The Compliance Workbook

Compliance & Assurance Analytics Software - TCW

TCW service provides a unique validation of any digital documentation used within an organisation. The analytics provides an engineer real life insight confirming British Standards, Legislation and Regulations autonomously without the need for any human intervention to interact with the validation process. All data is available to the client.

Features

• Complete Compliance Documents intelligent Storage
• Intuitive Compliance Dashboard
• Data integrity
• Improved Asset data reporting
• Data Automatically validated to Legislation, Regulations, Industry Guidance
• Automated benchmarking and profiling of data to spot Non Competence
• Live Building Safety Case
• Action and Repairs Process
• All Documents fully searchable
• Cloud hosted for access anywhere

Benefits

• Complete Assurance
• Globally unique technology to highlight risk
• ROI with regards time, public Relationship and Accurate decision making
• Value for Money incentive with regards to proactive planning
• Public Safety and Risk Awareness
• Demonstrating flawless data integrity
• Linking key data points with others to ensure organisational Interdependency
• Full visibility of granular Compliance
• Totally Autonomous
• Significantly improved asset and data reporting

£1.00 to £3.00 a unit

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Ryan@thecomplianceworkbook.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

545058136048287

Contact

Ryan Dempsey
07921510233
Ryan@thecomplianceworkbook.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: N/A
• System requirements: Digitally produced Compliance and Risk Documents

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We have inbuilt KPIs for the company to respond to tickets within 1 hour and resolve within 24hrs. ; ; if for any reason this is unattainable we will communicate direct with the client.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Within the licence TCW provides full support, training and ongoing guidance (remotely) to ensure the client is utilising the service efficiently.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: TCW technology is a fully automatic software platform which simply requires clients to point their documents at the software and then glean the benefits in data insight and reporting. To onboard a client the following is needed: ; ; Asset and Site address list - to assign documents to specific assets. ; Any special requirements or reporting requirements needed; an understanding of key data attributes and points and locations to ensure accurate data management. ; Date for TCW to train users on the system. ; ; The data extraction and validation is already inbuilt into TCW and there is no requirement for the customers to assist or define documents and data locations.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: The derived data can be exported to any location after a request is made by the client to TCW.
• End-of-contract process: TCW technology does not take the clients data and therefore at the end of a contract the client will already be in possession of their compliance documents. The derived data sits within TCW and can be requested, if needed, by the client.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Cloud based service with mobile formatting if the user logs on through a handheld device.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Our API can be used to submit documents and check their status. It exposes information about documents, properties and account-wide compliance.; ; The API acts as an additionally secured abstraction layer over our system microservices. This introduces IP Whitelisting and tokenised authentication. As with our portal hosting all API endpoints are protected by Azure’s DDoS protection and firewall. System Topology/Network configuration
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The validation of compliance and interpretation of risk can be configured to ensure clients get access to what's most important to them in terms of risk management. The system results are configurable.

Scaling

• Independence of resources: TCW has specifically built a process to prioritise ingest and reports using specific TCW code that threads data based on its priority. The technology caters for 1 document in the same way it caters for 1 million.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Via the TCW reporting centre. This can either be Csv, API or how ever else the client requires the data to be exported.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We utilise georedundant hosting from a Tier 1 Cloud provider (MS Azure).; This provides automatic scale out for performance and automatic fail-over in the case of an outage.; ; We promise at least 99% system uptime.
• Approach to resilience: All our services are hosted in Microsoft Azure. These are all georedundant and offer automatic failover.; ; Each data store is protected by a backup strategy featuring long-term retention,
• Outage reporting: Our system features on-page notifications in the case of any outage.; In order to detect outages we utilise advanced system telemetry that can detect service unavailability.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Each user has a dedicated login to the service which is permission based.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Recent Penetration Test

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We are currently working towards ISO27001 but are not yet certified.
• Information security policies and processes: All data used by the company is treated as private unless explicitly defined otherwise. Employees only have access to data that is required to perform their roles adequately.; ; Only senior development teams have access to production databases.; ; All data access is audited.; ; No customer data is permitted on removable media.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Customer driven change requests are made in writing to one of our support channels.; ; Any security related request, (ie new user accounts etc) have to be approved by account management.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: We have regular penetration tests performed by a 3rd party. This tests against common and critical web vulnerabilities.; ; Our approach to system-specific threats is defined in our business continuity documentation that is available on request.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Azure provides automatic DoS protection and firewalls in front of all our services.; We utilise Application Insights extensively to detect abnormal usage.
• Incident management type: Supplier-defined controls
• Incident management approach: Our incident management plan is defined in our business continuity documentation and available on request.; ; This features information on how different threats are reported/disclosed and remediated depending on how they manifest.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  TCW supports counselling and support for people suffering from Mental health by donating regularly to a registered charity each month. ; ; Members of the team also partake in charity events to raise more much needed money to enhance the services of Sign Posted Cymru.

Pricing

• Price: £1.00 to £3.00 a unit
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: To provide potential clients with an understanding of TCW's uniqueness we provide clients looking to purchase the software the ability to add their own documents into the platform FOC for a demo and access to data.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Ryan@thecomplianceworkbook.com. Tell them what format you need. It will help if you say what assistive technology you use.