Vatix Limited

Workflows

Workflows is a lite EHSQ SaaS product and mobile app designed for managing EHSQ tasks, audits, and creating simple reports, streamlining day-to-day inspections and task management efficiently.

Features

• Template-based inspection forms.
• Mobile app for on-site inspections.
• Track corrective actions efficiently.
• Standardises daily inspections.
• Attach photos and comments easily.

Benefits

• Eliminates handwritten forms.
• Intuitive, easy-to-use interface.
• Streamlines inspection follow-ups.
• Enhances on-the-go productivity.
• Increases overall workplace efficiency.

£18 a user

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@vatix.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

553176735463745

Contact

Sales
0203 991 5555
sales@vatix.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements:
  • Web Browser (Chrome, Firefox, Edge, Safari)
  • Android
  • IOS

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Monday to Friday during business hours. Email response time <24 hours, and calls <30 seconds.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Webchat is audited to the WCAG 2.0 guidelines.
• Onsite support: Yes, at extra cost
• Support levels: We offer customer success tiers that define the level of ongoing account management and technical support tailored to your needs. As standard, we provide email and phone support to handle all customer support-related queries. These tiers allow us to cater to different requirements, ensuring that every customer receives the appropriate level of service and support for their organisation.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: To help users start using our service effectively, we provide a comprehensive help centre that includes detailed user documentation and guides.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: At the end of the contract, users can extract their data using the front-end table views and bulk data export features available at any time.
• End-of-contract process: Upon the contract expiry, all access to the software will be suspended. After the amount of time specified in the contract, user access will be removed entirely. An export of all of the customer information for the service can be requested in .CSV or .PDF format.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Yes, our Workflows platform is designed to function seamlessly on mobile devices. The mobile app is primarily designed for on-the-go access, allowing employees to report events, conduct inspections, and manage tasks directly from their devices. However, the full suite of administrative functions and in-depth analytics are exclusively available through the web portal.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: A web application which is self-maintained by the users. Through the application, the users can manage all the inspections reported and review all the inspection details and history. ; ; They can also check all the related tasks created before and after the inspection, and all the media and comments added to them.
• Accessibility standards: None or don’t know
• Description of accessibility: Software is accessible on the web (web application).; For users of assistive technology:; ; • There are no significant audio cues; • A vast majority of the interactive UI has text, which can be resized (browser permitting); • Use of blue, red, and amber colours across the whole application
• Accessibility testing: Currently, we've conducted no tests for users of assistive technology.
• API: No
• Customisation available: No

Scaling

• Independence of resources: Our service is hosted using a multi-tenancy architecture, which adheres to the best practices of cloud development. We are ISO 27001 accredited, ensuring rigorous security standards. Our dedicated technical team continuously monitors our infrastructure's performance to guarantee that user demand does not affect the stability or speed of the service for others.

Analytics

• Service usage metrics: Yes
• Metrics types: Reports based on usage are available via the platform.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Reports can de downloaded in CSV and PDF formats.; ; Also, data exports can be requested from our organisation in both .PDF or .CSV formats.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Vatix is committed to providing exceptional service, aiming for 100% connectivity and guaranteeing an availability of better than 99.9% for our solution. Historical data from the previous G-Cloud period shows that our hosted customers experienced an availability of better than 99.975%, excluding periods of scheduled maintenance. In the event that we do not meet these guaranteed levels of availability, service credits may be offered as defined in our service level agreements (SLAs). These SLAs outline the specifics of availability guarantees and the compensation mechanism through service credits, ensuring transparency and reliability for our users.
• Approach to resilience: Our service is designed for resilience, fully adhering to ISO 27001 standards and utilising AWS infrastructure across multiple availability zones. We incorporate best practices for redundancy and resilience at both infrastructure and application layers, ensuring robust fault tolerance and continuous availability.
• Outage reporting: Our service uses several methods to report any outages, ensuring timely and clear communication. We maintain a public dashboard that displays real-time service status and any outage information. In the unlikely event of a service outage, we proactively communicate with the technical contact of the customer via email to provide detailed updates and information on resolution progress. This approach ensures that our users are well-informed and can manage any service interruptions effectively.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: We restrict access to management interfaces and support channels through role-based access control (RBAC), ensuring only authorised personnel have access based on their job requirements. Authentication mechanisms, including multi-factor authentication, are employed to enhance security, with regular audits conducted to maintain compliance and integrity.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 27/04/2022
• What the ISO/IEC 27001 doesn’t cover: The services are within the scope of our ISO certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: CREST Certified Penetration Testing

