Kausal Ltd

Kausal Paths

Kausal Paths is a powerful SaaS platform for assessing and calculating potential climate actions and their impacts on emissions, costs, health, and other outcomes. It enables the development, prioritising, and updating of sustainability plans and targets, facilitating comprehensive sustainability management in cities and regions.

Features

• Visualize historical GHG emissions by sector and subsector over time.
• Compare various preset GHG emission scenarios and their specifics.
• Customize impact calculation modules with local expertise and data.
• Compare emission reduction measures based on potential and attributes.
• Adjust examination by selecting different focus years.
• Create emission scenarios by toggling measures or choosing implementation levels.
• Calculate and visualize carbon budgets for future periods.
• Calculate and visualize investment and implementation costs of climate measures.
• Determine cost-effectiveness of measures and compare alternatives.
• Assess health impacts of air pollution, mobility, and food consumption.

Benefits

• Streamline GHG inventory management with a centralized platform.
• Gain insights into action-emission relationships to optimize reduction strategies.
• Predict future GHG scenarios based on planned climate actions.
• Assess cost-efficiency of emission reduction measures to prioritize mitigation.
• Visualize timelines and progress towards GHG reduction targets.
• Replace GHG inventory manually produced documents with automated report templates.
• Develop capabilities to independently assess climate actions' GHG impact.
• Transform emissions data into actionable initiatives for carbon reduction.
• Make data-driven climate policy decisions using GHG inventory insights.
• Justify municipal climate investments based on projected GHG reduction.

£700 a licence a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at joonas.pekkanen@kausal.tech. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

393580633390726

Contact

Joonas Pekkanen
+358505846800
joonas.pekkanen@kausal.tech

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements: Versions of browsers released within the previous two years supported

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Critical technical support tickets are answered without delay, within max 4 hours, during service hours (9am to 5pm weekdays) and within 8 hours on week-end and public holidays. Non-critical questions are responded to latest on the following weekday.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: We offer all support levels in-house and included in the price. In addition the account manager we can provide a separate technical account manager without extra cost if required.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Kausal provides an enhanced customer onboarding program, featuring customised online training sessions for Service Administrators and Service Staff users. Tailored to their respective roles, these sessions ensure users understand their responsibilities within the service. Additionally, Kausal offers ongoing customer support and access to digital support materials such product guides.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • Other
• Other documentation formats: Walkthrough videos
• End-of-contract data extraction: JSON, CSV and PDF exports are provided at the end of the contract
• End-of-contract process: The data export is provided without extra cost upon request from the Buyer.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Due to highly visual and interactive nature of the data exploration the user interface is optimised for desktop browsers. Nevertheless the user interface does scale to mobile screens and the same functionality is available. Use on mobile does require more scrolling and opening of overlay panels to access the interactive controls compared to desktop use.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: There is an administrative user interface where admin users of the customer log in and update their data through their web browser.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Users can navigate the user interface with different devices and using just keyboard. Some data visualisations and highly interactive content is not fully accessible by screen readers. It would be very hard to capture all the insights provided by the data visualisations in text descriptions of the content.
• API: Yes
• What users can and can't do using the API: For read operations: a GraphQL API with interactive documentation is provided.; ; For write operations: a REST API is provided, which requires per-case manual setup for authentication+authorization.; The API has an OpenAPI specification and further documentation. Usually this API is used for data integrations and it is customary; to have a separate integration project to make sure the API is used optimally.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The public site can be customized to align with the customer's institutional identity, incorporating elements such as the logo, colors, and overall design aesthetic to convey its identity and values to the public. This customizations are provided by Kausal personnel during the service set-up and included in the Onboarding and Set-up costs as defined in the Pricing Document.

Scaling

• Independence of resources: We use a hybrid scaling approach so that customers are distributed across several datacenters and computing instances, but also the performance characteristics of individual computing instances can be scaled if required. Our service demand is very predictable, and we can plan any scaling requirements when onboarding new customers. Also a robust caching mechanism as well as performance testing is in place.

