Skip to main content

Help us improve the Digital Marketplace - send your feedback

Cority Software Inc

Cority Safety Cloud

Make Workplace Safety Management Simple.
Cority’s Safety Essentials solutions package is purpose-built to offer the tools you need to manage your most critical EHS workflows with confidence all with a lower total cost of ownership. Our solution is designed for rapid deployment offering a faster time-to-value

Features

  • The most secure health & safety management platform
  • Standardize processes to report, investigate and learn from incidents
  • Automate recurring inspection tasks and follow-up actions
  • Drive workforce engagement in safety with a mobile interface
  • Easily track metrics and uncover key insights
  • Automated scheduling, alerts and escalation workflows
  • Purpose-built package reduces time needed to deploy
  • Out-of-the-box reports, data visualizations and analytics
  • Best-in-class EHS software solutions that can expand

Benefits

  • Highest levels of data security, give peace of mind
  • Encourage worker engagement with reporting of incidents and near-misses
  • Reduce safety incidents
  • Foster safety culture through sharing of data an analytics
  • Reduce non-compliance costs
  • Meet legal obligation
  • Automated RIDDOR reporting save time and ensure compliance

Pricing

£20,000 an instance a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at stacey.hertzman@cority.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

3 4 3 2 3 7 7 3 0 7 5 5 7 0 5

Contact

Cority Software Inc Stacey Hertzman
Telephone: +44 7837 292282
Email: stacey.hertzman@cority.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
No service constraints except those mentioned in the HSA (Hosted Software Agreement)
System requirements
  • Any Operating system accessed via recent standard Web Browsers like
  • Google Chrome
  • Apple Safari
  • Mozilla Firefox
  • Microsoft Edge

User support

Email or online ticketing support
Email or online ticketing
Support response times
See our Maintenance and Support Guide that shows our Service Level Targets based on priority.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Standard support is included in our licence fee for all customers. We do not have any unique support levels provided at differentcosts.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Customer software is configured during an implementation project. During the project orientation training will beprovided to the client project team for solution setup, including navigation,workflows, demographic data, organizational structure and settings to supportthe Client's team understanding of the Essentials package. User accounts will be set up for the system users during the project. General system context sensitive help is available via the in application help tools. During the project the client team will be responsible to create Client specific guides or tipsheets.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
The first option at no cost is for the Client to extract their data via reports. The second and third options include either a backup of the full database or an extract of data files for an additional cost. Clients can opt to have documents extracted in their native format at an additional cost.
End-of-contract process
Client will notify in writing to Cority that they would like to terminate the contract. Cority and Client will then agree to the method for data extraction

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Cority's mobile solution, myCority is an enhanced, mobile-responsive app thatworks as an extension of our SaaS solution. Users can open the app and log
in using virtually any device to securely view, capture and submit informationand drive real-time decision making. myCority also delivers a leading offlinecapability to enable your employees to fully complete their assignedtasks/actions and upload the captured information when back online. All ofthis enables our clients to experience the flexibility of a truly mobile solutionwithout the complexity and costs of managing multiple point solutions ormultiple versions of native mobile apps.
Service interface
Yes
User support accessibility
None or don’t know
Description of service interface
The Cority solution has a Browser based User Interface that was developedusing common HTML/JavaScript/Ajax technologies, and is compatible with recent common browsers
Accessibility standards
None or don’t know
Description of accessibility
Cority is thin client, Web-based product. It has a Web-browser user interfacethat was developed using common HTML/JavaScript/Ajax technologies and iscompatible with Google Chrome, Mozilla Firefox, Edge, and Apple Safari.
Accessibility testing
To be verified
API
Yes
What users can and can't do using the API
The Cority API is the most robust API available in our industry. It is capable of processing enormous volumes of data (that are used in calculations instantly) in a single hour. Furthermore, it routinely handles tens of thousands of transactions in a single day for complex workflows with dozens of fields per record. Unlike many competitive solutions, the Cority API is central to ALL user activities in the system as ALL of the end-user experience provided in our Portal and Apps communicate with our database using the exact same API (and endpoints) we make fully available to our customers.

In addition to simply importing records, the API also extends to the administration of the system. Nearly all of the platform, including configuration tasks, can be achieved through the use of the API. This includes managing the hierarchy, managing assets, managing users, managing user groups, managing dashboards and dashboard permissions, managing streams/materials, workflow types, and much much more.

Finally, extracting data from the system using the API is also very powerful. Customers routinely use the EQL API (similar to SQL with the same syntax) to extract data and put that information in data lakes.
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Cority Safety Cloud platform is heavily "configurable" - i.e. customisable with no-Code. There are specific configuration components that will allow for client inputs during the implementation of the package outlined in the statement of work inthe referenced documents.
If there are additional requirements and or other business workflows not met through the packaged implementation clients can add on additional scope as a follow on phase to the packaged deployment to create a more tailored-fit solution. The additional requirements can be reviewed with Cority to provide an additional scope, effort and cost for additional phases of work.

Scaling

Independence of resources
We perform continuous monitoring of the system in terms of performance and capacity. We can detect when your system is running low on resources of capacity like database space or processing. We have the capacity to increase your resources when it is necessary.

