SG WORLD LIMITED

SGW 5D Contractor Management Module

SGW 5D Contractor helps you manage contractors safely and effectively from start to finish. You have a contractor database to document and access important information and job history, pre-qualification checks, a digital permit-to-work system and a booking-in process – all in one integrated software platform.

Features

• Allows pre-booking of Contractors ahead of their visit.
• Creates Emergency Evacuation Register via web browser or mobile app.
• Automatic notification to host of Contractor arrival.
• Improves site access and security through branded, photographic ID passes.
• Helps compliance with Health & Safety legislation and Safeguarding requirements.
• UK GDPR compliant.
• Touch of a button reporting via an easy-to-use dashboard.
• Allows for the creation of an approved Contractor database.
• Generates Permit-to-Work for Contractor where work type prescribes.
• Records Contractor’s time on and off-site.

Benefits

• Speeds up the process of booking in Contractors.
• Improves evacuation response times when accounting for Contractors.
• Contactless booking improves efficiency and provides greater hygiene control.
• Easy management of data deletion aids compliance with data protection.
• Speeds up the process of selecting appropriate, approved Contractors.
• Reduces the possibility of workplace accidents and injuries.
• Touchscreen allows the creation of a tailored, Contractor induction process.
• RAMS can be attached to jobs all in one location.
• Recorded hours on-site can be compared to invoices.
• Stored Contractor ratings facilitate selection of most reliable performers.

£300 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at PatrickAshe@sgworld.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

496390184352990

Contact

Patrick Ashe
01270500921
PatrickAshe@sgworld.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: SGW 5D Visitor Management Module,; SGW 5D Asset Management Module, ; SGW 5D Safety Reporting Module,; SGW 5D Accident & Incident Reporting Module,
• Cloud deployment model: Public cloud
• Service constraints: Planned maintenance will be completed at weekends, and at least 2 weeks notice given where possible.
• System requirements: Will work on any internet connected device.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: During operational hours this is done same day where possible, however we aim to fix an issue within 4hrs if not a software development requirement.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: N/A
• Web chat accessibility testing: None
• Onsite support: Onsite support
• Support levels: We provide 1st & 2nd line IT Helpdesk support & training, we also offer chargeable extra training both onsite and virtually. Help is primarily helpdesk based.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Through a comprehensive onboarding process, initial information and documentation is conveyed at the "Welcome" & onboarding stage, then training, both remote and virtual is provided to allow users the full capability to use the system.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Reports are available for specific date ranges, people, and company levels within the 5D application, and these can be downloaded into CSV format. Customer can request Subject Access Request in line with legal right and do so through subjectaccessrights@sgworld.com
• End-of-contract process: If not contacted by the customer to terminate the contract within 60 days of the end of the term, the contract auto-renews for the minimum available contract length.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Most administration and configuration tasks are done via the web portal and are not available on the apps for mobiles.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: In many areas of the system, the software is configurable to individual clients requirements.

Scaling

• Independence of resources: The SAAS platform has significantly greater resources than are required for current use. Different database calls are distributed to alternative scalable databases to ensure robust performance.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Bulk export tools exist within the program.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: SGW5D availability SLA guarantees 99.5% uptime (or higher).
• Approach to resilience: Available upon request.
• Outage reporting: Email alerts, proactive notifications where partial service is available.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Support logins are only available to support users after the customer has agreed. Management functions within the system are achieved through permissions within the system.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Less than 1 month
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • Regular penetration testing is conducted by a CREST accredited supplier
  • This uses a methodology closely aligned to SANS, OSSTMM, OWASP.

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: All software is developed using ISO27001 standards but is not externally audited. Software is regularly pen tested by an external CREST accredited organisation. Monthly vulnerability scans are undertaken by a CREST accredited organisation. Due diligence has been conducted on Microsoft Azure where data is stored.
• Information security policies and processes: There are a number of internal security policies including Encryption Policy, Disaster Recovery Policy, Data Back-Up Policy, Password Policy etc. Policies are easily accessible to all staff. Updates or new policies are communicated internally. Back-End and Front-End Technical Leads manage a team of Developers. A Support & Services Manager is responsible for a team of Helpdesk Support staff.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We follow our ISO 27001 change management process. Change management forms are raised when a change hits the criteria. This is then reviewed against security and rollback measures and approved by the head of IT and Operations Director.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Technical teams are subscribed to a number of sites, RRS feeds and supplier email lists for vulnerabilities. In addition they are active on internet sites advising of issues, when any are discovered.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The IT team consistently monitor a number of analytical tools against network devices such as firewalls. These are monitored and if any issues are flagged or arise, they are dealt with as quicky as possible as part of the ISO 27001 standard and our change process. Any critical vulnerabilities that are discovered, are closed before remediation work is started.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents can be raised by any member of staff, and are dealt with on a security risk basis. They are reported via phone, or in person if critical, or in a ticket if less serious. Reports on incidents can be provided upon request.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Climate change goals are important to SG World and we take our impact on our environment seriously. We run many initiatives to reduce our energy consumption and have reduced our consumption by 10% in the last year. We are targeting a further 5% in 2024. Our energy is only purchased from organisations that supply renewable energy. We offer employees remote working which reduces their impact by not driving to work. Our service uses Microsoft Azure servers which will use 100% renewable energy by 2025.

  Covid-19 recovery

  To aid in the UK recovery from Covid-19, SG World has allowed our employees flexible working arrangements. These enable employees to take time off / work from home whilst caring for others / suffering from the illness themselves. Many team members take advantage of our remote working policy.

  Tackling economic inequality

  SG World uses the Pluralsight development service and encourage employees to use this to develop their knowledge and skills. In doing so, they gain more enjoyment from their work but also increase their opportunities for internal job promotions.

  Equal opportunity

  SG World is an equal opportunities employer. Our Equal Opportunity policy is available upon request.

  Wellbeing

  SG World takes employee wellbeing extremely seriously and follows the Thrive In 5 Initiative. In recognising that the majority of our employees undertake sedentary tasks, we encourage all employees to take rest breaks away from their workstations every hour. Other wellbeing initiatives include no email days (go and speak to a colleague), walking days, thank you days etc. We also practice a four-day week allowing our employees to spend more time with their families, indulging their hobbies and interests etc.

Pricing

• Price: £300 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Full access to the relevant software module for a time bound period excluding the use of any hardware peripherals.

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at PatrickAshe@sgworld.com. Tell them what format you need. It will help if you say what assistive technology you use.