THEIA360

Service scope

Software add-on or extension: No
Cloud deployment model: Public cloud
Service constraints: No constraints that fall outside of standard operating parameters. These parameters are discussed in detail with all clients, i.e. periods for critical scheduled maintenance, etc. We do not enforce constraints based on technology outside of support for modern browsers versions
System requirements: Service is consumed via web browsers

We support all modern browser versions

User support

Email or online ticketing support: Email or online ticketing
Support response times: Between 30 mins to 16 hours depending on ticket severity
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: No
Onsite support: Yes, at extra cost
Support levels: Customers receive support in accordance with our standard SLAs. This provides direct portal support, direct telephone support to our dedicated support team and access to our help centre documentation. Support hours are 9:00am to 5:00pm Monday to Friday as standard, but extended services are available on request and at a charge. This includes out of hours support for urgent issues and Saturday support. All customers are allocated a dedicated Account Manager, who will meet and/or contact customers at agreed intervals to ensure they maximise the benefits of THEIA360 and to ensure we understand their business direction, requirements and expectations.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: We provide a complete implementation service which includes on-site training, setup and support.
Service documentation: Yes
Documentation formats: PDF
End-of-contract data extraction: As part of an agreed demobilisation process all client data will be packaged up into a standard format and provided to the client.
End-of-contract process: As part of the contract all client data will be packaged into a standard file format and provided to the client. Any bespoke data migration requirements or support required to migrate data to a new platform would be out of scope and incur additional cost.

Using the service

Web browser interface: Yes
Supported browsers: Microsoft Edge

Chrome

Safari
Application to install: Yes
Compatible operating systems: Android

IOS

Windows
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: Our mobile service displays and formats our product using a responsive design that dynamically adjusts to mobile screen sizes.
Service interface: No
User support accessibility: None or don’t know
API: Yes
What users can and can't do using the API: THEIA360 has standard Microsoft D365 API connectors which can consume asset and work order data directly from D365 and make it available to be tagged within the digital twin. We can also export digital twin links into D365 so that virtual tours can be accessed from within D365.
We can also integrate with other asset and housing management systems or develop bespoke integration if required.
API documentation: Yes
API documentation formats: HTML

PDF
API sandbox or test environment: Yes
Customisation available: Yes
Description of customisation: THEIA360 can be white labelled so that the solution has your organisations branding on it with no references to THEIA360. THEIA360 can also be embedded within your own systems via an iframe or a pop-up link.

Scaling

Independence of resources: THEIA360 operates a single tenant per client within the Microsoft Azure Cloud.

Analytics

Service usage metrics: Yes
Metrics types: THEIA360 has built in real-time dashboards
Reporting types: Real-time dashboards

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Conforms to BS7858:2019
Government security clearance: Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: Yes
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least once a year
Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest: Physical access control, complying with CSA CCM v3.0
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation

Deleted data can’t be directly accessed
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach: Log an IT support request
Data export formats: CSV

Other
Other data export formats: Jpeg
Data import formats: CSV

Other
Other data import formats: SOAP API

JSON API

XLS

Data-in-transit protection

Data protection between buyer and supplier networks: Private network or public sector network

TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability: Depending on the level of service agreed with the customer. All data is available at all times in the production environment.
Approach to resilience: Available on request.
Outage reporting: Email alerts

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Username or password
Access restrictions in management interfaces and support channels: We have implemented role-based access control (RBAC) to ensure that individuals only access information and functions relevant to their roles. Utilise strong authentication methods such as multi-factor authentication (MFA) to verify user identities. Regularly review and update access permissions to align with changes in job responsibilities. Additionally, use encryption for data in transit and maintain comprehensive audit logs for all access and actions. This approach minimises unauthorised access and enhances security, ensuring that sensitive management interfaces and support channels are protected against potential security breaches.
Access restriction testing frequency: At least once a year
Management access authentication: 2-factor authentication

Username or password

Audit information for users

Access to user activity audit information: Users contact the support team to get audit information
How long user audit data is stored for: User-defined
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: User-defined
How long system logs are stored for: User-defined

Standards and certifications

ISO/IEC 27001 certification: No
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: No
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: Other
Other security governance standards: All security is managed by our ISMS and we are working towards ISO27001 certification
Information security policies and processes: No data is accessible directly by third parties. Only our own internal services can I/O datasets. Any ad hoc changes made to data collections or databases, are peer-reviewed and thoroughly tested before going into the production environment.

