EcoOnline

Sypol

EcoOnline Sypol's COSHH and Chemical Management Software gives you all the tools you need to stay compliant with COSHH regulations. With access to over 750,000 COSHH risk assessments and support from our in-house technical experts, our COSHH management software inspires confidence in your COSHH compliance

Features

• Real-time reporting
• Remote access
• Unlimited user access
• Configurable alerts and notifications
• Quickly export COSHH risk assessments to PDF
• Specialist COSHH consultant support
• 7 day technical helpdesk
• Track user "read and understood" sign offs
• Chemical data analysis
• Onsite support options.

Benefits

• Save time and resource
• Access experts to ensure the safety of your operatives
• Access and manage COSHH risk assessments on the move
• Standardise COSHH management across all areas of your business
• Reduce risk through visibility
• Demonstrate compliance with the COSHH regulations
• Employee upskilling

£3,245 a unit a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@ecoonline.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

508392955327808

Contact

Bid Team
01926 844 200
bidteam@ecoonline.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Up to date internet browser and internet connection required.
• System requirements:
  • Web browser (no special plug-ins required)
  • Internet access
  • Suitable mobile device for remote access.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We do not offer support SLAs as standard, allowing us to provide clients with lower pricing. We work to internal targets so that customers have comfort that these issues are important to us. Our typical internal process is as follows:; Support hours: Monday to Friday 9:00am to 5:30pm ; Priority 1 - Major Defect - Within two business hours. ; Priority 2 - Critical Defect - Within four business hours.; Priority 3 - Non-Critical Defect - Within twelve business hours. Priority 4 - Error - Within twenty-four business hours. Within twelve business hours. ; Priority 4 - Error - Within twenty-four business hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Access to technical consultant help-desk support (UK based) is provided 9am-5pm (5 days standard, 7-days at a premium). Training courses are available, delivered both on-site and online. Onsite inspections are available to support clients with best practice and compliance. We provide a dedicated account manager.; ; We do not offer support SLAs as standard, allowing us to provide clients with lower pricing. We work to internal targets so that customers have comfort that these issues are important to us. Our typical internal process is as follows:; Support hours: Monday to Friday 9:00am to 5:30pm ; Priority 1 - Major Defect - Within two business hours. ; Priority 2 - Critical Defect - Within four business hours.; Priority 3 - Non-Critical Defect - Within twelve business hours. Priority 4 - Error - Within twenty-four business hours. Within twelve business hours. ; Priority 4 - Error - Within twenty-four business hours.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Initial set up is typically within 24-hours of order confirmation, allowing access to the platform. Each Client receives a welcome pack including contractual information, additional services and set-up user guide. An onsite or online training course is included with each new contract. All additional user guides and information can be accessed through the help section of the system.; Implementation could include an onsite data gathering exercise by a consultant.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Assessments can be printed to PDF prior to the contract end to keep a permanent copy of the assessments created by the EcoOnline consultants.
• End-of-contract process: Users can export data through PDF copies of individual assessment and through Excel download for general inventory data. EcoOnline can support with this process, however additional costs may apply.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The desktop application is designed to include a responsive UI/UX, facilitating use across tablet and mobile devices.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: The API supports the extraction of assessment metadata. The API contains only read-only endpoints and does not include any that can edit or delete data.; ; Access to the API is restricted to a single API user which has its own password. This user can only access Sypol through the API and is prevented from accessing Sypol through the user interface. An API Key is provided by EcoOnline to allow the API user to securely connect to endpoint.
• API documentation: No
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users with Supervisor rights within the EcoOnline Sypol CMS system will have the ability to: Create Users Accounts, Manage User Access, Reset Passwords, Archive User Accounts, Lock and unlock Accounts, Assign User Permissions and View Audit Logs. Manager account access allows company wide settings: forcing notifications, custimise user permission levels, CCS templates.

Scaling

• Independence of resources: Sypol’s hosting partner is Microsoft Azure, one of the world leading cloud hosting providers. EcoOnline works closely with Azure to ensure that the hosting infrastructure meets the needs of our clients, has appropriate levels of security in place and has the ability to be maintained, scaled and upgraded with minimal, if any, impact to clients.

