Plentific

Plentific Platform

Centralise your property operations with the Plentific Platform. Our software-as-a-service solution combines with our well-established contractor marketplace to bring together people, systems and operations across key repair, maintenance and compliance processes. Plentific allows your teams, vendors and residents to seamlessly collaborate and communicate within our platform and supported mobile apps.

Features

• Cloud-based
• Real-time reporting
• ISO/IEC 27001 compliant
• MFA
• REST API and webhooks
• Native apps with offline capabilities

Benefits

• Manage every repair through a single platform
• Reduce your operational costs and optimise your management processes
• Ensure operational continuity and resident safety
• Gain procurement flexibility and vendor collaboration
• Diagnose issues, triage emergencies and find the right contractor
• Centralise all work order management in a single platform
• Include approval rules and invoice handling to all your jobs
• Internal workforce dispatch, scheduling and management
• Resident portal and self-diagnostic tools
• Inspection template creation and completion for accurate observation logging

£7 to £20 a transaction

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at maxim.decauwer@plentific.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

505604339325691

Contact

Maxim De Cauwer
+44 330 808 2049
maxim.decauwer@plentific.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Scheduled maintenance may require minimal downtime. Any downtime due to planned maintenance will be communicated with the client in advance and performed out of hours.
• System requirements: Users must use a supported browser to access our service

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We have SLAs in place. Email first response time is 24hrs, Lost call rate SLA set to 90%.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Live chat software embedded on the company's website, customers can send their questions to a person who can quickly reply to them in the same small window.
• Web chat accessibility testing: Na
• Onsite support: Yes, at extra cost
• Support levels: We have a setup fee that depends on the number of units the customer manages through the platform. Within that fee we provide implementations, user training and onboarding support. Additionally, all clients are assigned a Customer Success Manager throughout the lifecycle of their relationship with us.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: As part of the onboarding, we provide implementations, user training and onboarding support.
• Service documentation: Yes
• Documentation formats: Other
• Other documentation formats: Website links
• End-of-contract data extraction: Upon request, we can provide all the data they provided and generated during their contract as an extract and pass it on via a secure channel.
• End-of-contract process: The ability to create any new objects (locations, work orders etc.) would be disabled. Any ongoing works and invoices should be completed and paid on platform via the normal methods. The client can export any data they like from dashboard reports and/or advanced analytics and download work order ZIP files (individually via the UI or can be done in bulk at a cost). We can extract a raw JSON file of any other data as requested. When ongoing works are completed, access will be disabled and the account closed - we will keep records of historic information inline with our data usage policy/obligations. This is included in the price of the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Native mobile companion apps have offline availability and a subset of platform features to conduct specific tasks on-the-go, whilst leveraging native app capabilities such as push notifications.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Our service is accessible via two distinct routes, via the main web portal and via our Public API interface. The portal provides access to all main product features and offerings, such as raising and approving work orders, property asset management and reporting. The API provides programmatic access for enumerating and updating records and performing bulk updates. The platform's accessibility and user experience is working towards WCAG 2.1 AA guidelines.
• Accessibility standards: None or don’t know
• Description of accessibility: The platform's accessibility and user experience is working towards WCAG 2.1 AA guidelines.
• Accessibility testing: NA
• API: Yes
• What users can and can't do using the API: A full list of available resources & actions is available at https://dev.plentific.com/#plentific-public-api and as a general principle we seek to provide public API endpoints to mirror all functionality available within the platform. Note that this is an ongoing project and we don't currently guarantee parity between the two.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Yes - Configurability capabilities include: user roles/permissions, financial approval processes, resident communication preferences, payment preferences, property grouping, access to various parts/actions within the platform, and automations of key business processed based on configurable rules.

Scaling

• Independence of resources: Our service is designed according to AWS best practices, making use of dynamic scaling, serverless and containerisation technologies across multiple availability zones. Ours services are decoupled into a microservice architecture, allowing for ease of scalabiity and flexibility in delivery. Where possible we have also implemented caching of common lookup keys and content to ensure high availability and performance. Our staff have instrumented alerts and monitoring for availability and performance issues.

