Target Information Systems Limited

Verature Contractor Management and Compliance System

Digitalising your compliant contractor process, Verature manages contractors, subcontractors & in-house workers on multiple projects or locations, ensuring all arrive safe, work safe and stay safe and you achieve continuous compliance.

Onboarding/assurance, project bookings, RAMS approvals/workflow, contractor portal, inductions &assessments, mobile check-in &badges, fire register, digital permits, permit mapping &audit.

Features

• Contractor Onboarding &Assurance, automated H&S Questionnaires & Renewals
• Centralised Approved Contractor Database across multiple locations and projects
• Secure storage and retrieval of compliance documents
• Automated renewals of compliance documents with Approve/Reject Workflow
• Daily view of live projects and contractors due on site
• Multiple permissions and access for Staff, Reception, and Security
• Unlimited Internal and External Users
• Online Inductions, Assessment and document upload through External Contractor Portal
• RAMS Approval and Workflow
• Live Site Fire Register, Electronic Permit Issue and on-site Audit

Benefits

• 24/7/365 access to information with real-time updates and reporting
• Configurable to meet your policies, processes and procedures
• Aligns with your incumbent IOSH/NEBOSH procedures
• Centralised contractor procedure for improved compliance and audit across locations
• One version of the truth around your projects and contractors
• Save time/costs through automating admin-heavy tasks and reduce chasing
• Comprehensive and automatically renewed Contractor Compliance documents for continuous compliance
• Mitigate risk and incidents caused by non-compliant contractors
• Prevent damage to your reputation
• Avoid H&S fines and prosecutions

£5,988 to £21,000 an instance a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@targetis.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

467545900589794

Contact

Phil Atkinson
07702 248 948
tenders@targetis.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Verature has unlimited internal and external users and each instance is restricted to 50GB data storage. Additional storage is available on request.
• System requirements:
  • A desktop, mobile or tablet computer
  • A modern Internet browser
  • A connection to the Internet

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: In FY2021 we responded to 99.7% of all support emails within the first hour.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support ; ; All support matters are to be first raised to the support email: support@verature.uk; ; Target provides application support between the hours of 9.00am and 5.30pm Monday to Friday excluding Bank Holidays. ; ; A support matter emailed to the support email can be followed up with a call in office hours to: 01226 212 056. ; ; Support incidents are split into three priorities: ; ; Priority One ; This is where an application is unavailable and users are unable to access the system. This will be responded to in one hour in business hours and have a resource dedicated to the problem until it is resolved. Target will work 24/7 on this problem until it is resolved. ; ; Priority Two ; This is for intermittent, non-critical support matters where the application is available and an error is occurring which does not affect normal usage of the system. ; ; Priority two matters will be responded to within four business hours, and typically resolved within 72 hours. ; ; Priority Three ; For minor matters such as layout issues, spelling mistakes in graphical text or minor amends; these will either be resolved within seven working days or scheduled for an agreed date/time.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Verature is very easy to onboard. We provide all project management, regular project meetings, installation and 2x train the trainer webinar sessions including all training/user documentation and ongoing support via a support team and dedicated account manager. We are also able to help with data migration.; ; Risk is minimised as your Site(s) will have an incumbent method for control of contractors and Verature is not put to live until fully tested via a comprehensive UAT process and accepted by the client.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Client will need to have their data exported into their preferred format at time of terminations.; ; Details on cost are available on request.
• End-of-contract process: The contract end date is agreed and requirements for exporting the data are discussed with the Account Manager.; ; Where development work is required for recovery of the data this is clearly documented, communicated, and controlled via our ISO9001 Quality Management Processes

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The available screen size of smaller devices can limit visibility of the information
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: No
• Customisation available: Yes
• Description of customisation: Clients are able to customise their instance of Verature to meet their specific policies, processes or procedures. Branding and email templates can be personalised, user types and associated permissions can be configured, schedule of reminders/alerts or approval workflows may be amended, and Verature can be configured to be used at additional sites.; ; This configuration is undertaken by Verature at the time of mobilisation.; ; Additional modules may be added on at any time during the lifecycle of the contract, such as electronic permits to work, permit mapping, shift handover.; ; Verature is a highly flexible and configurable platform.

Scaling

• Independence of resources: Verature instances are on high-end server infrastructure with immediate access to CPUs, scalable memory and server storage.