Analytics

• Service usage metrics: Yes
• Metrics types: The EcoOnline Sypol CMS system contains a full audit log of all events that take place within the application. Typically this includes: Archive record, Change password, Assessment request placement, Complete Assessment, Folder creation, Archive folder, Create user, Archive record, Edit record, Viewing assessment, Assessment review, User Read and Understood logs, Login, Logout.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users can export data through PDF copies of individual assessment and through Excel download for general inventory data.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We do not offer SLAs as standard. We work to internal targets so that customers have comfort that these issues are important to us, but we believe that the majority of our customers prefer the lower pricing that our position on SLAs enables us to offer.; ; Our internal SLAs are 100% up-time of the hosting infrastructure and 99% up-time of the application.
• Approach to resilience: Detailed information available upon request. EcoOnline is hosted only in world-class datacentres holding appropriate internationally-recognised accreditation and certification for their operations, security and resiliency with applications running from multiple data centres with most component in an active/active configuration.
• Outage reporting: Nominated contacts are informed should there be a service outage.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Access only provided to those who require access for the management, development and maintenance of the service. Logins are password authenticated using secure one way encryption methods. Level of access given to each users is dependent on the requirements of their role
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 03/02/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We hold ISO/IEC 27001:2013 certification which was gained from a UKAS accredited certification body. It is the specification for an Information Security Management System (ISMS).; The Company will:; - Comply with all applicable laws, regulations and contractual obligations;; - Implement continual improvement initiatives, including risk assessment and treatment strategies, while making the best use of its management resources to meet and improve information security system’s requirements;; - Adopt an information security management system (ISMS) comprising of a security manual and procedures that provides direction and guidance on information security matters relating to employees, customers, suppliers and interested parties who come into contact with the Company’s work;; - Work closely with their Customers, Business Partners and Suppliers in seeking to establish Information Security Standards;; - Adopt a forward-looking view on future business decisions, including the continual review of risk evaluation criteria, which may have an impact on Information Security;; - Train all members of staff in their needs and responsibilities for Information Security Management;; - Constantly strive to meet, and when possible exceed, its customers and staff expectations.; - Communicate its Information Security objectives and its performance in achieving these objectives, throughout the Company and to interested parties.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: The organisation has policies and procedures in place pertaining to Annex A.12.1.2 Change management of ISO/IEC 27001:2013 and these are audited by our UKAS accredited certification body annually
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: The organisation has policies and procedures in place pertaining to Annex A.12.6.1 Management of technical vulnerabilities of ISO/IEC 27001:2013 and these are audited by our UKAS accredited certification body annually.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: The organisation has policies and procedures in place pertaining to Annex A.12.1.3 Capacity management of ISO/IEC 27001:2013 and these are audited by our UKAS accredited certification body annually.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: The organisation has policies and procedures in place pertaining to Annex A.16 Information security incident management of ISO/IEC 27001:2013 and these are audited by our UKAS accredited certification body annually.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  EcoOnline’s business impact opportunities are driven by our innovative solutions and how they can accelerate and improve our customers’ sustainability performance. Yearly, our reporting systems plays a crucial role in helping businesses conduct, track and manage millions of risk assessments and incidents. With the result that thousands of organizations can implement corrective actions, improve safety protocols, and create a safer working environment for their employees. ; ; Through our sustainability management software, our clients are able to reduce their carbon footprint with precise, auditable data, enabling informed decision-making. And stay ahead of emissions regulations, ensuring compliance from today into the future.; ; In addition, the chemicals safety tools and solutions play a vital role in combating climate change by enabling companies to reduce the use of hazardous chemicals, minimize emissions, and promote responsible chemical handling practices.; ; Furthermore, EcoOnline has put into place an internal carbon reduction programme, committing to science-based targets for carbon neutrality by 2050.; ; Using 2022 as our baseline, we aim to reduce emissions by 42% (scopes 1 and 2) and 25% (scope 3) by 2030. Annual progress reports and improved data accuracy will track our journey. Full information can be found at https://insights.ecoonline.com/global-reports/ecoonline-2022-esg-and-sustainability-report

  Tackling economic inequality

  To address economic inequality, EcoOnline implements various mechanisms aimed at ensuring fair wages across all the markets in which we operate. We are committed to upholding a minimum wage standard that exceeds local requirements, thereby promoting economic stability and equity within our workforce. By providing competitive compensation packages and adhering to stringent wage standards, we aim to mitigate economic disparities and foster a more inclusive workplace environment. Additionally, we actively engage in initiatives and partnerships that support economic empowerment and upliftment, contributing to broader efforts to combat economic inequality on both local and global scales.

  Equal opportunity

  Our goal in EcoOnline is to leverage diversity, so that we can enhance performance, increase innovation and creativity, and achieve our sustainability goals together. ; Over the past year, EcoOnline has witnessed a remarkable stride towards gender equality and inclusivity within our workforce. In 2022, women represented 39% of our total full-time equivalent (FTE) employees, but by the end of 2023, this figure increased to an impressive 42%, marking a significant step towards narrowing the gender gap. Notably, within our extended management group, the representation of women also saw a notable uptick, climbing from 29% in 2022 to 40% in 2023. These positive developments underscore our commitment to fostering a diverse and equitable workplace culture, where everyone has equal opportunities to thrive and contribute to our shared success.; ; Nonetheless, we see that there is still room for improvement in terms of gender diversity. As a SaaS business operating in a global market, EcoOnline recognizes the challenges of recruiting women in traditionally male-dominated occupations, such as sales, product, and technology development. Throughout 2024 we will actively continue working towards gender equality within our business, striving to equalize the proportion of men-to-women in our workforce. We remain mindful of our desire to increase our diversity by hiring more women and underrepresented groups in the technology industry.; ; We have a zero-tolerance policy towards discrimination, we have an Equal Opportunity Policy committing to providing equal opportunities for all employees, workers, and job applicants, and to eliminating unlawful and unfair discrimination

  Wellbeing

  EcoOnline prioritizes the holistic wellbeing of its contract workforce, emphasizing both physical and mental health through a range of initiatives, including wellness programs and employee assistance resources. Recognizing the pivotal role of employee development, the company invests in learning and growth opportunities to enhance job satisfaction, engagement, and career progression. This includes comprehensive training for managers to foster a culture of recognition and value among employees, supported by progress reviews and personal coaching. ; ​​​; We offer a wide range of support globally which included​ within our MS Teams Channel: Wellbeing Hub​; ; ​Locally, our Health & Wellbeing leads share regular communication to promote local benefits, events and information quarterly. ; ; At the core of EcoOnline's mission is the creation of a diverse, supportive, and fulfilling work environment that prioritizes employee wellbeing and engagement. This commitment extends to stakeholders, with efforts to integrate health and wellbeing considerations into operations and service delivery. The company also promotes equality, diversity, and inclusion within its workforce, fostering a culture of respect and belonging.

Pricing

• Price: £3,245 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@ecoonline.com. Tell them what format you need. It will help if you say what assistive technology you use.