COHESIVE UK GROUP LIMITED

ComplyPro

ComplyPro is a SaaS-based solution that ensures progressive programme assurance, encapsulating processes such as Requirements Management, Assumptions Management and Hazards. The solution is delivered on major projects as an intrinsic part of the design and delivery phases, significantly improving engineering and cost efficiency.

Features

• Configurable workflow
• Zero infrastructure SaaS model
• Highly scalable and can be used anywhere via the Internet
• Ease of use, typically 3-hour end-user training required
• Role-based multi-user secure access
• Dashboards providing real-time view of progressive assurance
• Many users can update the system simultaneously
• Interface with third party systems
• Simple, intuitive interface for non-expert users
• Project collaboration

Benefits

• Help deliver progressive programme assurance
• Effectively manage project complexity
• Reduce corporate risk
• Enable management by exception
• Single source of truth
• Traceability through linking of multiple records
• Promote collaborative working across projects
• Reduce project contingency
• Reduce project delay and overspend, typically 2-4% project savings
• Provide evidence of progress against project objectives

£1,955 a user a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at matt.blackwell@cohesivegroup.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

501415019859682

Contact

Matt Blackwell
+447717838847
matt.blackwell@cohesivegroup.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: - SYNCHRO; - Projectwise; - Bentley Systems' Recurring Advancement Services Programme (RASP); - ComplyPro (Lot3, Cloud Services)
• Cloud deployment model: Private cloud
• Service constraints: Patching and maintenance windows are scheduled every month to ensure the security and reliability of the service. A notice will be provided and some service disruption may occur during these out-of-hours windows.
• System requirements:
  • Windows 11 (64-bit)
  • Windows 10 (64-bit)
  • Windows 8.1 (32 and 64-bit)
  • Windows 8 (32 and 64-bit)
  • Windows 7 (32 and 64-bit)
  • Citrix receiver latest version

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times are covered by an SLA and are based on priority. P1 - Availability Support 24x7 - Response 1 hour - Resolution Worked continuously until resolved - Update Interval - 1 hour P2 - Availability Support 24x5 - Response 2 Business Hours - Resolution 1 Business Day – Update Interval 4 hours P3 - Availability Support 24x5 - Response 4 Business Hours - Resolution 10 Business Days - Update Interval 1 Business Day P4 - Availability Support 24x5 - Response 8 Business Hours - Resolution Mutually Agreed - Update Interval Mutually Agreed
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Included with the subscription is a standard SLA providing 24x7 uptime, support, RPO and RTO and product upgrades. ; P1 - Availability Support 24x7 - Response 1 hour - Resolution Worked continuously until resolved - Update Interval - 1 hour P2 - Availability Support 24x5 - Response 2 Business Hours - Resolution 1 Business Day – Update Interval 4 hours P3 - Availability Support 24x5 - Response 4 Business Hours - Resolution 10 Business Days - Update Interval 1 Business Day P4 - Availability Support 24x5 - Response 8 Business Hours - Resolution Mutually Agreed - Update Interval Mutually Agreed
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: After the cloud service is enabled Bentley will engage with the users (stakeholders, representatives from various departments) to define configuration details. Once the system is finally configured, Bentley will perform on-site or remote training sessions for each group/role. There are options to share videos, training material, prepare custom training material.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Upon termination of your ComplyPro Subscription, Bentley will deactivate any remaining user accounts and provide an export of the Subscriber’s data in a standard, generally accepted electronic form within ten (10) business days, and places no restrictions on its use by the Subscriber. Unless otherwise requested, Bentley will delete all copies of the Subscriber’s data from its servers within two (2) weeks of being notified that the Subscriber has successfully read the files, or within four (4) weeks of the data being provided if no confirmation or associated Service Request is received.
• End-of-contract process: Upon termination of your ComplyPro Subscription, Bentley will deactivate any remaining user accounts and provide an export of Subscriber’s data as stated above. Unless otherwise requested, Bentley will delete all copies of Subscriber’s data from its servers within two (2) weeks of being notified that the Subscriber has successfully read the files, or within four (4) weeks of the data being provided if no confirmation or associated Service Request is received. If required, Bentley can provide Professional Services to assist in the migration of the data to a new service provider for an additional fee which will be determined based on the scope of requirements.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: ComplyPro system administrator users have access to standard customisation tools within the database for defining workflows, attributes and their definitions, screen layouts, and dashboards.

Scaling

• Independence of resources: Systems are logically separated in a virtual cloud environment. All systems are monitored in real time for performance and availability.

Analytics

• Service usage metrics: Yes
• Metrics types: Monthly usage report, emailed to nominated users.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data export is simple, with standard features configurable to support arbitrarily formatted documents.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • MS Excel (xls and xlsx)
  • PDF
  • Image file (stack bar dashboard)
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • MS Excel (xls and xlsx)
  • MS Word
  • XML

