JML Software Solutions Limited

Chronicle Occupational and Operational Tracking Solution

Allows organisations to manage capacity and capability against defined skills sets in highly regulated environments. Captures occupational and operational competency against a role, whilst also facilitating capture of a wide variety of management activity associated with operational events. Supports strategic threat & risk assessment and ensuring capability meets demand.


  • Central management & overview of operational data
  • Instant overview of appropriately accredited staff (including future & historical)
  • Informs strategic threat & risk assessment process
  • Provides capability vs demand profiles
  • Fully searchable management information reports
  • Digital media can be associated with operational reports
  • Informs investment in training activity/equipment
  • Accurate real-time reports
  • Fully configurable system


  • Ensures compliance with organisational policies and external regulations
  • Right skills, in right place, at right time
  • Management information instantaneously exportable in Word or Excel formats.
  • Ensures capacity & capability matches demand
  • Opportunity for financial savings
  • Protection of investment in Training and Assets
  • Single source of truth, protects the organisation and employees
  • Assurance against external scrutiny
  • Reduces chance of accreditation lapses through timely training planning


£2.30 to £4.17 a user a month

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

3 2 6 5 6 1 3 9 8 5 8 8 2 9 8


JML Software Solutions Limited Diane Finn
Telephone: 03302233258

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Chronicle offerings can be combined into a Single Instance and extended to meet a variety of business needs.
Cloud deployment model
Hybrid cloud
Service constraints
If required - Door Access Control requires a physical device to be installed to call the cloud hosted web service. Deployments are planned and communicated a month in advance and will include planned system downtime.
System requirements
  • Windows 8 or above
  • Windows 8 or above PC for door access control

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response within 60 minutes, Monday – Friday excluding Bank Holidays 8am – 4.30pm
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Standard Support
Cost is included in monthly per user amount.
Access to Phone and Email Support with responses in less than an hour to all enquiries.
Email & Phone Working Days, Business Hours
Scheduled deployments during working hours.

Other support options possible on request.
Support available to third parties

Onboarding and offboarding

Getting started
Chronicle provides comprehensive on boarding services which can be applied against a small number of departmental users or an organisation as a whole. The on boarding process enables the end user to collate the required information from multiple sources into a single excel sheet. The collated information is then imported to Chronicle to enable a single view of the data obtained from multiple sources, enabling advantage to be taken of Chronicle in a matter of a few days. Support from a Services Manager is provided throughout this process, ensuring that appropriate data is captured and subsequently imported to Chronicle with minimal disruption to the end user.
Training can be provided on-site or via video link and JML provides user guides, quick reference guides and training videos through the Support Portal on our website.
Service documentation
Documentation formats
End-of-contract data extraction
Database can be exported and imported into any appropriate system which conforms to the same standard and can support the audit trail provided by Chronicle.
End-of-contract process
All customer data and configuration is extracted and delivered by secure medium to a single nominated location.
On receipt of the extracted data, the Chronicle database is cleared and erased using industry standard tools. Confirmation of data and configuration erasure is provided to the end user.
Finally the virtual hardware utilised is destroyed with source files erased.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
Application to install
Compatible operating systems
Designed for use on mobile devices
Differences between the mobile and desktop service
As long as user is able to access the environment - including over a secure network then they will be able to access Chronicle.
Service interface
User support accessibility
None or don’t know
What users can and can't do using the API
Chronicle provides inbound and outbound APIs, which enable the import of user data from third party systems, such as HR applications, along with the export of user and skill-based data to third party systems such as Duties, HR or Learning Management.
The inbound API is configurable by users via a configuration file where users define which fields the API will expect to be transferred to Chronicle from the external third-party system. There are Mandatory fields required by the API, along with optional fields that the user can choose from. Users can also “map” fields within the configuration to enable the API to transpose data within the interface, to cater for data descriptions differing in the third-party system and Chronicle.
The outbound API enables the user to configure formatted exports of officer and skills-based data for all, or selected Chronicle modules. The data can be output at a configurable schedule, or on an ad-hoc basis. The end user can manipulate the data to produce output in any format, such as CSV, XML, JSON etc. as required by the third-party system accepting the data. Multiple, differently formatted data exports can be created by the API at the same time.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
Users with the right level of permission can define organisational role profiles for skill accreditation and compliance.


