Azeus UK Limited

Azeus Convene ESG

Convene ESG allows you to simplify your ESG reporting by providing a platform to collect data, track progress, align with frameworks and produce reports. Our end-to-end approach automates much of this process, making it as easy as possible. This way, your organisation can focus on the bigger sustainability picture.

Features

• Automated data collection
• Configurable scheduled data collection reminders
• Support for manual, file import and API based data collection
• Single source of historical data for analysis and reporting

Benefits

• Automate the collection of ESG data
• Improve data ownership, historical data analysis and retention
• Access a Best Practice Library comparing performance against your peers
• Report to the latest version of Sustainability Reporting Standard (SRS)
• Simplify the sharing of your SRS reports in multiple formats
• Reuse your collected SRS data in other reporting frameworks

£5,750 an instance

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ukpresales@azeus.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

422550777865688

Contact

Eleanor Jim
020 3743 2515
ukpresales@azeus.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: Our standard terms of service set out the scheduled maintenance windows for servers hosted in different regions, and such terms of service are incorporated as part of the contract. Scheduled maintenance is carried out within that window. This would suffice as communicating scheduled maintenance in advance. For major release deployments, customers receive advanced notice of upcoming changes.
• System requirements:
  • Desktop Browser: Chrome Version 98.0.4758.102 or higher
  • Desktop Browser: Firefox 99.0.1 or higher
  • Desktop Browser: Microsoft Edge Version 100.0.4896.127 or higher
  • Desktop Browser: Safari Version 15.0 (16612.1.29.41.4, 16612) or higher

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Reported issues will be prioritised according to their nature and impact to business operations. The priority definitions and corresponding target response times are: High – Service is unusable – 1 hour; Medium – Service is usable, but affects day-to-day operations – 2 hours; Low – Service is usable, but has minor issue(s) / Ad hoc queries by end users – 8 hours. The above is for emails. For phone calls, response time is less than a minute. Response times are the same for weekends. Support is available 24/7/365.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Our webchat service is provided by Olark; (https://www.olark.com/ada-accessible-live-chat) who have done extensive testing to ensure the service works well with users with accessibility needs and includes features like keyboard-only navigation.
• Onsite support: Yes, at extra cost
• Support levels: Priority One - Service not usable: response within one hour; fix or workaround within one working day. ; ; Priority Two - Service usable but not functioning as expected: response within two hours; fix or workaround within 5 working days. ; ; Priority Three - Service usable but user is experiencing other issues; response within 8 hours; fix in the next release. ; ; Costs are included within standard license. ; ; Support will be a cloud support engineer, if the fix is not satisfactory, it can be escalated to a technical manager. ; ; Support is normally remote. Onsite support will be charged at SFIA rates.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: User documentation is available and we provide onboarding training for new users to help them get familiar with the product.; ; We also offer online training via Teams/Zoom/Webex, in addition to onsite training.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Users can extract data in XBRL format.
• End-of-contract process: Prior to the end of the contract, we send a termination email containing instructions on how clients can manage the export of their data from the system at the end of the contract period. ; As part of our standard procedures, in the event of service termination, data will be retained securely in the hosting environment for 30 days after services have been terminated. This is a period to allow clients to retrieve data that has been previously uploaded to the environment. ; ; If no data retrieval requests have been received within this 30-day period, Azeus will perform cryptographic deletion of the client’s data. This is carried out by deleting the data in its encrypted form and any corresponding encryption keys associated with the data. This removes any chance of recovery and decryption of deleted data. ; ; The storage blocks are then marked as unallocated after this deletion process.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The service is web-based and can be accessed via the most up-to-date mainstream web browsers on mobile and desktop devices. The display of larger datasets and visual analytics/reporting means that the service is best used on a device with a larger screen resolution. A tablet or desktop-based browser is the optimal platform for using the system, although it will function on a supported mobile browser.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Convene ESG is an integrated web-based solution designed to allow users to manage the capture, analysis and reporting of their ESG-related data. Convene ESG is designed to be multiplatform to give customers the flexibility to use their preferred browsers on their devices or platforms of choice.
• Accessibility standards: None or don’t know
• Description of accessibility: Convene ESG shows user-friendly error messages to the user when an error occurs, and supports browser-based assistive technologies including JAWS-based screen readers.
• Accessibility testing: As part of our testing processes, we check for conformance to accessibility standards.
• API: Yes
• What users can and can't do using the API: Users can import and export calculated data to and from other systems including Microsoft Power BI.
• API documentation: No
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users can add custom fields to existing reports.; Users can request customised reports.

