Bentley Systems (UK) Limited

Cohesive DataConnect - Digital Twin Framework

DataConnect is Cohesive’s Digital Twin framework that ingests, validates, enriches and aligns, built asset information from multiple sources to deliver descriptive and informative digital twins. DataConnect enables data lacking consistent definition and stored across multiple systems, to be aligned, connected, and found in a single place.

Features

• Visualisation: Assets Data Sheets
• Visualisation: Geospatial Data and Map Viewer
• Visualisation: 2D /3D / 4D BIM Model Viewer
• Visualisation: Virtual Reality / Metaverse
• Visualisation: Search & Custom Queries
• Visualisation: Saved Views and Conditional Formatting
• Data Management: Class and Term Set Management
• Data Management: Data Contextualisation
• Data Management: Data Analytics
• Data Management: APIs & Data Connectivity

Benefits

• Efficiency gains in finding and sharing information.
• Data lacking consistent definition, is connected, enriched and aligned
• Data Quality is improved through automated validation.
• Improve decision making comes from reporting, analysis and insights
• Digital Continuity and Handover is enabled
• Secure, controlled access to all asset and project data
• Network or asset portfolio wide access to information and data
• Improved Stakeholder understanding and engagement,
• Reduce the risk of poor decisions based on poor data.

£6 a user a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@bentley.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

464228229342769

Contact

Nick Niknam
+44 7766 388848
gcloud@bentley.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements:
  • Access to the internet
  • Modern web browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Cohesive have the following priority levels for support: Priority 1 Critical business impact Priority 2 Significant business impact Priority 3 Some business impact Priority 4 Minimal business impact P1 are 24x7x365 P2 - P4 are handled (09.00 — 17.00) Monday to Friday UK Time (Excluding UK Bank Holidays) There are various levels of support that are priced on an individual basis, please contact us for a separate quotation. Resolution Targets: These are handled on a Severity basis. For incidents classed as severity 1 (highest) our incident handling window covers 7 days per week.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: LEVEL 0 self-help: Self-help support information in DataConnect help pages , including videos LEVEL 1 help desk resolution: Our level 1 support team respond to email and telephone requests and provide basic help desk resolution. If resolution is not reached, level 1 personnel escalate incidents to a higher level. LEVEL 2 in-depth application support: from knowledgeable Cohesive technicians – who assess issues and develop solutions which are not resolved at level 1. If the issue is not resolved, the team escalate incidents to level 3. LEVEL 3 expert product/service support: This level gives access to the highest technical resources available for problem resolution, provided by our level 3 technicians. They assess issues and define root causes, using product designs, code, or specification – to create solutions. Our Level 3 specialists are highly-skilled product specialists, including engineers who created elements of DataConnect. LEVEL 4 Outside support for problems: Contracted support for items provided by, but not directly serviced by, our partners, e.g. data centre and infrastructure-related issues supported by the data centre management service. Problems or requests are forwarded to level 4 and monitored.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onsite training, or at our head office, online user guide, customer specific videos, webinars, train the trainer.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Any authorised user can download the data to which they have access via a selectable download option. We can also optionally provide an online archive.
• End-of-contract process: There is a commitment to help transition to best alternative system if required at additional cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Fully compliant HTML5 based service, which auto-scales to specific device constraints.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Swagger is in place and describes the structure of DataConnect APIs
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: As part of our WCAG 2.1 AA testing, we test that DataConnect will work with assistive screen readers. e.g JAWs
• API: Yes
• What users can and can't do using the API: APIs are available to query and write to DataConnect. Post APIs enable the creation and update of artefacts in the DataConnect database and can be used to set up, update and delete assets, projects, contracts organisations etc, following triggers and taking values from other systems. Get APIs enable queries to be run and carry out analysis and report on DataConnect content.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Customisation will be carried out by Cohesive. The interface can be customised to suit a customer’s corporate brand. Integration flows can be customised to suit customers' business logic and source system data. Information portlets are configurable enabling us to customise the data contained within each portlet. Professional services will be charged based on the rate card included in this proposal.

Scaling

• Independence of resources: Systems are logically separated in a virtual cloud environment. All systems are monitored for performance and availability. Client instances are isolated meaning performance impact will not affect one another.

Analytics

• Service usage metrics: Yes
• Metrics types: Server loading, Disk usage, Document upload statistics and user activity monitoring.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller (no extras)
• Organisation whose services are being resold: COHESIVE UK GROUP LIMITED

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Downloading data is a standard feature of the application via a web browser.APIs can be called to extract data.
• Data export formats:
  • CSV
  • Other
• Other data export formats: JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • JSON
  • Open Model file formats e.g IFC
  • Proprietary Model Formats e.g RVT, NWD, i.DGN,

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.9% availability
• Approach to resilience: All DataConnect services have inherited resilience through in-region availability zones in Azure. Services are distributed across availability zones which means if one zone fails the other zones pick up the workload.
• Outage reporting: An emailed report of outages is available on request.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Our services are deployed in a private VNET. The only means of access are via Bastion hosts on a management network.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO 9001:2015
  • ISO 14001:2015

