ECOONLINE INFO EXCHANGE LIMITED

EcoOnline Environmental, Social, Governance Software

Our ESG solutions enable organisations to build one true view of their ESG performance, across the three pillars of a responsible business.

The suite of modules aggregate data into one platform to create greater transparency, improve internal benchmarking and leverage actionable insights to cascade policies and procedures throughout operations.

Features

• Carbon Module
• Waste Module
• Water Module
• Modern Slavery Module
• Social Value Module
• Diversity Module
• Cyber Security Module
• People Development Module
• Anti Bribery Module
• ESG Profit Module

Benefits

• Streamline ESG visibility
• Gain complete visibility of your ESG initatives
• Improve transparency
• Provide stakeholders proof and transparency of sustainability results
• Manage compliance
• Reduce exposure to fines
• Connect various ESG practices
• The broadest range of applications available from a single provider
• Scale ESG programmes
• Adopt a company-wide approach

£950 a unit

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at james.thompson@ecoonline.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

558498204274745

Contact

James Thompson
01926 844 200
james.thompson@ecoonline.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements: Internet Browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The service desk operates during Normal Business Hours (NBH) and Normal Working Days (NWD) which are defined as 8am-6pm Mon to Fri excluding statutory holidays. All calls into the helpdesk are immediately prioritised and our standard resolution SLA’s are as follows: Priority 1 (critical) - Response within within 2 NBH. Priority 2 (average) - Response within 4 NBH. Priority 3 (low) - Response within 12 NBH.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Access to help-desk support (UK based) Monday-Friday 8-6 Dedicated Account Manager Access to the above included in Licence Hosting & Help-desk Support Annual Fees
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Alcumus ESG is designed to allow us to configure intuitive and easy to use on-line systems requiring minimal training for standard users. Historically most of our clients have found that they do not need comprehensive training packages or documentation. We can cite many large-scale client deployments where there has been virtually no user training required merely notification of the pending change with some outline guidance notes on timing and any change to in-house process or procedures. However, we do allow for thorough System Administration and Report Builder training workshops as part of the implantation and will also run as required Train the Trainer/User awareness workshops.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Data can be extracted through the search engine and downloaded to CSV files.
• End-of-contract process: Upon termination of our contract or agreement and with a written request, we will deliver to the client (in CSV format or similar format) within 60 days of its receipt of such a written request, provided that the Client has, at that time, paid all fees and charges outstanding at and resulting from termination. The Client shall pay all reasonable expenses incurred by us in returning or disposing of the applicable Client Data.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The desktop application is designed to include a responsive UI/UX, facilitating use across tablet and mobile devices. Additional offline app with capabilities to save draft data on device and synchronise to desktop application at a later date.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Utilising all capabilities of your internet browser.
• Accessibility standards: None or don’t know
• Description of accessibility: Our software is accessible on all major web browsers, mobile and tablet devices, with an easy to use and intuitive interface.
• Accessibility testing: Undertaken several client-led accessibility audits.
• API: Yes
• What users can and can't do using the API: The Alcumus ESG system has a robust, secure and flexible approach to connecting to third party applications. It incorporates both automated Import/Export (CSV/XML formats) and API functionality. ; ; Full supporting documentation is available upon request.
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Our software and functionality is configurable. In addition, users with administrator rights within our software solution have the ability to: Manage Lookup Lists Create Users Accounts Create User Groups Manage User Access Manage Single Sign On Authentication IDs Reset Passwords Archive User Accounts Lock and unlock Accounts Assign User Permissions and View Audit Logs

Scaling

• Independence of resources: Alcumus ESG’s hosting partner is Microsoft Azure, one of the world leading cloud hosting providers. Alcumus works closely with Azure to ensure that the hosting infrastructure meets the needs of our clients, has appropriate levels of security in place and has the ability to be maintained, scaled and upgraded with minimal, if any, impact to clients.