Scaling

• Independence of resources: We use AWS as our host and the system can scale to meet demand automatically.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data export can be via the API or by downloading an .xls file. XBRL output is also possible for ESRS reports.
• Data export formats: Other
• Other data export formats:
  • XBRL
  • Microsoft Excel (.xls)
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XML
  • Microsoft Excel (.xls)

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We provide 99.5% availability (uptime excluding planned maintenance and upgrades).
• Approach to resilience: Details are available on request
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: As part of Convene ESG's security policies, each individual is given their own account for accessing management interfaces and support channels. Sharing of accounts is strictly prohibited. Access to the cloud infrastructure's management console requires two-factor authentication and only authorized personnel are provided access. Authorized personnel are only provided with the access required for them to perform their role and responsibilities. All access, both in management interfaces and in support channels, is reviewed regularly to prevent privilege creep and to ensure obsolete accounts are disabled.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
  • Other
• Description of management access authentication: Passwords - Through the Accounts tab, complex passwords can be enforced through a configurable password policy, allowing the system administrator to specify various settings.; ; AD/LDAP Integration - Convene ESG integrates with Active Directory and LDAP to allow users to log in to the app/web portal using their existing corporate/organisation accounts. ; ; 2FA - Upon signing in, the system also checks if the device/browser used is registered through the administrative portal.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Amtivo Group Limited, trading as British Assessment Bureau
• ISO/IEC 27001 accreditation date: 26/08/2021
• What the ISO/IEC 27001 doesn’t cover: Software development and deployment are out of the scope of the certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • SOC2
  • ISO 9001 for our AWS hosted services
  • ISO 27001 for our AWS hosted services
  • ISO 27017 for our AWS hosted services
  • ISO 27018 for our AWS hosted services
  • AICPA (SOC 1/2/3) compliant AWS hosting

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: SOC2
• Information security policies and processes: Convene ESG has documented security policies and procedures in place to ensure the confidentiality, availability, and integrity of the system. We have appointed senior personnel and teams that ensure the proper and total implementation of our security policies and procedures across the entire organisation. Our security policies include the organizational structure of the organisation's security team and its responsibilities, principles, security incident response procedures, access policies, security vetting requirements, onboarding and offboarding procedures, and data and systems security. A Chief Security Officer is assigned to every office location and is responsible for ensuring that staff comply with security policies and procedures; protecting customer data or information; and regularly reviewing the effectiveness of security policies and procedures to safeguard against the growing number of threats and their evolving sophistication.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Convene ESG's configuration and change management process has been audited under SOC2. As part of our configuration and change management procedures, all changes need to be applied and tested in a separate test environment before seeking approval from the change control manager. Approved changes are scheduled at least a week before implementation in production. All changes are requested and tracked in an electronic ticketing system and each change request is assigned a unique identifier for proper tracking and auditing. Vulnerability scans are performed before every major release to ensure that any changes have been analysed for potential security impacts.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Convene ESG's System Team performs vulnerability scanning on the application and the infrastructure to ensure the security of the whole system. Web application scans are performed after every major release before the web application is finally released into production. Patch management procedures are in place to ensure that servers are regularly updated with the latest security patches. Critical patches are applied next non-peak window. Any patches undergo testing before application to production to ensure no adverse impact on the functionality of the system. Convene ESG's System Team also subscribes to security newsletters to stay updated with the latest security vulnerabilities,
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Convene ESG has a 24x7 monitoring system and intrusion detection system to identify potential threats and alert all responsible parties for prevention, investigation, and/or remediation. Staff are made aware of security incident handling and reporting procedures. All breaches to information security, actual or suspected, are promptly reported to Chief Security Officers. CSOs will lead the investigations of such incidents and customer representatives will be informed immediately about such breaches. Convene will task security experts to work with the Customer's internal ICT team to provide the Customer with any assistance in tracing and resolving security issues that may impact business operations.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: An incident ticketing system is in place to provide a guided mechanism for tracking, handling, and documenting system incidents. This ticketing system is configured to follow the policies and procedures for handling and responding to system incidents. Convene ESG's support team follow pre-defined procedures for addressing common events. Users can report incidents via chat, email, or phone. Responsible parties are required to provide inputs on the corresponding incident ticket for causal analysis and resolution. Incident reports can be provided to customers upon request.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity

  Fighting climate change

  Initiating our UK company's journey towards net zero in 2022, our goal is to achieve Carbon Neutrality by 2030. To facilitate emissions tracking, we've developed Convene ESG, our proprietary software, which we have used to streamline data capture for comparison with baseline data collected from April 2022 to March 2023. ; ; Identifying four main sources of GHG generation — Data Centres, Conferences, Business Travel, Office Space, and Commuting — we've devised strategies for each: ; ; Data Centres: Transitioning solely to Carbon Neutral Data Centres by 2030, we currently utilize AWS data centres, aligning with AWS's aim to power all facilities with renewable energy by 2030. ; ; Conferences, Trade Events: Already prioritizing ethically produced, recycled materials for giveaways, we aim to source all backdrops and banners from recycled materials by 2025. ; ; For Business Travel we have a public transport and train first policy. For international business travel, flights are only allowed if the train journey exceeds 12 hours. Target is to be Carbon Neutral on business travel by 2030. ; ; Targeting Carbon Zero transport for events by 2030, our business travel policy emphasises public transport and trains, with allowances for car use only when no public transport is available, and flights restricted to essential international travel exceeding 12 hours by train. ; ; Office Space: In London, we have consolidated into a lower-emission space to diminish our Carbon footprint, aspiring to inhabit a fully Net Zero workspace by 2030, with ongoing market assessments to expedite this. ; ; Commuting: Discouraging car commuting with no parking facilities or subsidies, we're launching a cycle-to-work scheme in 2024 for Sales reps who want a portable bike to get from stations to meetings and for those who wish to purchase an electric bike for longer commutes. For remote workers, we're exploring Carbon Offset options to align with our 2030 targets.

  Covid-19 recovery

  Azeus UK understands that Covid 19 continues to have an impact on people's lives particularly those who have responsibilities outside of the workplace in providing care to vulnerable or elderly relatives. We continue to offer fully remote working to those who wish to continue with the arrangements introduced during the pandemic. Our board portal product is designed to support remote meetings and we provided many organisations in the public sector, arts and charities with free licenses during the pandemic to enable them to hold meetings remotely.

  Equal opportunity

  The Azeus Equal Opportunities Policy is a commitment by the company to provide equal employment and advancement opportunities for all employees, without discrimination based on race, colour, nationality, sex, disability, sexual orientation, religion, political belief, trade union activity, or age. ​ The policy applies to all employees and applicants and covers all aspects of employment including hiring, promotion, termination, compensation, and training. ​; ; Our policy also emphasises the importance of diversity and values the contributions of individuals from different backgrounds.; ; Providing equal opportunities is not only good management practice but also makes sound business sense, as it allows employees to develop their full potential and maximises the organisation's efficiency. ​ The company recognises that the responsibility for implementing this policy lies with the Board of Directors, but all employees have a role in ensuring its effective implementation in their daily activities and working relationships. ​; ; The policy covers various areas such as recruitment, selection, training, promotion, monitoring, communication, and grievance and discipline. ​ The selection process must be based on objective job-related criteria, and training programs should integrate equal opportunity principles. ​ Promotion decisions should be made according to objective selection criteria, and the effects of the policy and programs should be regularly monitored and analysed to identify areas of under-representation and assess the impact of employment procedures. ​; ; Employees who believe they have experienced unfair or unlawful discrimination or harassment can raise their concerns through the applicable grievance procedure. ​ In addition, they have the right to pursue complaints of discrimination to an industrial tribunal or the Fair Employment Tribunal, depending on the country where they are hired. ​ The company is committed to ensuring that employees who make complaints are not victimised, and any complaint of victimisation will be dealt with seriously and may result in disciplinary action.

Pricing

• Price: £5,750 an instance
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Trial accounts are available for technical and user testing. Once started, you have full access to the Convene ESG support and customer success teams. The aim of the trial is so you can assure yourself that Convene ESG satisfies your use cases. The trial is available for 4 weeks.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ukpresales@azeus.com. Tell them what format you need. It will help if you say what assistive technology you use.