Cority Safety Cloud
Make Workplace Safety Management Simple.
Cority’s Safety Essentials solutions package is purpose-built to offer the tools you need to manage your most critical EHS workflows with confidence all with a lower total cost of ownership. Our solution is designed for rapid deployment offering a faster time-to-value
Features
- The most secure health & safety management platform
- Standardize processes to report, investigate and learn from incidents
- Automate recurring inspection tasks and follow-up actions
- Drive workforce engagement in safety with a mobile interface
- Easily track metrics and uncover key insights
- Automated scheduling, alerts and escalation workflows
- Purpose-built package reduces time needed to deploy
- Out-of-the-box reports, data visualizations and analytics
- Best-in-class EHS software solutions that can expand
Benefits
- Highest levels of data security, give peace of mind
- Encourage worker engagement with reporting of incidents and near-misses
- Reduce safety incidents
- Foster safety culture through sharing of data an analytics
- Reduce non-compliance costs
- Meet legal obligation
- Automated RIDDOR reporting save time and ensure compliance
Pricing
£20,000 an instance a year
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
3 4 3 2 3 7 7 3 0 7 5 5 7 0 5
Contact
Cority Software Inc
Stacey Hertzman
Telephone: +44 7837 292282
Email: stacey.hertzman@cority.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- No service constraints except those mentioned in the HSA (Hosted Software Agreement)
- System requirements
-
- Any Operating system accessed via recent standard Web Browsers like
- Google Chrome
- Apple Safari
- Mozilla Firefox
- Microsoft Edge
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- See our Maintenance and Support Guide that shows our Service Level Targets based on priority.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- Standard support is included in our licence fee for all customers. We do not have any unique support levels provided at differentcosts.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Customer software is configured during an implementation project. During the project orientation training will beprovided to the client project team for solution setup, including navigation,workflows, demographic data, organizational structure and settings to supportthe Client's team understanding of the Essentials package. User accounts will be set up for the system users during the project. General system context sensitive help is available via the in application help tools. During the project the client team will be responsible to create Client specific guides or tipsheets.
- Service documentation
- Yes
- Documentation formats
- HTML
- End-of-contract data extraction
- The first option at no cost is for the Client to extract their data via reports. The second and third options include either a backup of the full database or an extract of data files for an additional cost. Clients can opt to have documents extracted in their native format at an additional cost.
- End-of-contract process
- Client will notify in writing to Cority that they would like to terminate the contract. Cority and Client will then agree to the method for data extraction
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
-
Cority's mobile solution, myCority is an enhanced, mobile-responsive app thatworks as an extension of our SaaS solution. Users can open the app and log
in using virtually any device to securely view, capture and submit informationand drive real-time decision making. myCority also delivers a leading offlinecapability to enable your employees to fully complete their assignedtasks/actions and upload the captured information when back online. All ofthis enables our clients to experience the flexibility of a truly mobile solutionwithout the complexity and costs of managing multiple point solutions ormultiple versions of native mobile apps. - Service interface
- Yes
- User support accessibility
- None or don’t know
- Description of service interface
- The Cority solution has a Browser based User Interface that was developedusing common HTML/JavaScript/Ajax technologies, and is compatible with recent common browsers
- Accessibility standards
- None or don’t know
- Description of accessibility
- Cority is thin client, Web-based product. It has a Web-browser user interfacethat was developed using common HTML/JavaScript/Ajax technologies and iscompatible with Google Chrome, Mozilla Firefox, Edge, and Apple Safari.
- Accessibility testing
- To be verified
- API
- Yes
- What users can and can't do using the API
-
The Cority API is the most robust API available in our industry. It is capable of processing enormous volumes of data (that are used in calculations instantly) in a single hour. Furthermore, it routinely handles tens of thousands of transactions in a single day for complex workflows with dozens of fields per record. Unlike many competitive solutions, the Cority API is central to ALL user activities in the system as ALL of the end-user experience provided in our Portal and Apps communicate with our database using the exact same API (and endpoints) we make fully available to our customers.
In addition to simply importing records, the API also extends to the administration of the system. Nearly all of the platform, including configuration tasks, can be achieved through the use of the API. This includes managing the hierarchy, managing assets, managing users, managing user groups, managing dashboards and dashboard permissions, managing streams/materials, workflow types, and much much more.
Finally, extracting data from the system using the API is also very powerful. Customers routinely use the EQL API (similar to SQL with the same syntax) to extract data and put that information in data lakes. - API documentation
- Yes
- API documentation formats
- Open API (also known as Swagger)
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
Cority Safety Cloud platform is heavily "configurable" - i.e. customisable with no-Code. There are specific configuration components that will allow for client inputs during the implementation of the package outlined in the statement of work inthe referenced documents.
If there are additional requirements and or other business workflows not met through the packaged implementation clients can add on additional scope as a follow on phase to the packaged deployment to create a more tailored-fit solution. The additional requirements can be reviewed with Cority to provide an additional scope, effort and cost for additional phases of work.
Scaling
- Independence of resources
- We perform continuous monitoring of the system in terms of performance and capacity. We can detect when your system is running low on resources of capacity like database space or processing. We have the capacity to increase your resources when it is necessary.
Analytics
- Service usage metrics
- Yes
- Metrics types
- There are logs within the application that track when a user logs in and what records they view or update within the system.
- Reporting types
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Users can export their data via the Cority ad hoc reporting tools.
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- Other
- Other protection between networks
- Network boundaries between trusted and untrusted networks are protectedwith common state of the art protection methods to control the flow based oncommon standards (least privilege / need to have etc.) for in and outbounddata flows. Security controls are implemented to identify threats and logfilesare collected and analyzed to identify anomalies according to the criticality.Firewall and router configurations restrict connections between untrustednetworks and Customer's network, restrict inbound and outbound traffic tothat which is necessary, and specifically deny all other traffic.
