Ostara Systems Ltd

Ostara CAFM Maintenance and Asset Management System

The Ostara CAFM system supports organisations management of their maintenance activities from self-service options through to sub-contractor management and invoice management. Ostara is a full asset management solution, providing access via a web portal or native mobile applications.

Features

• Helpdesk and Work Order Management
• Supply Chain Management
• Asset Management
• Finance Management (Budgets and Costs)
• Mobile Application
• Real-Time Reporting
• Auditing
• PPM and Compliance Management
• Contractor and Client Portals
• Fully Hosted and Supported

Benefits

• Transparency of maintenance activities and spend
• Quick access to data and analytics via hundreds of reports
• Automation of processes realising cost and efficiency savings
• A company whose product evolves on a quarterly basis
• Increased control and confidence due to full auditability
• Generate cost savings by only paying for what you get
• Cost control through bespoke authorisation processes
• Reduced administration relating to site compliance
• Intuitive interface for end users

£25 a licence a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at neil.harrison@ostarasystems.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

309665283693477

Contact

Neil Harrison
07967051039
neil.harrison@ostarasystems.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Main CAFM Application is Microsoft Windows based.
• System requirements: Microsoft Windows 10 version 1903 or above

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Normal tickets are responded to Monday to Friday between 09:00 and 17:00 with a 24 hour response time. Tickets submitted on a weekend are responded to on the next working day. However, critical requests are responded to within 4 hours, 24*7*365.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Minor: ; Primary Response - 5 Working Days ; Target Resolution - 10 Working Days ; Permanent Resolution - Future Release; ; Serious:; Primary Response - 8 Working Hours; Target Resolution - 1 Working Day ; Permanent Resolution - 5 Working Days; ; Critical:; Primary Response - 3 Working Hours ; Target Resolution - 8 Working Hours; Permanent Resolution - 1 Working Day; ; All support is provided as standard with no additional cost, this includes a technical account manager.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We provide a combination of "Classroom" based training with key users (central teams, administrators, etc) along with online training either via screen sharing services or via the use of pre recorded video demonstrations to cover off all types of training requirement. There are detailed user documentation and user guides available from within the system too.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: We provide outputs in easy readable format, e.g. CSV / XLSX of all key data such as sites, resources, work orders, certification.
• End-of-contract process: Everything previously identified is included in the price.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile access is for end users, engineers and mobile workers. Desktop access is for central users/administrators.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: This service remains extensibly as the existing, but with assistive technology support.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Use of tools like Dragon Naturally Speaking, Jaws and Magnifier.
• API: Yes
• What users can and can't do using the API: The API is primarily targeted at Contractors using the CAFM system to reduce double entry in their own internal systems. It can send them work order data, as well as notes, eta updates and certificates.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The Client can use a significant number of settings, system configuration changes and permissions to customise the system. This can be done via the desktop application.

Scaling

• Independence of resources: Each client has their own instance of the Ostara System, so there is no database contention and load balancing is in place on our servers to ensure that any high volume requests do not affect other users.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: The reporting module contains many reports, allowing clients to export the totality of the data within their system. Which includes a simple export of data to XLSX or PDF files.; Within the portal, operational lists can be exported to CSV, and any list within the desktop can be exported using a right-click "Copy to Clipboard" function to paste into Excel.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • PNG
  • XLSX
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: The target Availability level for each calendar month is 99.50%. ; ; If, in any calendar month, the Availability of the Services is below this target level, then the Customer will be entitled to Service Credits calculated in accordance with the following table. The Supplier must deduct any Service Credits due to the Customer from the next invoice issued to the Customer under this Agreement (or, in the event that there is to be no further invoice under this Agreement, the Supplier must pay an ; amount equal to the Service Credits to the Customer within 30 days after the end of the relevant calendar month).; ; The below service credits applicable if the availability levels are not achieved within a given calendar month:; Between 99.00% and 90% - 10%; Between 90% and 75% - 25%; ; The service credit is calculated as follows:; % service credit multiplied by the Annual Hosting and Support fee divided by 12
• Approach to resilience: The structure of our datacentre setup can be made available to paying clients on request.
• Outage reporting: We utilise email alerts and monthly reporting to advise clients of outages and durations.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: All users have profiles which determine the level of access and allow View/Edit/Add permissions of all data in the system.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: IMSM
• ISO/IEC 27001 accreditation date: 17/06/2021
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We are ISO27001 certified, and carry out regular management review meetings which include the review of audits and any relevant reports. We are externally audited once a year for our ISO27001 accreditation.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: As part of our ISO27001 we carry out a risk assessment which is reviewed with any substantive changes to process and/or equipment.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We carry out real-time penetration testing for any new vulnerabilities that have been discovered, and a monthly test for all currently-known vulnerabilities. ; ; We deploy patches as soon as practicable following detailed testing. ; ; Potential threats are provided to us by the third party supplier who carries out our regular penetration testing.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We do not currently carry out protective monitoring, however our hosting environment protects against DDoS attacks and we continue to review risk with a view to adding a layer of protective monitoring if deemed necessary.
• Incident management type: Supplier-defined controls
• Incident management approach: We have an incident management process as part of our ISO 27001 which can be made available if required.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Equal opportunity:

  Equal opportunity

  Ostara Systems Ltd offers equal opportunity to all, regardless of race, colour, nationality, ethnic origin, sex, marriage, disability or age. All applicants and employees will be treated equally in respect of recruitment, promotion, training, pay and other employment policies ; and conditions. Reasonable adjustments will be made to accommodate those with special needs. Under no circumstances will discrimination against any individual or group be tolerated by the Ostara Systems Management Team.; The CEO of Ostara Systems Ltd is ultimately responsible for the adherence of Ostara Systems Ltd to this policy, and will constantly review this policy to ensure that it is applied universally. Ostara Systems Ltd are conscious of our responsibility to society and the local community in particular. Management must apply all Ostara Systems Ltd policies fully and diligently to ensure that high standards are maintained in all aspects of our operation. ; Ostara Systems Ltd are an Equal Opportunity Employer. All management who are responsible for recruiting, training and promoting personnel must base their decision on qualifications, skill, experience, presentation, health and personality, and, in cases of promotion, on job performance and potential. Individual merit must be the criterion for selection whether it is for recruitment or promotion.; All employees are required to accept this policy and behave toward each other in an adult and responsible manner. Any kind of harassment, as well as being unacceptable and intolerable to Ostara Systems Ltd Management, is regarded as unlawful discrimination and such behaviour by employees in the work place or in direct connection with a person’s ; employment will result in appropriate disciplinary action being taken. The Management Team is always ready to offer confidential counselling and can be approached at any time, whether or not a formal complaint is made.

Pricing

• Price: £25 a licence a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at neil.harrison@ostarasystems.com. Tell them what format you need. It will help if you say what assistive technology you use.