Analytics

• Service usage metrics: Yes
• Metrics types: The Alcumus ESG system contains a full audit log of all events that take place within the application. Typically this includes: Archive record Assign workflow action Change password Complete workflow action Create record Create user Delete record Edit record Email notification Login Logout Password reset requested Run report Run search Set application permissions We also provide SLA and KPI reporting to our clients on Performance Uptime, RPO, RTO and Helpdesk resolution times.
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export data through CSV download via the search engine, or through an automated data extract routine to a client-provided FTP site, or through API.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We guarantee 100% up-time of the hosting infrastructure and 99% up-time of the application.
• Approach to resilience: Our MSO document is available on request.
• Outage reporting: Email alerts to user-base advising of any outages or performance-related issues.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Username or password
  • Other
• Other user authentication: Alcumus ESG supports external authentication and integration to a third-party gateway as required. The recommended authentication process is via Single Sign On through the use of an authenticated gateway access page and secure web services. Using Single Sign On, a user is authenticated once within the client domain and is then given access to the Alcumus ESG application with access and authentication controlled by a one-time token that is valid only for the user session and is time bound to expire if not used. Identity Provider Initiated SAML 2.0 SSO is also available as a configurable option for each exchange.
• Access restrictions in management interfaces and support channels: Access only provided to those who require access for the management, development and maintenance of the service. Logins are password authenticated using secure one way encryption methods. Level of access given to each users is dependent on the requirements of their role.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Username or password
  • Other
• Description of management access authentication: Alcumus ESG supports external authentication and integration to a third-party gateway as required. The recommended authentication process is via Single Sign On through the use of an authenticated gateway access page and secure web services. Using Single Sign On, a user is authenticated once within the client domain and is then given access to the Alcumus ESG application with access and authentication controlled by a one-time token that is valid only for the user session and is time bound to expire if not used. Identity Provider Initiated SAML 2.0 SSO is also available as a configurable option for each exchange.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 09/11/2021
• What the ISO/IEC 27001 doesn’t cover: Products and Services
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO 27001 - certificate available on request

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Change requests are submitted via our configuration help-desk, reviewed in light of any security or solution impact. They are then submitted through a change control process before implementing into the live environment.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Strict adherence to developing secure web applications is backed up by full penetration testing on production systems. Penetration testing actively attempts to exploit vulnerabilities and exposures in the Alcumus ESG application, with additional considerations to the security of the surrounding infrastructure. Through exploiting any security weakness, a penetration test will attempt to gain read/write access to system resources, gain shell access to operating systems and obtain comprehensive access to application and database resources. Should the system be compromised, a penetration test will look to branch out and gain further access to system resources that reside on internal networks.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Common service operational activities include:; •Monitoring of services to detect that status of services and take any appropriate correctiveaction; •Management of infrastructure including internal and hosted systems; •Management of applications that deliver the services to customers; •Communication to users, customers, internal teams and Alcumus management; Potential compromises are investigated for impact and severity, and resolved according to critical priority.
• Incident management type: Supplier-defined controls
• Incident management approach: Alcumus ESG’s security management is led by a Director of the business with the responsibility of monitoring and acting upon any security incidents, and ensuring that Alcumus ESG continues to meet its security and legislative obligations to clients. More detail on our ISMS and copies of our Information Security Policy and ISO 27001 certificate are available upon request.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Alcumus’ strategy follows a materiality assessment and includes reduction targets and timelines for a sustainability programme, echoing industry best practice and in line with Science Based Targets (SBTs) and net zero commitments. We believe that setting a net zero goal that follows a SBT is the best way to ensure that as an organisation we robustly contribute to global emissions reduction efforts.; ; The aim is to optimise the sustainability strengths, opportunities and potential at Alcumus, whilst also creating balanced targets and associated objectives. Best-in-class sustainability programmes go well ‘beyond green’ (environmental focus) to achieve equally ambitious positive social and economic impacts, as well as harnessing investments in staff wellbeing, development and engagement. ; ; One of the crucial elements of our sustainability programme and reduction targets is the scope of the strategy. We have a global focus on reduction, for all our legal entities across the globe of which we have operational control and include reduction target metrics across all ESG factors. Further carbon reduction target metrics will be added to future strategy updates to include the whole of value chain, such as supply chain Scope 3 emissions. This is also vital for our external SBT commitments to the SBTi and TechZero Taskforce but also to ensure our sustainability programme is continually improving.; ; This strategy includes steps, prioritised for impact, to identify and schedule key initiatives to achieve our near-term targets (2030) and pathway to NetZero. These include links between sustainability objectives, internal communications and wider brand development. The reduction targets help alignment with ongoing development work for external sustainability products and services with a vision to influence how our customers do business in a responsible way thus improving the world around us. This strategy is reviewed and critiqued on an annually, with direction or adjustment to reduction targets at sign off.
• Covid-19 recovery:

  Covid-19 recovery

  The health, safety and wellbeing of our employees is our biggest priority, we’ve been working hard to make sure our workplace remains COVID secure. As we begin to encourage employees to return to the office at their own pace, we have reviewed and updated our COVID risk assessments for each of our offices. We’re keeping a number of our COVID measures in place in the office for the time being such as increased levels of cleaning for desks and hot spots, hand sanitiser points around the offices and clear surface desk policies to enable deeper cleaning at all times. ; ; We are encouraging a gradual transition back to office working for those that feel comfortable, this will encourage a sense of social wellbeing as well as promoting flexible working practices such as remote working. We recently launched our ‘Alcumus Work Your Way: Flexible Working Policy’ which acknowledges that the Coronavirus pandemic has brought changes to all of our lives and how we work particularly for office-based roles. We’ve learned that some people prefer to work in the office all or some of the time, some have the perfect environment to work and achieve their job from home, whilst others are keen to be back out visiting client premises as part of their role. Recognising the importance of a better work-life balance, we’ve developed some new principles for flexible working arrangements in how and where our employees work.; ; We will continue to monitor the COVID situation, if there are any changes, we will review our strategy in line with Government Guidance.
• Tackling economic inequality:

  Tackling economic inequality

  As a result of our recent Equity, Diversity & Inclusion survey we were able to understand more about the socio-economic background of our people and as a result can do more to support those from a lower socio-economic background, take steps to attract more diverse talent and support our local communities. We are taking steps to make our hiring process fairer by removing formal qualifications or degree requirements from most of our job descriptions ensuring only experience or technical requirements are included where there is no legal regulatory requirement. We are also ensuring we actively promote internal progression and development, last year saw 20% of our internal people progress within Alcumus.; ; We are continuing to participate in the Kickstart scheme providing opportunities for young people in our communities and continuously working to strengthen our links with local Job Centre Plus in the UK and Job Bank in Canada. We are also committed to ensuring that all our people receive at least the real living wage, with changes implemented regularly. ; ; Since implementing our ‘Work your way’ policy and a hybrid working model we are able to recruit from a geographically diverse range of locations including locations that may fall into the lower socio-economic scale opening equal opportunities out globally. ; ; Each of our UK offices have also implemented a Community Impact Plan to ensure as a business we are giving back to our local communities, a large part of this is engaging with our local communities to talk about opportunities within our business.
• Equal opportunity:

  Equal opportunity

  At Alcumus we believe that creating a diverse and inclusive culture is not only the right thing to do but also what is best for our people and our business. Having employees across a mix of backgrounds and life experience makes us better at supporting each other, our customers and our communities. ; ; We recently rolled out our ‘Everyone’s Included Survey’ so that we can understand more about our people and take steps to drive diversity and inclusion at Alcumus. As a result of the survey our ED&I strategy focuses on six pillars: Gender, Socio-Economic, Multicultural, Multigenerational, LGBTQ+ and Disability. We have already taken steps to support EDI in our business such as sharing our job vacancies on different job boards to help reach more diverse applicants. Continuing to use gender decoding software on our job advertisements and have introduced a new applicant tracking system which anonymises applications to ensure candidates are assessed exclusively on their experience and skills, removing any unconscious bias that may exist.; ; We have also created internal communities within Alcumus which are our employee groups. They help ensure all our people have an equal voice and provide a global support network to strengthen our EDI efforts across the business. As we launch these communities, we hope that these build and grow over time to provide our people the chance to influence and shape our EDI strategy.; ; We will continue to celebrate Pride month annually in June, celebrate Pride events, Bi Visibility Day and ACE awareness days. We’re also making new commitments to creating a women's forum, new polices, working with organisations to increase our attraction for all ethnicities, women in tech and much more.
• Wellbeing:

  Wellbeing

  At Alcumus our people are our biggest strength, it is priority to support the physical, emotional and psychological wellbeing of all our people, this is good for both individuals and business. We held our first wellbeing week in 2018 and have added new initiatives each year since. Our wellbeing strategy moving forward is to continue with our established activities, build on the familiar and promote all the existing great wellbeing benefits and initiatives that Alcumus have already invested in. We will continue to focus on our 5 pillars of wellbeing; Be Active, Give, Take Notice, Keep Learning & Connect. ; ; We have a great foundation in place of existing wellbeing initiatives such as our Healthcare cash back plan, Employee Assistance Programme, Cycle to Work scheme, Occupational health, Mental Health First Aiders and family friendly policies to name a few. In addition, there are numerous wider activities ongoing throughout the business that link closely to wellbeing including celebration of achievements which we encourage through our biannually values recognition awards and daily recognition e-cards sent amongst colleagues. ; ; We also encourage our people to connect and engage with their local community by providing a ‘Giving Day’ each year to all employees which is an additional paid day away from work that can be used to make a difference to a good cause such as a local charity.

Pricing

• Price: £950 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at james.thompson@ecoonline.com. Tell them what format you need. It will help if you say what assistive technology you use.