RH Environmental Limited

The Housing App

The Housing App provides the ability to undertake HHSRS inspections having regard to the appropriate regulations. The app will enable officers to prepare and keep an accurate record of the state and condition of the environment. The information gathered in the inspection report can be used towards a desktop assessment.

Features

• Authenticated mobile data collection
• API back office integration
• Photo submissions
• Remote access
• Automated email updates
• HHSRS Scoring
• HHSRS Reports
• Report sharing
• Fully compatible offline

Benefits

• Automatically store inspection data
• Generate reports
• Automatic data input (UPRN, weather, date/time and EPC)
• Reduce paper working
• Remote access

£131 to £13,833 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@rheglobal.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

479028295283626

Contact

RHE Global
0117 403 3584
info@rheglobal.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: None
• System requirements: A modern browser (Chrome, IE, Firefox, Safari)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: A response will be provided within 48 hours and there is limited service on the weekend.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Free support is provided through phone and email for subscribing organisation.; ; On-site support can be provided at extra cost. This would include half day training and hardware and/or software examination for compatibility issues.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Online training can be held for an extra cost, otherwise an over then phone walkthrough will be given for both the website and app. We also supply supportive material for implementation and advertising.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: All data submitted to your website account can be extracted by your officers.
• End-of-contract process: Once a renewal has not been taken up your account will be deactivated at the end of your last contracted date. After this we will store data for 1 month, to allow the opportunity to gain data that might have been missed when extracting or if you would like to re-take up the subscription. After this 1 month, all data is permanently wiped.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile app is for collecting evidence in line with the HHSRS workflow.; ; The desktop application is used to assess this data and access reports.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Enterprise subscribers can use our API to send data to other software platforms.
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: The senior development team actively monitor the server statistics on a daily basis and report any potential infrastructure requirements to the management team at scheduled, bi-monthly software strategy meetings. API request throttling is in place to prevent a single user maliciously or accidentally initiating a DoS attack. In addition to this, our AWS server arrangements allow for single-click scaling of hardware which can be provisioned immediately using our automated configuration management (ansible). As the application grows we will investigate the use of a load balancer to reroute traffic.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide analytics to show the numbers of cases submitted based on different metrics such as cat 1 and cat 2 hazards.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can either be downloaded from the case management page in PDF format or excel format. Data can also be exported through the API available on Enterprise plans.
• Data export formats: CSV
• Data import formats: Other
• Other data import formats: Data is submitted by reporters thorugh the app

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We outsource our servers and rely on third party SLA’s for availability. We currently use Amazon Web Services, Digital Ocean, Kingston Communications (KCom) and Helastel.; ; Contractually we do not guarantee availability unless specifically required due to factors beyond our control.; ; We have had a handful of < 1 hour service interruptions in the past 2 years.; ; Our server hosts guarantee approximately 99.9% uptime, with service credits if they fail.; ; https://aws.amazon.com/s3/sla/; ; https://www.digitalocean.com/help/policy/
• Approach to resilience: Information available on request.
• Outage reporting: Email alerts are sent to all customers concerned. Outage messages may be circulated around social media, and dashboards will fall into maintenance mode with a reason for downtime.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: We have dedicated two senior team members in sales and development who are the gatekeepers of the management and support channels. Access to administration panels for user maintenance is restricted to these key personnel.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We use industry standards to operate our data security management. This includes a named Data Security Manager and data security training provided to all Development and Sales staff that deal in customer data.
• Information security policies and processes: We review our information security policy annually. The whole company is registered with the IASME Cyber Essentials programme. Information Security is a standing item on the Company Management Team agenda. The information security policy is the responsibility of a Board Level Director, who receives reports from the Information Security Officer who is also supported by a Business Analyst in the Software Solutions team.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Software code and assets are tracked and versioned in Git.; ; Releases are versioned and deployed through the Jenkins Continuous integration platform allowing for one-click rollback if required.; ; Server software packages are managed with ansible which automates provisioning.; ; Any code changes are reviewed by the Senior Development team and released to the staging server for testing before being released to production.; ; Server software package changes between development machines, staging and production are all managed via ansible which ensures the environment is replicable.; ; Feature changes require approval from sales, the business analyst and senior development team before coding begins.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We assess potential threats via our automated vulnerability scanner, OpenVAS, which runs weekly. We monitor for unusual activity that may indicate a system defect being exploited. Areas of the application that involve handling of secure information are prioritised. If a third-party library is used, the development team will research the issues to assess whether there are known flaws which could affect our systems. We receive alerts from the National Cyber Security Centre regarding the latest threats which are forwarded to the development team if relevant. Patches are prioritised and tested on our staging server before released to production.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The senior development team monitor server data and statistics which shows a current and historical overview of the platform. Unusual activity (spikes or behaviour not typical to that time of day) are investigated by analysing the logs. Potential compromises can also be identified during testing on the staging server. Any issue would be raised with the development team and prioritised in the backlog before changes are made to production. In addition to manual testing, there is also some automated test-coverage across the application. Failed tests would indicate a potential flaw in the application and would be prioritised immediately.
• Incident management type: Supplier-defined controls
• Incident management approach: Dedicated support team who respond to incidents.; Incident call raised by the "incident commander" who assembles relevant people to action the incident.; Incident logged in an issue tracking system.; Post-mortem with follow up actions to help detect and mitigate similar issues in the future.; Use of a common post-mortem template so we can analyse where the majority of issues stem from. Users report incidents either through the app, or via the support page on the website. The support team then react to this and notify the incident commander.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  The app helps with evidence collection and investigation into common housing health issues such as damp and mould.

Pricing

• Price: £131 to £13,833 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We currently offer a 4-week free trial on the entire service.
• Link to free trial: Thehousingapp.com

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@rheglobal.com. Tell them what format you need. It will help if you say what assistive technology you use.