Analytics

Service usage metrics
Yes
Metrics types
There are logs within the application that track when a user logs in and what records they view or update within the system.
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users can export their data via the Cority ad hoc reporting tools.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
Other
Other protection between networks
Network boundaries between trusted and untrusted networks are protectedwith common state of the art protection methods to control the flow based oncommon standards (least privilege / need to have etc.) for in and outbounddata flows. Security controls are implemented to identify threats and logfilesare collected and analyzed to identify anomalies according to the criticality.Firewall and router configurations restrict connections between untrustednetworks and Customer's network, restrict inbound and outbound traffic tothat which is necessary, and specifically deny all other traffic.
Data protection within supplier network
Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Cority guarantees 99.5% system uptime, with actual measured uptime well over this figure for the lifetime of the system.
Approach to resilience
Cority maintains high availability services by maintaining redundant hardware-firewalls, servers and switches, multiple hosting locations, and dedicated failovers sites.
Outage reporting
If there are any service outages detected, a communication will be sent out toall customers by our customer support team. Email.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Security assignment is based on modular configuration. The client will create a user profile and assign the user to a specific functional role. The role(s) will be granted access to specific modules within a Product Suite.
Additional security features will allow the client to prohibit or grant explicit functions to a particular role and/or prohibit access to Reports, Fields, Metrics, Views, and the ability to Create Views.
The security configuration can be assigned to a single user or multiple users who use the same profile.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
18/01/2011
What the ISO/IEC 27001 doesn’t cover
Please refer to attached ISO 27001 certificate for details.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
  • ISO 27017
  • ISO 27018

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
ISO 27001:2013 certified ISMS is in place with staff to execute and support.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
All Network components are managed and configured in an establishedservice management framework (ITIL). Network Devices are hardened andaccess permissions are limited and restricted. Identification is happening viastrong authentication and changes are tracked and verified against masterconfiguration templates.
The Cority internal Change Advisory Board oversees all physical and logicalchanges that may result in an interruption to service. Any maintenance,scheduled or otherwise, that potentially impacts clients will be communicatedto the client base. Communication is sent at least seven days in advance witha reminder sent 24 hours in advance.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Cority uses a third-party service to perform automatic vulnerability scans onits production services on a monthly basis. Issues of concern are prioritizedand mitigated as soon as possible.
Cority performs external penetration and vulnerability tests regularly. BSIconducts annual network security audits in compliance with Cority's ISO27001 Certification for Information Security
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
As a SaaS provider, Cority monitors metrics from end-to-end in the aggregatefor our hosting clients and can provide key data. Cority monitors transactiontime, volume, bandwidth, download and upload speeds, and more. Theresults are consolidated in an ApDex report which can be sharedmonthly.Over time, we will us this data help us optimize our solution to ensurewe are delivering maximum value to our clients.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Cority has formed team named Computer Security Incident Response Team.
Upon a security breach, the CSIRT will:
• Determine if an event constitutes a security incident.
• Conduct an investigation to determine the root cause, source, nature, extentof damage
• Preserve evidence of the incident
• Interview affected personal
• Act as a liaison with law enforcement and legal counsel
• Manage the release of information to the media in co-ordination withcorporate communications
• Prepare reports of findings, root causes, lessons learned and actions formanagement review
• Carry out the directions of management communicated through the CSO

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

As part of Cority's Corporate Social Responsibility Policy, Cority is committedto the protection of the environment, and will ensure that the activities of ourorganization are conducted in an environmentally friendly manner. Corityemployees contribute to the EHSQ community by creating continuingeducation materials accessed by thousands of professionals throughwebinars and speaking engagements. Cority supports industry tradeassociations and specific professional development initiatives, such as AIHA'sFuture Leaders Institute, to develop the next generation of EHSQprofessionals.

Covid-19 recovery

Covid-19 has impacted a lot of small businesses and Cority wants to do itspart in supporting them tide over these challenging times. Cority introducedCority Marketplace, a network of small businesses that are owned andmanaged by friends and family members of Cority employees. We havecompiled a list of small businesses known to our Cority employees andpublished them internally to encourage everyone to support theseentrepreneurs. We continue to add new businesses that our employees bringto our attention.

Tackling economic inequality

As part of Cority's Corporate Social Responsibility Policy, Cority strives toensure that non-discriminatory employment practices are utilized, and thathuman rights are protected at all times. Cority is an equal opportunityemployer and does not tolerate violations of the law, human rights, or anyworkplace regulations or legislation. Cority also works to ensure that theworkplace is free of discrimination, harassment, and bullying based on any ofthe protected grounds of employment found in the applicable Human RightsAct/Code. Cority will also ensure that its wages, benefits (both compensableand non-compensable) are appropriate for the job market and the geographiclocation.

Equal opportunity

Cority is committed to providing equal employment opportunities to allemployees and applicants in all aspects of employment. We will not toleratenor condone discrimination based on age, race, color, religion, gender, genderidentity, gender expression, sexual orientation, country of origin or physical ormental disability. Cority also prohibits the harassment of any individual on anybasis listed above. We will comply with the spirit and the letter of all local,provincial and federal laws pertaining to employment. The intent of this policyis to ensure that equal employment opportunity is extended to all persons inall aspects of the employer-employee relationship, including recruitment,hiring, promotion, compensation, training, transfer, benefits, layoff, recall,termination and participation in company-sponsored events.

Wellbeing

Cority is invested in the mental and physical wellbeing of all its employeesand is committed to providing a workplace that is free of discrimination,harassment, and bullying based on any of the protected grounds of employment found in the applicable Human Rights Act/Code. Cority is vitallyinterested in the ongoing health and safety of our staff, clients, visitors, andthe public at large, and will work to ensure that our workplace meets orexceeds all applicable requirements under health and safety legislation. Corityalso supports Workplace Health Without Borders (WHWB) which engagesvolunteers to improve workplace health and safety in under-served workerpopulations and foster skills development in these regions.

Pricing

Price
£20,000 an instance a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at stacey.hertzman@cority.com. Tell them what format you need. It will help if you say what assistive technology you use.