- Data protection within supplier network
- Legacy SSL and TLS (under version 1.2)
Availability and resilience
- Guaranteed availability
- Cority guarantees 99.5% system uptime, with actual measured uptime well over this figure for the lifetime of the system.
- Approach to resilience
- Cority maintains high availability services by maintaining redundant hardware-firewalls, servers and switches, multiple hosting locations, and dedicated failovers sites.
- Outage reporting
- If there are any service outages detected, a communication will be sent out toall customers by our customer support team. Email.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Username or password
- Access restrictions in management interfaces and support channels
-
Security assignment is based on modular configuration. The client will create a user profile and assign the user to a specific functional role. The role(s) will be granted access to specific modules within a Product Suite.
Additional security features will allow the client to prohibit or grant explicit functions to a particular role and/or prohibit access to Reports, Fields, Metrics, Views, and the ability to Create Views.
The security configuration can be assigned to a single user or multiple users who use the same profile. - Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- BSI
- ISO/IEC 27001 accreditation date
- 18/01/2011
- What the ISO/IEC 27001 doesn’t cover
- Please refer to attached ISO 27001 certificate for details.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
-
- ISO 27017
- ISO 27018
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- ISO 27001:2013 certified ISMS is in place with staff to execute and support.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
All Network components are managed and configured in an establishedservice management framework (ITIL). Network Devices are hardened andaccess permissions are limited and restricted. Identification is happening viastrong authentication and changes are tracked and verified against masterconfiguration templates.
The Cority internal Change Advisory Board oversees all physical and logicalchanges that may result in an interruption to service. Any maintenance,scheduled or otherwise, that potentially impacts clients will be communicatedto the client base. Communication is sent at least seven days in advance witha reminder sent 24 hours in advance. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Cority uses a third-party service to perform automatic vulnerability scans onits production services on a monthly basis. Issues of concern are prioritizedand mitigated as soon as possible.
Cority performs external penetration and vulnerability tests regularly. BSIconducts annual network security audits in compliance with Cority's ISO27001 Certification for Information Security - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- As a SaaS provider, Cority monitors metrics from end-to-end in the aggregatefor our hosting clients and can provide key data. Cority monitors transactiontime, volume, bandwidth, download and upload speeds, and more. Theresults are consolidated in an ApDex report which can be sharedmonthly.Over time, we will us this data help us optimize our solution to ensurewe are delivering maximum value to our clients.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
Cority has formed team named Computer Security Incident Response Team.
Upon a security breach, the CSIRT will:
• Determine if an event constitutes a security incident.
• Conduct an investigation to determine the root cause, source, nature, extentof damage
• Preserve evidence of the incident
• Interview affected personal
• Act as a liaison with law enforcement and legal counsel
• Manage the release of information to the media in co-ordination withcorporate communications
• Prepare reports of findings, root causes, lessons learned and actions formanagement review
• Carry out the directions of management communicated through the CSO
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
As part of Cority's Corporate Social Responsibility Policy, Cority is committedto the protection of the environment, and will ensure that the activities of ourorganization are conducted in an environmentally friendly manner. Corityemployees contribute to the EHSQ community by creating continuingeducation materials accessed by thousands of professionals throughwebinars and speaking engagements. Cority supports industry tradeassociations and specific professional development initiatives, such as AIHA'sFuture Leaders Institute, to develop the next generation of EHSQprofessionals.Covid-19 recovery
Covid-19 has impacted a lot of small businesses and Cority wants to do itspart in supporting them tide over these challenging times. Cority introducedCority Marketplace, a network of small businesses that are owned andmanaged by friends and family members of Cority employees. We havecompiled a list of small businesses known to our Cority employees andpublished them internally to encourage everyone to support theseentrepreneurs. We continue to add new businesses that our employees bringto our attention.Tackling economic inequality
As part of Cority's Corporate Social Responsibility Policy, Cority strives toensure that non-discriminatory employment practices are utilized, and thathuman rights are protected at all times. Cority is an equal opportunityemployer and does not tolerate violations of the law, human rights, or anyworkplace regulations or legislation. Cority also works to ensure that theworkplace is free of discrimination, harassment, and bullying based on any ofthe protected grounds of employment found in the applicable Human RightsAct/Code. Cority will also ensure that its wages, benefits (both compensableand non-compensable) are appropriate for the job market and the geographiclocation.Equal opportunity
Cority is committed to providing equal employment opportunities to allemployees and applicants in all aspects of employment. We will not toleratenor condone discrimination based on age, race, color, religion, gender, genderidentity, gender expression, sexual orientation, country of origin or physical ormental disability. Cority also prohibits the harassment of any individual on anybasis listed above. We will comply with the spirit and the letter of all local,provincial and federal laws pertaining to employment. The intent of this policyis to ensure that equal employment opportunity is extended to all persons inall aspects of the employer-employee relationship, including recruitment,hiring, promotion, compensation, training, transfer, benefits, layoff, recall,termination and participation in company-sponsored events.Wellbeing
Cority is invested in the mental and physical wellbeing of all its employeesand is committed to providing a workplace that is free of discrimination,harassment, and bullying based on any of the protected grounds of employment found in the applicable Human Rights Act/Code. Cority is vitallyinterested in the ongoing health and safety of our staff, clients, visitors, andthe public at large, and will work to ensure that our workplace meets orexceeds all applicable requirements under health and safety legislation. Corityalso supports Workplace Health Without Borders (WHWB) which engagesvolunteers to improve workplace health and safety in under-served workerpopulations and foster skills development in these regions.
Pricing
- Price
- £20,000 an instance a year
- Discount for educational organisations
- No
- Free trial available
- No