Trackplan Software

Trackplan CAFM Software

Modern, easy to use Facilities Management software (CAFM) with mobile apps. For management of
Planned maintenance,
Reactive maintenance,
Helpdesk,
Site and Assets,
Contractors and engineers,
Health and safety,
Compliance,
Projects,
Contracts,
Costs and budgets,
Inspection/ Checklists,
Documents + More.

Features

• Reactive maintenance and job requests with job management
• Planned Preventative Maintenance with forms and checklists
• Site, locations, sublocations, asset management
• Helpdesk, incoming issues and job requests from multiple sources
• Issue and manage work to contractors and engineers
• SFG20 integration with their Facilities IQ platform
• Mobile App for managers, engineers and requestors - works offline
• Site and asset tagging with QR codes
• Document upload for sites, assets, contractors, jobs. Set expiry dates.
• Dashboards (build your own), reports. Schedule for email or FTP.

Benefits

• Save time by automating a lot of your timely tasks
• Drive compliance with dashboards, alerts, reports+ more
• Industry standard planned maintenance regimes. SFG20 recommended schedules and checklists
• Reduce costs with customisable reports, budget tracking & contractor monitoring
• Manage maintenance and assets on the move with mobile app
• Raise issues by scanning QR codes on assets or locations
• Manage KPIs and performance from library of dashboards and reports
• Optimise value from your assets with cost management and history
• All your maintenance, records and documents under one roof
• Manage permits to work and risk assessments with electronic forms

£1,440 to £129,100 an instance a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@trackplanfm.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

403887254540205

Contact

Charlie Bown
+447599987707
sales@trackplanfm.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: Our software is hosted on Virtual Machines in Microsoft Azure data centres.; Clients can choose to have their own dedicated virtual machines or share VMs with other clients
• System requirements:
  • Buyer needs a contemporary web browser to access our application
  • We manage security and hosting of the service

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 2 hour response during office hours.; Issues raised out of office hours will be responded to within 2 hours of next working day
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We have one support level for all clients.; 2-hour response. Resolution as soon as possible.; Clients have an account manager as well as access to the support team.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Mixture of online training and onsite training as agreed with client; Recommend 2 - 10 training and consultation settings; Provide assistance with loading of data and configuration; Training complemented by a knowledge base on https://cafm.fm and product videos
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Videos
• End-of-contract data extraction: Export all data to excel from the data grids and reports area; We will send all uploaded documents and files as a zip file with an index in excel format.
• End-of-contract process: We will help the client export all data they want to keep; We will hard delete the client's data from the SQL database

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The main web application is designed to be responsive so will work well on laptops to smaller devices such as mobiles and tablets; We also have a mobile app which is designed to work well on mobile devices and works offline.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: We provide an RESTful API for clients to use; ; The web application is access via the browser with https://....; ; The mobile application is installed through the browser and works on all devices.
• Accessibility standards: None or don’t know
• Description of accessibility: With the API user can pull and push data for key data objects; ; In the main web application users can do anything that their role permits; ; In the mobile app key functionality is available as configured from the main application
• Accessibility testing: None
• API: Yes
• What users can and can't do using the API: Users can set up by using jwt or APIKey; Users can pull and push data to the main database for key data objects; Limitations are based on the endpoints that are made available.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: We monitor usage and performance of the shared virtual machines. If resources are stretched we will either:; - set the client up on their own pair of virtual machines for high usage clients. OR; - set up a new pair of shared virtual machines for new clients.

Analytics

• Service usage metrics: Yes
• Metrics types: Number of jobs created.; Audit trail of all actions made across all users; Number of emails sent and SMS messages sent
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Other
• Other data at rest protection approach: We apply TDE - Transparent Data Encryption, on the SQL database.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can:; - download data to excel from the main data grids within Trackplan; - download data to excel from the 40+ Trackplan reports; - use the Trackplan API
• Data export formats:
  • CSV
  • Other
• Other data export formats: Excel
• Data import formats: Other
• Other data import formats:
  • Excel
  • Json via API

