EcoOnline

Permit to Work Software

EcoOnlines Permit to Work (PTW) software allows users to quickly and easily create, request and manage permits for all manner of hazardous works. All stakeholders in the work are given visibility on permit content, facilitating better communication and safety control across your team and contractors.

Features

• MAINTAIN AND MANAGE: Easily track permit creation and updates
• PERMISSIONS: Choose who can issue, review and authorize permits.
• FULL PICTURE: Attach risk assessments and method statements to permits
• PERMIT EXTENSIONS: Extended permits link back to the original documents.
• HANDBACK/CANCEL: Handback permits for completed work or cancel if incomplete
• MULTILINGUAL: PTW System is available in multiple languages
• PERMIT QUESTIONS: Create your own safety precaution questions
• MULTI-PERMITS Ability to combine multiple permits into one record

Benefits

• Easy-to-use permit to work (PTW) management
• Eliminate excess paperwork and improve your handover process
• Choose from General and Specialist permit templates
• Simple checklist process encompasses all associated safety checks and precautions
• Have complete control over permit issuance and approval
• Send your permits through several stakeholders for review and sign-off
• Gain an oversight of all permit related information
• Quickly view Open, Overdue and Specialist Permits
• Notify reviewers by email when permits are up for authorization
• View what changes were made to permits and by whom

£240 to £2,000 a user a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@ecoonline.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

481195159678527

Contact

Bid Team
01926 844 200
bidteam@ecoonline.com

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: EcoOnline EHS
• Cloud deployment model: Private cloud
• Service constraints: Up to date internet browser
• System requirements:
  • Web browser (no special plug-ins required)
  • Network access
  • Apple or Android phone (for the Mobile App)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support hours are Monday to Friday 9:00am to 5:30pm; ; Priority 1 - Major Defect - Within two (2) business hours. ; Priority 2 - Critical Defect - Within four (4) business hours. ; Priority 3 - Non-Critical Defect - Within twelve (12) business hours. ; Priority 4 - Error - Within twenty-four (24) business hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Priority 1 - Major Defect; The entire Software Service is “down” and inaccessible to all Authorised Users. Priority 1 incidents shall be reported by telephone only.; Response Time : Within two (2) business hours. ; Target resolution time : Eight (8) business hours. Continuous effort after initial response and with Client co-operation.; ; Priority 2 - Critical Defect; Operation of the Software Service is severely degraded, or major components of the Software Service are not operational, and work cannot reasonably continue. Priority 2 incidents shall be reported by telephone only.; ; Response Time : Within four (4) business hours. ; Target resolution time : Within two (2) business days after initial response. ; ; Priority 3 - Non-Critical Defect; Certain non-essential features of the Software Service are impaired while most major components of the Software Service remain functional.; Response Time : Within twelve (12) business hours. ; Target resolution time : Within fifteen (15) days after initial response. ; ; Priority 4 - Error; Errors that are non-disabling or cosmetic and have little or no impact on the normal operation of the Software Service.; Response Time : Within twenty-four (24) business hours. ; Target resolution time : Next Maintenance Event.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The EcoOnline professional services team will provide a full setup of the EcoOnline system which comprises of onsite visits to understand the businesses requirements and objectives, User Acceptance Tests (UATs) and product delivery/roll-out. Built-in online help and documentation is provided coupled with classroom based train the trainer sessions.
• Service documentation: No
• End-of-contract data extraction: EcoOnline EHS has a built-in export function to extract data on a module by module basis. However when leaving a platform like EcoOnline users usually requires large volumes of data and some form of re-structuring which is done upon their instruction.
• End-of-contract process: Upon contract termination EcoOnline will act on the clients behalf to extract their data and structure in a format required. Depending on the amount of data and re-structuring will dictate the cost at our standard day rate.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The service is responsive and so will look different on some mobile browsers Vs a desktop browser; As well as being available on mobile browsers the service also has a dedicated mobile App available for Apple and Android devices
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Yes, we have APIs or can offer direct access to a replica of our DataWarehouse which is a Microsoft SQL Server instance.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: As a best-practice solution, huge considerations have been made to ensure that our software is as feature rich as it is easy to use. Customisable forms and workflows, as well as flexible data relationships make the software highly configurable. Configuration is managed partly by our professional services team, but in the main it is managed by the clients system administrator(s)

Scaling

• Independence of resources: EcoOnline monitor the compute resources, in real-time, and increase if needed.

