOnline will provide the average and peak login concurrency on the system.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can either export data from the user interface or contact EcoOnline to make a complete export of the data. Additional charges may apply.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We do not offer SLAs as standard. We work to internal targets so that customers have comfort that these issues are important to us, but we believe that the majority of our customers prefer the lower pricing that our position on SLAs enables us to offer.; ; Our internal uptime SLA is 99.5%
• Approach to resilience: Detailed information available upon request. EcoOnline is hosted only in world-class datacentres holding appropriate internationally-recognised accreditation and certification for their operations, security and resiliency with applications running from multiple data centres with most component in an active/active configuration.
• Outage reporting: Nominated contacts are informed should there be a service outage.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Only named personnel have access to the management interface and given authority to communicate with the support channel.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 03/02/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We hold ISO/IEC 27001:2013 certification which was gained from a UKAS accredited certification body. It is the specification for an Information Security Management System (ISMS). ; The Company will: ; - Comply with all applicable laws, regulations and contractual obligations;; - Implement continual improvement initiatives, including risk assessment and treatment strategies, while making the best use of its management resources to meet and improve information security system’s requirements;; - Adopt an information security management system (ISMS) comprising of a security manual and procedures that provides direction and guidance on information security matters relating to employees, customers, suppliers and interested parties who come into contact with the Company’s work;; - Work closely with their Customers, Business Partners and Suppliers in seeking to establish Information Security Standards;; - Adopt a forward-looking view on future business decisions, including the continual review of risk evaluation criteria, which may have an impact on Information Security;; - Train all members of staff in their needs and responsibilities for Information Security Management;; - Constantly strive to meet, and when possible exceed, its customers and staff expectations.; - Communicate its Information Security objectives and its performance in achieving these objectives, throughout the Company and to interested parties.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: The organisation has policies and procedures in place pertaining to Annex A.12.1.2 Change management of ISO/IEC 27001:2013 and these are audited by our UKAS accredited certification body annually.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: The organisation has policies and procedures in place pertaining to Annex A.12.6.1 Management of technical vulnerabilities of ISO/IEC 27001:2013 and these are audited by our UKAS accredited certification body annually.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: The organisation has policies and procedures in place pertaining to Annex A.12.1.3 Capacity management of ISO/IEC 27001:2013 and these are audited by our UKAS accredited certification body annually.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: The organisation has policies and procedures in place pertaining to Annex A.16 Information security incident management of ISO/IEC 27001:2013 and these are audited by our UKAS accredited certification body annually.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  EcoOnline’s business impact opportunities are driven by our innovative solutions and how they can accelerate and improve our customers’ sustainability performance. Yearly, our reporting systems plays a crucial role in helping businesses conduct, track and manage millions of risk assessments and incidents. With the result that thousands of organizations can implement corrective actions, improve safety protocols, and create a safer working environment for their employees. ; ; Through our sustainability management software, our clients are able to reduce their carbon footprint with precise, auditable data, enabling informed decision-making. And stay ahead of emissions regulations, ensuring compliance from today into the future.; ; In addition, the chemicals safety tools and solutions play a vital role in combating climate change by enabling companies to reduce the use of hazardous chemicals, minimize emissions, and promote responsible chemical handling practices.; ; Furthermore, EcoOnline has put into place an internal carbon reduction programme, committing to science-based targets for carbon neutrality by 2050.; ; Using 2022 as our baseline, we aim to reduce emissions by 42% (scopes 1 and 2) and 25% (scope 3) by 2030. Annual progress reports and improved data accuracy will track our journey. Full information can be found at https://insights.ecoonline.com/global-reports/ecoonline-2022-esg-and-sustainability-report

  Equal opportunity

  Our goal in EcoOnline is to leverage diversity, so that we can enhance performance, increase innovation and creativity, and achieve our sustainability goals together.; ; At the end of 2022, EcoOnline had a total of 912 full-time equivalent (FTE) employees, with a count of male and female FTEs at 61% and 39%, respectively. The senior leadership team was composed of 75% men and 25% women, while the extended management group had a gender composition of 71% male and 29% female.; ; Nonetheless, we see that there is still room for improvement in terms of gender diversity. As a SaaS business operating in a global market, EcoOnline recognizes the challenges of recruiting women in traditionally male-dominated occupations, such as sales, product, and technology development. Throughout 2023 we will actively continue working towards gender equality within our business, striving to equalize the proportion of men-to-women in our workforce. We remain mindful of our desire to increase our diversity by hiring more women and underrepresented groups in the technology industry.; ; We have a zero-tolerance policy towards discrimination, and in 2022 we introduced an Equal Opportunity Policy committing to providing equal opportunities for all employees, workers, and job applicants, and to eliminating unlawful and unfair discrimination.

  Wellbeing

  EcoOnline prioritizes the holistic wellbeing of its contract workforce, emphasizing both physical and mental health through a range of initiatives, including wellness programs and employee assistance resources. Recognizing the pivotal role of employee development, the company invests in learning and growth opportunities to enhance job satisfaction, engagement, and career progression. This includes comprehensive training for managers to foster a culture of recognition and value among employees, supported by progress reviews and personal coaching.; ; In just three years, EcoOnline has achieved a remarkable milestone by doubling the representation of women in leadership positions, soaring from 22% in 2020 to an impressive 40% in 2023. This significant advancement underscores our commitment to fostering gender diversity and inclusion within our organization's leadership ranks.; ; At the core of EcoOnline's mission is the creation of a diverse, supportive, and fulfilling work environment that prioritizes employee wellbeing and engagement. This commitment extends to stakeholders, with efforts to integrate health and wellbeing considerations into operations and service delivery. The company also promotes equality, diversity, and inclusion within its workforce, fostering a culture of respect and belonging.

Pricing

• Price: £2,445 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@ecoonline.com. Tell them what format you need. It will help if you say what assistive technology you use.