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Our service is hosted in Azure and uptime in the last 9 years has been over 99.95%.; ; Each Azure server is automatically replicated within its Availability Zone to protect from component failure. This offers high availability and durability.; ; Documents uploaded by the client onto Trackplan are stored in Microsoft Azure’s blob storage facilities. The data in Microsoft Azure storage accounts is always replicated to ensure durability and high availability. ; ; Trackplan will be available to answer queries regarding the use of the Service, the Deliverables and/or the Solution between 8am and 6pm on days designated as business days in Trackplan’s head office location in Ireland – this is Monday to Friday.; ; We do not offer refunds for lack of availability
• Approach to resilience: Our services are hosted in Microsoft Azure Data Centres.; ; Microsoft Azure data centres are in alignment with Tier 4 guidelines. Their approach to infrastructure performance acknowledges the Uptime Institute's Tiering guidelines and applies them to their global data centre infrastructure design to ensure the highest level of performance, security and availability. Microsoft Azure have all the credentials expected of a large hosting enterprise including:; - ISO 27001; - HIPAA, ; - FedRAMP, ; - SOC 1, and SOC 2; - NIST SP 800-53; Microsoft’s data centres meet the conditions of a “Tier 4” data centre: ; - 99.995% uptime per year (Tier 4 uptime) ; - 2N+1 fully redundant infrastructure; - 96-hour power outage protection; Each Azure server is automatically replicated within its Availability Zone to protect from component failure. This offers high availability and durability.
• Outage reporting: We receive automated email alerts from Microsoft Azure when there are issues with our service such as:; - high memory usage; - low disk space; - high CPU usage; - actual downtime.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Each user is assigned a role. Each can be associated to over 100 permissions. This role will then govern what features and functionality the user is able to see and update.; Also each user can be granted access to one or more sites and locations.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Mark Cochrane, the CEO of Trackplan, is responsible for security governance and for adequate security measures set up for Trackplan and its staff. We use Azure for hosting our main web applications and database and follow the guidelines provided by the Azure Governance Framework
• Information security policies and processes: Mark Cochrane, the CEO of Trackplan, is responsible for information security. Sajith Sageer, the development manager, reports into Mark and together they meet to discuss implement ongoing improvements to Trackplan's information security.; Mark is also the Data Processing Officer and regularly reviews Trackplan's responsibilities regarding data protection to support ourselves and our clients to stay compliant with Data protection legislation.; We take seriously the principles of confidentiality, integrity, availability, ; and authentication.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The status, location and configuration of service components (both hardware and software) are tracked throughout their lifetime; Changes to the service are assessed for potential security impact, then managed and tracked through to completion; Unauthorised changes to the deployed service components and their configuration will be detected and prevented; We provide appropriate notice before making changes that affect use of the service or ability to use the service
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Trackplan is hosted on VMs in Microsoft Azure data centres. They offer strong levels of security. Most ports are locked down to the public, except for essential ports such as http and https on the web servers.; We review the code regularly to check for vulnerabilities in our application. The code is on ASP.NET MVC5 and this platform helps provide protection against many known “vulnerable” spots such as code injection.; When we do find a weakness we prioritise, fix it and release
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We generate adequate audit events to support effective identification of suspicious activity; The collected events are analysed to identify potential compromises or inappropriate use of the cloud service; We take prompt and appropriate action to address incidents; We take responsibility for monitoring all parts of the service that we are responsible for. This will includes authentication to the service and use of administration interfaces
• Incident management type: Supplier-defined controls
• Incident management approach: Incident management processes are in place for the service and are actively deployed in response to security incidents; Pre-defined processes are in place for responding to common types of incident and attack; A support ticketing system exists for customers and external entities to report security incidents and vulnerabilities; We will inform client if we detect a security incident that affectstheir data in an acceptable agreed timescale

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Trackplan's CAFM software includes many benefits which will have a positive impact on the fight against climate change:; - better job management and scheduling of work to make the best use of your resources (contractors and engineers). By managing work more efficiently you will reduce the number of visits and travelling required by the resources; - Stronger planned preventative maintenance will reduce the number of reactive jobs needed and so resources to be used. It will also extend the life of your assets and help reduce the need to replace assets so frequently.

Pricing

• Price: £1,440 to £129,100 an instance a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: 4 week trial of our CAFM cloud based software
• Link to free trial: https://www.trackplanfm.com/cafm-free-trial/

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@trackplanfm.com. Tell them what format you need. It will help if you say what assistive technology you use.