Analytics

• Service usage metrics: Yes
• Metrics types: Clients can use a host of reports or analytics dashboards to access their usage metrics. Performance metrics include details about: work orders, projects, contractors, internal workforce, users' behaviours, costs and invoices, and marketplace usage
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: AWS data at rest encryption using AES-256
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can download a variety of reports in CSV or PDF on-demand, or can use API access to receive data or can request their data from Plentific.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • JSON via API
  • PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats: JSON via API

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Our standard Terms & Conditions can be found here: https://www.plentific.com/client-terms-conditions/#notice. Any additional SLAs may be agreed on a client-by-client basis.
• Approach to resilience: Plentific operate a cloud-native microservice architecture to provide our service. This is hosted on Amazon Web Services, with resiliency at both component and availability zone levels.
• Outage reporting: We provide a public service health dashboard at https://status.plentific.com. This also displays historical issues/events from the last 90 days. Users can subscribe to this page so that they receive real-time alerts about any incidents and their resolutions.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Management interfaces and support channels are restricted on the basis of least permissible privilege, where possible using temporary and automatically revoked credentials. Staff federated identities are mapped to well-defined RBAC roles within each relevant system.
• Access restriction testing frequency: At least once a year
• Management access authentication: Other
• Description of management access authentication: Plentific uses a combination of a federated SSO identity provider and multi factor authentication for management access to our service. SSO authentication and authorisation subject to hygiene and device identity checks. Additionally, accessing internal components requires the use of a company VPN, authenticated by a TLS client certificate or Zero-trust access agent.

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: Initial certification: 14/02/2022, Latest issue: 26/02/2024
• What the ISO/IEC 27001 doesn’t cover: Our US business was not included
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: ISO27001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials
• Information security policies and processes: We use an ISMS which is ceritified to ISO27001 and has been recently audited by an external party. In line with the ISO27001 standard, our reporting structure includes reponsibilities for all staff, includes measurements and metrics and the use of incident log and risk registers, which are reviewed on regular bases. Staff are required to review our policies at least annually, audited via our LMS system and recorded in our HR system

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We have specific policies in place for change and configuration management, compliant with ISO27001:2022 and recently audited. This requires that changes are logged, assessed for risk and impact and are reviewed by appropriate stakeholders
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our procedures and process were recently audited to be compliant with ISO27001. We make use of 3rd party patch management tooling and various threat intelligence feeds (e.g. NCSC) to ensure patching and vulnerability exposures are limited. Additionally we execute external assessments with a private bug bounty programme, scan our deployments with open source testing tools and conduct frequent vulnerability scans ourselves. High severity vulnerabilities are remediated with 72 hours of detection.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our systems and tools are instrumented with logging, distributed to a centralised SIEM. We use a managed service provider to initially process alerts from our SIEM and tools. The MSP triages alerts and escalates when necessary to our internal security team for incident response.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our procedures and process were recently audited to be compliant with ISO27001. We have predefined playbooks for common scenarios. Users have a dedicated communication route to the security team via email and instant messaging. Users are routinely tested with security awareness training, including phish testing. Our MDR provider has an escalation list for key staff contacts via mobile telephony. All security incidents follow our processes, with incidents recorded in the incident log. Incident reporting is managed in coordination with our DPO

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Covid-19 recovery
  • Tackling economic inequality

  Covid-19 recovery

  The Plentific Platform has enabled housing providers around the UK to overcome repairs backlogs that built up during the pandemic.

  Tackling economic inequality

  The Plentific Marketplace enables clients to support local contractor businesses by routing work to them, providing opportunities to support and grow the local economies around their portfolios.

Pricing

• Price: £7 to £20 a transaction
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at maxim.decauwer@plentific.com. Tell them what format you need. It will help if you say what assistive technology you use.