Analytics

• Service usage metrics: Yes
• Metrics types: User defined.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Never
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Clients export their data through their requirements to their Account Manager.
• Data export formats: CSV
• Data import formats: Other
• Other data import formats: Import not available to users, only at time of mobilisaton

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.7%
• Approach to resilience: Available on request.
• Outage reporting: Planned and unplanned outages are communicated via email.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Verature is configured to clients requirements where the permissions to access the database are configured at time of mobilisation.; ; Certain users/ system admin users have permission to set what access Users have to the database.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: NQA
• ISO/IEC 27001 accreditation date: 1 July 2020
• What the ISO/IEC 27001 doesn’t cover: We have been assessed on all control measures of the standard.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: The Information Security Policy and its supporting controls, processes and procedures apply to all information used, in all formats. It is compliant to Target's ISO 27001 accreditation.; ; The Information Security Policy and its supporting controls, processes and procedures apply to all individuals who have access to Target Information Systems information and technologies.; ; Target's Information Security policy covers the following:; Access Control; Backup Policy; Business Continuity; Change Management; Encryption; Information Handling; Information Risk Assessment; IT Usage Policy; Password Policy; Secure Development and Deployment Policy ; Supplier Security; Starters, Movers and Leavers Policy; ; Compliance with controls in the policy are monitored by the Information Security Group and reported/escalated to the Leadership Team and Board where appropriate. ; ; More details and access to external policy document available on request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Configuration of Verature happens upon mobilisation which is supported by a project roadmap listing any out of scope items for future consideration.; ; Changes are managed through a Change Request procedure as part of our ISO9001 Quality Management System
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Risk assessments are undertaken to identify, rank and mitigate risks that can be reasonably identified. In general terms, security incidents will have one or more of the following impacts:; Release of sensitive personal data eg. in a data breach;; Loss of reputation;; Loss of funding streams;; Inability to meet legal obligations;; Loss of business continuity;; ; The following timescales apply to updates and patches:; Critical or high risk vulnerabilities – 7 days o Medium – 30 days;; Low – 60 days; ; Further policy details available on request.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We check server logs daily and undertake monthly vulnerability scans. ; ; When vulnerabilities are identified they are dealt with in accordance with their potential risk:; Critical or high risk vulnerabilities – 7 days;; Medium risk – 30 days;; Low risk – 60 days;; ; Further details available on request.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents are handled effectively in a manner that minimises the adverse impact to the client and risk of data loss according to Target's incident management policy &process. ; ; Employees' responsibility to report security incidents actual, suspected, threatened or potential and observed security weaknesses through the appropriate known channels. Users report incidents through support/to their dedicated account manager.; ; Incidents are handled by appropriately authorised and skilled personnel and escalated to appropriate levels of management to determine response. All impacted subjects are informed, incidents are recorded and documented, evidence is gathered and maintained in a form that will withstand scrutiny.; ; Full policy available.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  It is Target's policy to:; ; • Comply with the requirements of environmental legislation and approved codes of practice; • Assess the environmental impact of all historic, current and likely future operations; • Continuously seek to improve environmental performance; • Reduce pollution, emissions and waste; • Reduce the use of all raw materials, energy and supplies; • Raise awareness, encourage participation and train employees in environmental matters; • Expect similar environmental standards from all suppliers and contractors; • Assist customers to use products and services in an environmentally-sensitive way; • Liaise with the local community; • Participate in discussions about environmental issues
• Tackling economic inequality:

  Tackling economic inequality

  Target has a Supplier Diversity Policy which aims to:; • Treat all suppliers fairly and equally, regardless of their sex, sexual orientation, marital ; status, race, colour, nationality, ethnic or national origin, religion, age, disability or union ; membership status.; • Ensure that no requirement or condition will be imposed without justification which could disadvantage suppliers purely on any of the above grounds. ; • Apply this policy to all aspects of procurement and partnering strategies.
• Equal opportunity:

  Equal opportunity

  Target aims to:; • Treat all employees, workers, job applicants, clients and suppliers fairly and equally; ; regardless of their sex, sexual orientation, gender status, marital status, pregnancy & ; maternity status, race, colour, ethnic or national origin, religion, age, disability or union ; membership status.; • Ensure that no requirement or condition will be imposed without justification which could disadvantage individuals purely on any of the above grounds. ; • Applies this policy to recruitment and selection, terms and conditions of employment -including pay, promotion, training, transfer and every other aspect of employment.; ; This policy is implemented within the framework of the relevant legislation, including:; • Equal Pay Act 1970 (Equal Value Amendment 1984); • Rehabilitation of Offenders Act 1974; • Sex Discrimination Act 1975 (Gender Reassignment Regulations 1999); • Race Relations Act 1976; • Disability Discrimination Act 1995; • The Protection from Harassment Act 1997; • Race Relations (Amendment) Act 2000; • Race Relations Act 1976 (Amendment) Regulations 2003; • Employment Equality (Sexual Orientation) Regulations 2003; • Employment Equality (Religion or Belief) Regulations 2003; • Disability Discrimination Act 2005; • Employment Equality (Age) Regulations 2006; ; Target is committed to the implementation of this policy and to a programme of action to ensure that the policy is, and continues to be, fully effective.
• Wellbeing:

  Wellbeing

  Target has dedicated wellbeing officers trained in Mental Health First Aid that deliver a regular check-in service to all staff members. Target offers access to external therapy sessions to staff members upon request. Target has a family friendly policy, providing flexible working to support staff wellbeing and home/work balance.

Pricing

• Price: £5,988 to £21,000 an instance a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@targetis.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.