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Cohesive has an information security policy under the Quality and Environmental Management System (QEMS). Hosting of DataConnect, the managed infrastructure and related support services are currently in the scope of Cohesive's ISO 27001 accreditation programme. Certification is expected in November 2024.
• Information security policies and processes: As part of our ISO 9001 certification, we have a security policy within our QEMS owned by the relevant Board Member. In November 2024 we will be following ISO27001 security policies and processes for DataConnect hosting, managed infrastructure and support services.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The configuration and change management process has multiple steps, as follows: 1. Document the change; 2. Categorisation; 3. Acceptance/Success Criteria; 4. Prioritisation; 5. Create a Request for Change (RFC); 6. Create an Estimate; 7. Carry out the Work; 8. Test the Change & Security review; 9. Implementation, and; 10. Delivery Review. More detailed documentation of the configuration and change management is available on request.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Potential threats and information about threats are identified by using Internet Security Communities such as OWASP and by making the knowledge and defensive coding against threats part of the development team responsibilities. The level of threat will determine the speed of deployment of patches. Each application service goes through a threat modelling process to identify risks and vulnerabilities at all stages of the application development life cycle.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We are using Azure Defender to proactively detect and monitor all Azure services.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents are managed in an Incident Database solution that stores, tracks and reports on incidents. Where an incident involves a customer interaction that interaction is logged and tracked through the online help-desk system. The support team will respond in a common fashion to events reported by the automated monitoring tools.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Cohesive are putting sustainability goals into action, both internally but also externally helping support our clients’ journeys helping establish sustainability and ESG data foundations which can enable a business to be more responsible and profitable. From optimizing energy consumption and reducing operational costs to enhancing sustainability and improving carbon goals, there is a constant need for innovative solutions that we provide which drive efficiency and productivity along with our partnership with IBM Envizi and its ESG suite. Internally, we are committed to reporting on relevant ESG topics aligned with leading frameworks and methodologies. We have been measuring our carbon footprint since 2006 using the internationally recognized Greenhouse Gas Protocol standard, including emissions from office utility consumption, global business travel, and colleague commuting. We strive for efficiency in our business practices including corporate travel, colleague commuting and energy use for our offices. We are engaged with the Science Based Targets initiative (SBTi), the world’s leading coalition for setting corporate emission reduction targets in line with climate science. Their Net-Zero Standard is the benchmark against which organizations demonstrate strong management of their climate strategy, and why we chose to work within their framework. By submitting our near-term corporate targets to SBTi we are formally committing to be a part of the movement, in line with the Paris Agreement, to limit global warming to 1.5 degrees Celsius and reach a common goal of net zero no later than 2050. We encourage and support recycling and energy conservation programmes and each office participates in recycling programmes as offered by the local authorities and landlords. We have a published Carbon Reduction Plan in line with the requirements of PPN 06/21, published here: https://cohesivegroup.com/wp-content/uploads/2024/03/CARBON-REDUCTION-PLAN-Cohesive-UK-Group-Ltd.pdf

  Tackling economic inequality

  We are passionate about helping the communities where we live and work, in every country where we operate. We support both global and local initiatives, both corporately and through the initiative of our colleagues. Through corporate giving, we provide financial support for global and local organisations, such as The Hunger Project, Habitat for Humanity, Red Cross, and many others. These organisations help provide necessities—such as food, water, and shelter—to people in need all around the world.

  Equal opportunity

  We are an equal opportunity employer and consider all qualified applicants for employment without regard to race, colour, sex, sexual orientation, gender identity, disability, protected veteran status, religion, national origin, age, or any other protected characteristic. This commitment extends to all aspects of employment, including, but not limited to, hiring, placement, promotion, compensation, and training. We support workplace fair practices that promote diversity and inclusion. All suppliers are expected to promote a workforce and workplace free of harassment, unlawful discrimination, and retaliation. Suppliers are expected to provide equal opportunity employment and must not discriminate on the basis of age, race, colour, sex, religion, national origin, sexual orientation, disability, covered veteran status, or any other status protected by law. We are committed to conducting business with integrity and upholding high standards for business ethics and responsibility. This commitment extends to our suppliers, vendors, and business partners; our Supplier Code of Conduct details our commitments to responsible business throughout our supply chain. All suppliers and their employees or consultants (sub-suppliers) must adhere to this Supplier Code of Conduct while conducting business with us and must comply with all applicable laws and regulations while conducting business with us. We provide a Whistle-blower hotline to enable reporting of any violations of the code.

  Wellbeing

  The health, safety, and well-being of our colleagues, contractors and the public is of primary importance to us. All our colleagues understand that they are responsible for their own safety and wellbeing, and that they must be alert to safety and wellbeing concerns for those around them. Our health, safety and wellbeing policy provides colleagues and contractors with information about managing health and safety hazards and risks associated with our business, premises and activities. It is structured to set out legal duties and how to comply with the health & safety policy, safe work practices and procedures. Our Mental Health First Aiders have been formally accredited to administer mental health first aid in the workplace, by attending and passing a Mental Health First Aid Course that has been delivered by an Accredited Mental Health First Aid Instructor. They must be easily contactable during core working hours, be able to be called away from their normal duties at short notice if required and be able to maintain confidentiality as appropriate whilst demonstrating an ability to relate well to colleagues. Cohesive recognises that respecting the privacy of information relating to individuals who have received mental health first aid or may be experiencing a mental health problem or a mental health crisis at work is of high importance. All mental health first aiders and HR representatives are obligated to treat all matters sensitively and privately in accordance with Cohesive’s confidentiality protocols. If at any time the Mental Health First Aider assesses there is a risk of harm to another individual, they must escalate the matter to HR and they will advise on next steps. Cohesive's Operations Board are responsible for supporting Regional Managing Directors in implementing the Cohesive HSW policy manual and applying the controls in leading their global teams.

Pricing

• Price: £6 a user a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@bentley.com. Tell them what format you need. It will help if you say what assistive technology you use.