Analytics

• Service usage metrics: Yes
• Metrics types: Matomo Analytics for web visitor analytics is provided but also incorporating Buyer's own analytics is possible at an extra cost.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: Less than once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Other
• Other data at rest protection approach: The physical access control processes are provided by our cloud server infrastructure provider. Additionally, all company computers have encryption-at-rest set up.
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: There are several ways of exporting data to csv or xls format. Each node can be exported individually, or the whole model can be exported as a single dataset. In addition, data can be exported in the specified formats of several reporting frameworks such as NetZeroCities, CDP or SECAP.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Excel
• Data import formats: Other
• Other data import formats: Copy-paste ranges of data from CSV or other spreadsheets

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We provide 99,9% SLA during service hours. The Buyer is refunded for extended un-expected downtime as described in more detail in the Suppliers Terms and Conditions.
• Approach to resilience: Our infrastructure is geographically distributed to multiple datacenters. The provisioning of services to the datacenters is fully automatic and reproducible, based on reproducible infrastructure-as-code. All of the data in any datacenter is automatically backed up to another datacenter and its restoration is periodically and automatically tested. Therefore, even a catastrophic, datacenter-wide incident can be handled by provisioning the service infrastrcture and deploying the services in another datacenter if needed. Of course the basic resilience mechanisms of our 3rd party server infrastructure provider apply on top of this service-specific setup (ie. datacenter resilience and recovery).
• Outage reporting: Email alerts to a mailing list where customers can add their relevant addresses

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Other
• Other user authentication: A user with an email address is pre-created by customer admin user in our service. Next, the user logs in with identity federation (most often Microsoft Entra) and the logged-in user with the same email address is associated with the user in the service.
• Access restrictions in management interfaces and support channels: User rights for authorization is managed within the service, restricting access to only required parts of service. IP fencing can be done without extra cost if required.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Other
• Description of management access authentication: 2-factor authentication is required as part of the identity federation authentication. Management access permissions are configured in the service.

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Kausal is using risk-based approach. Risks are systematically assessed and managed, with most emphasis on the highest risks. In addition, the data centers have ISO 27001 certification.
• Information security policies and processes: Kausal is using STRIDE method for information risk identification and mitigation. Identified risks are raised in the regular technology team meetings and solutions are sought in collaboration to ensure that the security culture remains strong. In addition, information security policies are reviewed annually.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Both our application-level and infrastructure-level code and configuration is managed in a version-control system, with a review process for changes, and all changes being easily reversible and stored for audit purposes.; ; For application code, we use github automated security review https://github.com/features/security to support manual review.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Both our application-level and infrastructure-level code and configuration is managed in a version-control system, with a review process for changes, and all changes being easily reversible and stored for audit purposes.; ; For application code, we use github automated security review https://github.com/features/security to support manual review.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use CrowdSec as an IDS and monitor the logs, along with our error logs, system logs, server metrics, automated end-to-end monitoring, and basic availability monitoring. Staff assigned to on-duty gets automated alerts from these systems.; ; An initial analysis of the anomaly by on-duty staff, based on cross-checking available logs is followed by a detailed analysis along with potential immediate mitigating steps for real threats. Afterwards, the root cause of the incident is analyzed and fixed.; ; Incident response is according to severity in accordance with our incident management processes. Reports are sent to affected parties.
• Incident management type: Supplier-defined controls
• Incident management approach: We follow incident reports from our users to our support email address, along with technical security vulnerabilities reported in accordance with our open source projects' reporting policy, as well as all the monitoring inputs mentioned in "protective monitoring processes".; ; We have an internal knowledge base containing predefined process for commonly recurring events.; We provide incident reports to all affected parties, including customers, after detailed analysis of the incident, when we have started to work on the incident and after the work is completed. These are provided by email to customers.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity

  Fighting climate change

  The Kausal SaaS offering is specifically used for fighting climate change. It helps local and regional governments reduce their carbon footprint by optimizing resource allocation and minimizing waste through data-driven insights and predictive analytics.

  Tackling economic inequality

  The Product enables economic impact assessments of actions in a climate or sustainability action plan. Impacts can be categorised according to stakeholder and thus it is possible to evaluate how the effects are distributed. It is even possible to prioritise actions based on these comparative assessments.

  Equal opportunity

  The Kausal Platform is designed for collaborative approach, where user access can be given to onyone who is a relevant contributor even outside the organisation of the customer.

Pricing

• Price: £700 a licence a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at joonas.pekkanen@kausal.tech. Tell them what format you need. It will help if you say what assistive technology you use.