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Our information security policies and processes are structured around our ISO 27001 accreditation, serving as the baseline for our Information Security Management System (ISMS). We have a dedicated information security team tasked with implementing and monitoring these policies throughout our organisation. To ensure compliance, we conduct regular training sessions and audits. Our approach includes continuous monitoring and improvement strategies to address evolving security threats effectively. Compliance with our security policies is mandatory for all staff, with clear accountability and escalation procedures in place to manage and rectify security issues promptly.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our configuration and change management processes are integral to our ISMS, structured around ISO 27001 standards. We meticulously track the lifecycle of service components using a centralised management system, ensuring all assets are continually accounted for and reviewed. Changes to our systems and configurations undergo a rigorous assessment process to evaluate potential security impacts. This includes a preliminary risk assessment followed by testing in a controlled environment before deployment. Stakeholder reviews and approvals are mandatory for each change, with detailed documentation maintained for audit and compliance purposes, ensuring security integrity throughout the process.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our vulnerability management process aligns with ISO 27001 standards, involving regular assessments of potential threats, including annual penetration testing by an external CREST-certified consultancy. We rapidly deploy patches, sourcing threat intelligence from reputable security channels, to maintain robust defenses against emerging security challenges.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We employ industry-leading monitoring tools to identify potential compromises in our infrastructure and applications. Upon detection, our incident response team evaluates and responds swiftly, often within hours, to mitigate impacts. This proactive approach ensures rapid resolution and minimises disruption to services.
• Incident management type: Supplier-defined controls
• Incident management approach: Our organisation's incident management processes are structured around a comprehensive incident response plan led by our Head of Engineering. This ensures effective management and swift resolution of incidents. The plan and our incident management processes are audited annually as part of our ISO27001 certification, affirming our commitment to high standards of operational security and continuous improvement.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Our commitment to fighting climate change is evidenced by our proactive environmental management policies. We operate a comprehensive recycling program ensuring that all hardware supplied is recycled at end-of-life, significantly reducing environmental impacts. Additionally, we actively manage the environmental footprint of our supply chain to support sustainable practices.

  Covid-19 recovery

  Our services are pivotal in supporting the UK's growing number of home and hybrid workers, particularly during the COVID-19 recovery phase. By providing best-in-class technology and support, we ensure that workers can operate safely and efficiently from various locations, enhancing emergency response capabilities for lone workers.

  Tackling economic inequality

  We are dedicated to tackling economic inequality by providing apprenticeship programs aimed at young individuals aspiring to careers in technology. These programs offer extensive training, support, and mentorship, enabling participants to gain valuable skills and opportunities for career advancement in high-growth sectors.

  Equal opportunity

  Our company is committed to fostering a diverse and inclusive workforce. We actively employ and support individuals with disabilities and other challenges, ensuring that all employees have equal opportunities to succeed and contribute to our success.

  Wellbeing

  Our comprehensive wellbeing program underscores our commitment to employee health and satisfaction. This includes offering health insurance and creating a highly ergonomic work environment. We ensure that all employees have access to the best ergonomic equipment, promoting comfort and wellbeing in the workplace.

Pricing

• Price: £18 a user
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@vatix.com. Tell them what format you need. It will help if you say what assistive technology you use.