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.9%, assured by contractual commitment. Service credits when service availability drops below SLA level in a month.
• Approach to resilience: All services are deployed in a fully redundant configuration within fully redundant data centres meaning that any failure of equipment, service provider or software service will result in zero, or minimal, impact to the overall service.
• Outage reporting: Planned and unplanned outage notification emails are sent to registered users for affected systems.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Username and strong password
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: The services are provided from ISO27001 certified data centres. While this service is not under the Cohesive ISO 27001 certification scope, many of the same governance processes and procedures are in place. Please reference: https://cohesivegroup.com/wp-content/uploads/2023/10/IS-716340-Cohesive-Certificate.pdf
• Information security policies and processes: Information Security policies are designed utilising the ISO 27001:2013 framework. All colleagues are required to review and acknowledge our Information Security Policy upon hire and thereafter annually. The policies themselves are emailed out at least annually and reside permanently on our intranet site for quick retrieval.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Configuration and Change Management follow the ITIL framework and policies and procedures are documented with various security standards. All SaaS offerings go through a cloud approval process and are scanned for vulnerabilities prior to production.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerability management is conducted through various technologies internal and external to our network. Threats are identified using industry standard listings and patches/updates are applied at least monthly or as needed based on criticality.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Active IDS and numerous other third-party security tools operational on the network perimeter and selected systems under the scope for ISO 27001 and SOC2 certifications. Compromises are analysed and put through the incident management process for investigation. Response time depends on the severity of the compromise.
• Incident management type: Supplier-defined controls
• Incident management approach: The Incident Management process covers all aspects of a potential incident from start to finish with defined procedures and colleague involvement. Common events are handled depending on severity, users have multiple methods of reporting and reports are provided as part of the incident management procedure.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Cohesive are putting sustainability goals into action, both internally but also externally helping support our clients’ journeys helping establish sustainability and ESG data foundations which can enable a business to be more responsible and profitable. From optimizing energy consumption and reducing operational costs to enhancing sustainability and improving carbon goals, there is a constant need for innovative solutions that we provide which drive efficiency and productivity along with our partnership with IBM Envizi and its ESG suite. Internally, we are committed to reporting on relevant ESG topics aligned with leading frameworks and methodologies. We have been measuring our carbon footprint since 2006 using the internationally recognized Greenhouse Gas Protocol standard, including emissions from office utility consumption, global business travel, and colleague commuting. We strive for efficiency in our business practices including corporate travel, colleague commuting and energy use for our offices. We are engaged with the Science Based Targets initiative (SBTi), the world’s leading coalition for setting corporate emission reduction targets in line with climate science. Their Net-Zero Standard is the benchmark against which organizations demonstrate strong management of their climate strategy, and why we chose to work within their framework. By submitting our near-term corporate targets to SBTi we are formally committing to be a part of the movement, in line with the Paris Agreement, to limit global warming to 1.5 degrees Celsius and reach a common goal of net zero no later than 2050. We encourage and support recycling and energy conservation programmes and each office participates in recycling programmes as offered by the local authorities and landlords. We have a published Carbon Reduction Plan in line with the requirements of PPN 06/21, published here: https://cohesivegroup.com/wp-content/uploads/2024/03/CARBON-REDUCTION-PLAN-Cohesive-UK-Group-Ltd.pdf

  Tackling economic inequality

  We are passionate about helping the communities where we live and work, in every country where we operate. We support both global and local initiatives, both corporately and through the initiative of our colleagues. Through corporate giving, we provide financial support for global and local organisations, such as The Hunger Project, Habitat for Humanity, Red Cross, and many others. These organisations help provide necessities—such as food, water, and shelter—to people in need all around the world.

  Equal opportunity

  We are an equal opportunity employer and consider all qualified applicants for employment without regard to race, colour, sex, sexual orientation, gender identity, disability, protected veteran status, religion, national origin, age, or any other protected characteristic. This commitment extends to all aspects of employment, including, but not limited to, hiring, placement, promotion, compensation, and training. We support workplace fair practices that promote diversity and inclusion. All suppliers are expected to promote a workforce and workplace free of harassment, unlawful discrimination, and retaliation. Suppliers are expected to provide equal opportunity employment and must not discriminate on the basis of age, race, colour, sex, religion, national origin, sexual orientation, disability, covered veteran status, or any other status protected by law. We are committed to conducting business with integrity and upholding high standards for business ethics and responsibility. This commitment extends to our suppliers, vendors, and business partners; our Supplier Code of Conduct details our commitments to responsible business throughout our supply chain. All suppliers and their employees or consultants (sub-suppliers) must adhere to this Supplier Code of Conduct while conducting business with us and must comply with all applicable laws and regulations while conducting business with us. We provide a Whistle-blower hotline to enable reporting of any violations of the code.

  Wellbeing

  The health, safety, and well-being of our colleagues, contractors and the public is of primary importance to us. All our colleagues understand that they are responsible for their own safety and wellbeing, and that they must be alert to safety and wellbeing concerns for those around them. Our health, safety and wellbeing policy provides colleagues and contractors with information about managing health and safety hazards and risks associated with our business, premises and activities. It is structured to set out legal duties and how to comply with the health & safety policy, safe work practices and procedures. Our Mental Health First Aiders have been formally accredited to administer mental health first aid in the workplace, by attending and passing a Mental Health First Aid Course that has been delivered by an Accredited Mental Health First Aid Instructor. They must be easily contactable during core working hours, be able to be called away from their normal duties at short notice if required and be able to maintain confidentiality as appropriate whilst demonstrating an ability to relate well to colleagues. Cohesive recognises that respecting the privacy of information relating to individuals who have received mental health first aid or may be experiencing a mental health problem or a mental health crisis at work is of high importance. All mental health first aiders and HR representatives are obligated to treat all matters sensitively and privately in accordance with Cohesive’s confidentiality protocols. If at any time the Mental Health First Aider assesses there is a risk of harm to another individual, they must escalate the matter to HR and they will advise on next steps. Cohesive's Operations Board are responsible for supporting Regional Managing Directors in implementing the Cohesive HSW policy manual and applying the controls in leading their global teams.

Pricing

• Price: £1,955 a user a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We can provide a chargeable pilot/proof of concept solution using user data which is run against agreed success criteria for typically 60-90 days.
• Link to free trial: Access to the pilot/proof of concept environment will be setup to meet the requirements of each user.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at matt.blackwell@cohesivegroup.com. Tell them what format you need. It will help if you say what assistive technology you use.