Analytics

• Service usage metrics: Yes
• Metrics types: Metrics types; ; On request EcoOnline will provide the average and peak login concurrency on the system.; Reporting types; ; Reports on request
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can either export at the module level from the user interface or contact Safety Software to make a complete export of the data.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99.5%
• Approach to resilience: Detailed information available upon request. EcoOnline is hosted only in world-class datacentres holding appropriate internationally-recognised accreditation and certification for their operations, security and resiliency.
• Outage reporting: Nominated contacts are informed should there be a service outage.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Only named personnel have access to the management interface and given authority to communicate with the support channel.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: SGS UK Ltd
• ISO/IEC 27001 accreditation date: 10/02/2014
• What the ISO/IEC 27001 doesn’t cover: 111 of the 114 controls in the 2013 standard are applicable to us. The following are not applicable: A.9.4.4 Use of privileged utility programs; A.11.1.6 Delivery and loading areas; A.14.1.3 Protecting application services transactions.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We hold ISO/IEC 27001:2013 certification which was gained from a UKAS accredited certification body. It is the specification for an Information Security Management System (ISMS). ; The Company will: ; - Comply with all applicable laws, regulations and contractual obligations;; - Implement continual improvement initiatives, including risk assessment and treatment strategies, while making the best use of its management resources to meet and improve information security system’s requirements;; - Adopt an information security management system (ISMS) comprising of a security manual and procedures that provides direction and guidance on information security matters relating to employees, customers, suppliers and interested parties who come into contact with the Company’s work;; - Work closely with their Customers, Business Partners and Suppliers in seeking to establish Information Security Standards;; - Adopt a forward-looking view on future business decisions, including the continual review of risk evaluation criteria, which may have an impact on Information Security;; - Train all members of staff in their needs and responsibilities for Information Security Management;; - Constantly strive to meet, and when possible exceed, its customers and staff expectations.; - Communicate its Information Security objectives and its performance in achieving these objectives, throughout the Company and to interested parties.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: The organisation has policies and procedures in place pertaining to Annex A.12.1.2 Change management of ISO/IEC 27001:2013 and these are audited by our UKAS accredited certification body annually.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: The organisation has policies and procedures in place pertaining to Annex A.12.6.1 Management of technical vulnerabilities of ISO/IEC 27001:2013 and these are audited by our UKAS accredited certification body annually.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: The organisation has policies and procedures in place pertaining to Annex A.12.1.3 Capacity management of ISO/IEC 27001:2013 and these are audited by our UKAS accredited certification body annually.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: The organisation has policies and procedures in place pertaining to Annex A.16 Information security incident management of ISO/IEC 27001:2013 and these are audited by our UKAS accredited certification body annually.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Due to the high degree of flexibility built into all of our software in can be used not just for Health & Safety, but for also for Environmental management.; ; The Permit to Work module can be used to ensure permits are only issued when the environmental requirements/standards of your organisation are met.
• Wellbeing:

  Wellbeing

  Due to poor health and safety, millions of workdays are lost due to work-related ill health and non-fatal workplace accidents.; ; We know that a lot of the occupational diseases and accidents could be avoided by increasing knowledge and easy to use information systems that helps companies identify, track, and eliminate risk at work.; ; Still, year on year an unacceptably high number of people work in unsafe and unhealthy work environments. Placing needless costs on the employees, the businesses, and the environment.; ; We must ask ourselves why? Why with all the information and guidelines available do we continue to have workplace incidents?; ; To break this paradox, EcoOnline are passionate about developing user-friendly digital software that improves the flow of information and streamlines all documentation needed to reduce risks due to factors in the workplace.; ; At EcoOnline we use innovative technology to help our clients build a deeper understanding of their operational and EHS risks. By designing EHS software with ease of use at its core, we lower the barrier so that anyone can report incidents, near misses or other important events – wherever they are.; ; We use data captures and connect these to drill down into the root cause of the incidents, risks, or emissions. Through easy to use and understand dashboards everyone can take a role in spotting trends, corrective actions and contribute to protect employees, contractors, customers, and the public.

Pricing

• Price: £240 to £2,000 a user a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We offer a free workshop where EcoOnline will come in and sit down with the prospect and work through a training program with them. Following this workshop a demo system will be made available for a short trial period.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@ecoonline.com. Tell them what format you need. It will help if you say what assistive technology you use.