Independence of resources
Resource separation is done via VMWare Hypervisor to ensure that resources are dedicated for each instance. Additional resources are provisioned to ensure that each instance significantly exceeds the requirements for a Chronicle deployment.


Service usage metrics
Metrics types
Login Volume,
Bandwidth and Machine Usage,
Up-Time over a Time Period.
Reporting types
Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Web Front End provides functionality to export a breakdown of information.
Data export formats
  • CSV
  • Other
Other data export formats
  • Rtf
  • Xls
Data import formats
  • CSV
  • Other
Other data import formats
  • Rtf
  • Xls

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
JML provides Standard Service Level Agreement as standard with uptime of no more than 2 hours of unavailability between 9am and 5:30pm on Working Days.

For every full 90 minutes of additional downtime above this a Service Credit equal to 1% of the annual amount, up to a maximum of 7% in any given month will be provided.

JML are happy to explore alternative service levels on a customer by customer basis.
Approach to resilience
Full details available on request.

Data is replicated across physical sites and each Datacentre has built in redundancy of n+1 in Cooling, Power Generation and Hardware.
Outage reporting
The solution includes automatic up time monitoring and Email alerts are sent in the event of an outage.

Identity and authentication

User authentication needed
User authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels
The Chronicle Control Panel provides an interface to the configuration and management of the Chronicle application. The Control Panel is restricted to authorised users and controlled by user ID and password.
Access restriction testing frequency
At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
British Assessment Bureau
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications
Any other security certifications
Police Approved Secure Facility (PASF)

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
We have a Senior Information Controller (SIC) who has overall responsibility for Information Security. Reporting to the SIC is an Information Security Manager (ISM), who is responsible for setting and monitoring adherence to Policy. Information Security Officers report to the ISM and are responsible for the day to day implementation of the Policy, its recording and monitoring.
Our processes are aligned to our Statement of Applicability for both ISO 9001 and 27001

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We have an ISO 27001 compliant Change and Configuration Management Policy which covers changes made to Software and Systems.
Security impact is quantified in line with this policy.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Environment is patched within 14 days of "Critical or High" patch releases.
Threats are assessed based on a Common Vulnerability Scoring System (CVSS).
Potential threats are taken from a Common Vulnerabilities and Exposures list.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
24/7 Monitoring on boundary (including DDoS protection).
Incident management type
Supplier-defined controls
Incident management approach
Incidents are raised directly with our support via email or phone. They are then classified and follow our ITIL process.
The reporter is given regular status updates and the SLA against each item is tracked.
Critical or Major incidents a root cause analysis and remedial action plan will be provided to the reporter.
Incidents are not made public.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)

Social Value

Fighting climate change

Fighting climate change

Below are some of the measures we take as an SME to ensure we and our supply chain reduce our environmental impact as much as possible.

Reduced staff days in the office: Staff are now only required to come into the office 2 days a week as opposed to 5 pre-pandemic. This has resulted in a monthly saving of 6,696 car miles with all the carbon emission savings that this brings.
The reduced use of our office space has meant that as a company, we have used far less energy in heating and lighting which contributes towards our climate change fight.

Office Space: Our office space is owned by the Parks Trust and was deliberately chosen due to the reinvestment of our charges by the Parks Trust in improving, maintaining and finding Green spaces and woodlands in our local communities which contribute to the carbon capture process.

Use of Technologies for staff and client training: As staff are only required to be in the office for two days a week, JML has embraced the use of online technologies such as MS Teams.
These technologies have also been adopted by our Client Services team for customer training and customer meetings saving many thousands of car miles for our client service personnel.

Supply Chain: Our secure cabinet products are entirely created in a single workshop and shipped directly to our customers in order to save transit emissions which multiple production points would incur.

Our Products: Our products assist our clients in going paperless through the use of technologies such as RFID for armoury auditing.


£2.30 to £4.17 a user a month
Discount for educational organisations
Free trial available
Description of free trial
One month - subject to secure connection setup which may require investment.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.