Operational security

Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach: All application, code, configuration, build and environment change follows an agreed and standardised change recording and approval process within MS Devops. We operate multiple controlled environments; development, test, UAT and production to ensure all changes are verified and tested prior to being released to client or production systems/services. All exceptions are tracked and reviewed.
Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach: We adopt a 3-phase approach to vulnerability management. (a) we review all high-risk vulnerabilities on a daily basis (day zero threats) and apply actions accordingly, (b) we undertake vulnerability assessments on a quarterly basis using our own engineering resources which aligns to our quarterly release cycles and (c) we engage annually (at least) with our CHECK/CREST accredited partner to undertake vulnerability testing on our business and products/services.
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: We conduct continuous surveillance of IT systems to detect and respond to threats early. This includes real-time analysis of network traffic and logs, regular vulnerability assessments, and intrusion detection systems. Alerts are promptly investigated, and incidents are analysed to mitigate damage and prevent recurrence. The approach ensures data integrity and confidentiality while maintaining compliance with regulatory requirements, demonstrating a commitment to robust cyber security and resilience against potential security breaches.
Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach: We operate a customer support desk for all service incidents. Incidents that cannot be resolved by our support desk will be immediately escalated to the relevant 2nd, 3rd line team. The support desk team manage the life of the service incident to conclusion. Our customer is informed periodically and/or when support activities/changes take place, until full remedy. Any service incident causing impact to more than a single customer or remaining unresolved for longer than 1hr, are escalated to senior management immediately and a major incident support process triggered

Secure development

Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks: No

Social Value

Fighting climate change

THEIA360 virtual tour solution can deliver significant social value by directly contributing to efforts against climate change through several impactful ways:
1. Reduced Travel Emissions: 360 virtual tours significantly reduce the need for physical travel to sites. This is particularly beneficial for industries such as real estate, tourism, and construction where site visits are frequent. Decreasing travel not only cuts down on carbon emissions from vehicles but also lessens overall air travel, one of the largest contributors to greenhouse gases.
2. Energy Efficiency in Buildings: 360 virtual tours can assist in the energy certification processes by providing detailed previews of properties. This allows for better planning and implementation of energy-efficient features and green technologies before construction begins or during renovations, leading to buildings that are more sustainable and less energy-intensive over their lifetime.
3. Enhanced Remote Collaboration: Virtual tours can enhance remote working capabilities by offering an immersive experience that can substitute for a physical presence. This capability is invaluable for meetings, inspections, and collaborations that would otherwise require participants to travel, thus further reducing the carbon footprint associated with workplace practices.
4. Education and Awareness: By integrating educational content on sustainability within the tours, enterprises can use this platform to promote environmental awareness and showcase sustainable practices. For instance, a virtual tour of a building could highlight its eco-friendly features, such as solar panels or efficient waste management systems, educating viewers and promoting green initiatives.
5. Resource Conservation: Virtual tours help in conserving physical resources by minimising the need for physical marketing materials, printed blueprints, and other paper-based resources, contributing to a reduction in waste.
By leveraging these features, enterprise 360 virtual tour solutions offer a powerful tool for businesses to enhance their environmental responsibility and promote sustainability, thus delivering social value by directly and indirectly combating climate change.

Pricing

Price: £0.75 to £1.50 a unit a year
Discount for educational organisations: No
Free trial available: No

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

THEIA360

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents