CSI Limited

IBM Envizi ESG Suite

IBM Envizi ESG Suite supports the collection, consolidation, and management of client ESG data. Its reporting tools can be used to meet internal and external requirements for ESG reporting and disclosure. The Cloud service provides functionality to identify efficiency and decarbonisation opportunities, to scenario plan and to assess sustainability risk.

Features

• Scope 1&2 GHG Accounting and Reporting
• Scope 3 GHG Accounting and Reporting
• Scope 3 Supply Chain Intelligence
• Scope 3 Supply Chain Intelligence ESG Reporting
• Decarbonization – Sustainability Program Tracking
• ESG Reporting – Building Ratings and Benchmarks
• Decarbonization – Utility Bill Analytics
• ESG Reporting –ESG Reporting Frameworks
• – Value Chain Surveys and Assessments

Benefits

• Accurately calculate emissions with maintained global GHG emission factor library
• Set energy and emissions reduction targets and track performance
• Supports you report in line with ESG reporting frameworks
• Streamline qualitative and quantitative data captured from value chain
• Dedicated supplier portal for capturing data with analytics
• Manage programs and track and report energy efficiency project data.
• Consolidates utilities billing data into a single record for analysis
• Analytics, benchmarking, workflow tools to drive efficiency and decarbonize facilities
• Uses IoT sensor to automatically detects and diagnoses equipment issues
• Automatically identity faulty HVAC equipment and inefficient building control strategies

£47.77 a unit a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jennifer.billett@csiltd.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

405798749131247

Contact

Jennifer Billett
08001088301
jennifer.billett@csiltd.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Yes but can also be used as a standalone service
• Cloud deployment model: Public cloud
• Service constraints: N/A
• System requirements:
  • Envizi is a 100% browser-based Software as a Service(SaaS) solution.
  • Envizi is independent of any operating system or hardware requirement

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support levels detailed at the following link: https://www.ibm.com/support/pages/node/738881 The advanced support level is included with the product.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support levels detailed at the following link: https://www.ibm.com/support/pages/node/738881 The advanced support level is included with the product.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: There are services available which are typically ordered with the platform that offer bespoke onsite training (for both administrators and users). There is also extensive documentation available (again, for both administrators and users).
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: IBM will return the client data within a reasonable period in a reasonable and common format upon receiving written instructions from the client prior to termination or expiration. Data clean-up is performed per the Data Protection Addendum (DPA) terms: https://www.ibm.com/support/customer/csol/terms/?cat=dpa
• End-of-contract process: IBM will return the Client Data within a reasonable period in a reasonable and common format upon receiving written instructions from the Client prior to termination or expiration. Upon termination, client data is erased using the US Department of Defense M220.22M standard

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
  • Other
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: N/A
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The full API guide can be accessed here: https://www.ibm.com/docs/en/qradar-common?topic=api-restful-overview
• Accessibility standards: None or don’t know
• Description of accessibility: The full API guide can be accessed here: https://www.ibm.com/docs/en/qradar-common?topic=api-restful-overview
• Accessibility testing: The full API guide can be accessed here: https://www.ibm.com/docs/en/qradar-common?topic=api-restful-overview
• API: Yes
• What users can and can't do using the API: The full API guide can be accessed here: https://www.ibm.com/docs/en/qradar-common?topic=api-restful-overview
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: Each client receives their own dedicated instance of the service. The architecture of IBM cloud services maintains logical separation of client data. Internal rules and measures separate data processing, such as inserting, modifying, deleting, and transferring data, according to the contracted purposes.

Analytics

• Service usage metrics: Yes
• Metrics types: Real-time dashboards
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: IBM

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: This can be completed by any user with the required permissions to access all incident data (or any client administrator). The export is completed from within the GUI without any special system requirements.
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Please refer to section 3.1 in the Service Description: https://www.ibm.com/support/customer/csol/terms/?ref=i126-6917-14-05-2020-zz-en
• Approach to resilience: Please refer to section 3.1 in the Service Description: https://www.ibm.com/support/customer/csol/terms/?ref=i126-6917-14-05-2020-zz-en
• Outage reporting: Please refer to section 3.1 in the Service Description: https://www.ibm.com/support/customer/csol/terms/?ref=i126-6917-14-05-2020-zz-en

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Interfaces and support channels IBM maintains individual role-based authorization of privileged accounts that is subject to regular validation. A privileged account is a duly authorized IBM user identity with administrative access to a Cloud Service, including associated infrastructure, networks, systems, applications, databases and file systems.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 27/03/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: NCC Group Security Services Ltd
• PCI DSS accreditation date: 01/04/2024
• What the PCI DSS doesn’t cover: N/A
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Please refer to section 3.1 in the Service Description: https://www.ibm.com/support/customer/csol/terms/?ref=i126-6917-14-05-2020-zz-en

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Management approach IBM maintains policies and procedures to manage risks associated with the application of changes to its Cloud Services. Prior to implementation, all changes to a Cloud Service, including its systems, networks and underlying components, will be documented in a registered change request that includes a description and reason for the change, implementation details and schedule, a risk statement addressing impact to the Cloud Service and its clients, expected outcome, rollback plan, and documented approval by IBM management or its authorized delegate.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Approach With each Cloud Service, as applicable and commercially reasonable, IBM will a) perform penetration testing and vulnerability assessments before production release and routinely thereafter, b) enlist a qualified and reputable independent third-party to perform penetration testing and ethical hacking at least annually, c) perform automated management and routine verification of underlying components’ compliance with security configuration requirements, and d) remediate any identified vulnerability or noncompliance with its security configuration requirements based on associated risk, exploitability, and impact. IBM takes reasonable care to avoid Cloud Service disruption when performing its tests, assessments, scans, and execution of remediation activities.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: IBM maintains and follows policies requiring administrative access and activity in its Cloud Services’ computing environments to be logged and monitored, and the logs to be archived and retained in compliance with IBM’s worldwide records management plan. IBM monitors privileged account use and maintain security information and event management policies and measures designed to a) identify unauthorized administrative access and activity, b) facilitate a timely and appropriate response, and c) enable internal and independent third party audits of compliance with such policies. IBM systematically monitors the health and availability of production Cloud Service systems and infrastructure at all times.
• Incident management type: Supplier-defined controls
• Incident management approach: IBM: -maintains and follows incident response policies aligned with NIST guidelines for computer security incident handling, and will comply with data breach notification requirements under applicable law. -investigates security incidents, including unauthorised access or use of content or the Cloud Service, of which IBM becomes aware, and, if warranted, define and execute an appropriate response plan. -promptly notifies Client upon determining that a security incident known or reasonably suspected by IBM to affect Client has occurred. -provides Client with reasonably requested information about such security incident and status of applicable remediation and restoration activities performed or directed by IBM.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Fighting climate change In February 2021, IBM committed to achieving net zero greenhouse gas emissions globally by 2030. On this path, IBM are on track to have reduced greenhouse gas emissions by 65% (against 2010 base) in 2025, and 75% of our global electricity consumption will be from renewables by 2025. The IBM UK Carbon Reduction Plan (CRP) is published annually in which we report progress in achieving Net Zero. In fulfilling our responsibilities under our contracts, our staff operate in line with our IBM Environmental Policy and implemented through our worldwide Environmental Management System (EMS), which covers objectives including achieving our net zero greenhouse gas commitment, reduction in water use, reduction in waste going to landfill, creating green space, enhancing the natural environment and improving air quality. Local initiatives are in place around IBM locations, including on shared or zero-carbon travel, with various cycle-to-work and car-share initiatives and incentives, and through environmentally focused volunteering. To influence staff, suppliers, customers and communities through the delivery of the contract to support environmental protection and improvement, we include Social Responsibility and Environmental Management requirements in subcontracts, and encourage staff to work with the wider teams on improvements. In some locations, a ‘Environmental Business Resource Group’ promotes sustainability and plans community-based volunteer work. In 2020 IBM launched the responsible.computing() initiative, which addresses modern computing challenges and integrates aspects of sustainability, climate, ethics, openness, privacy and security. We assess proposed technical solutions against efficient energy usage. IBM began detailed tracking and monitoring of our environmental footprint in 1990 - being forthright and transparent in our impact long before it was fashionable or required. We have made significant improvements over the last 30 years and will continue to always report transparently on impacts and our progress.

Pricing

• Price: £47.77 a unit a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jennifer.billett@csiltd.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.