Skip to main content

Help us improve the Digital Marketplace - send your feedback

ECOONLINE INFO EXCHANGE LIMITED

EcoOnline Environmental, Social, Governance Software

Our ESG solutions enable organisations to build one true view of their ESG performance, across the three pillars of a responsible business.

The suite of modules aggregate data into one platform to create greater transparency, improve internal benchmarking and leverage actionable insights to cascade policies and procedures throughout operations.

Features

  • Carbon Module
  • Waste Module
  • Water Module
  • Modern Slavery Module
  • Social Value Module
  • Diversity Module
  • Cyber Security Module
  • People Development Module
  • Anti Bribery Module
  • ESG Profit Module

Benefits

  • Streamline ESG visibility
  • Gain complete visibility of your ESG initatives
  • Improve transparency
  • Provide stakeholders proof and transparency of sustainability results
  • Manage compliance
  • Reduce exposure to fines
  • Connect various ESG practices
  • The broadest range of applications available from a single provider
  • Scale ESG programmes
  • Adopt a company-wide approach

Pricing

£950 a unit

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at james.thompson@ecoonline.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

5 5 8 4 9 8 2 0 4 2 7 4 7 4 5

Contact

ECOONLINE INFO EXCHANGE LIMITED James Thompson
Telephone: 01926 844 200
Email: james.thompson@ecoonline.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
None
System requirements
Internet Browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
The service desk operates during Normal Business Hours (NBH) and Normal Working Days (NWD) which are defined as 8am-6pm Mon to Fri excluding statutory holidays. All calls into the helpdesk are immediately prioritised and our standard resolution SLA’s are as follows: Priority 1 (critical) - Response within within 2 NBH. Priority 2 (average) - Response within 4 NBH. Priority 3 (low) - Response within 12 NBH.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Access to help-desk support (UK based) Monday-Friday 8-6 Dedicated Account Manager Access to the above included in Licence Hosting & Help-desk Support Annual Fees
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Alcumus ESG is designed to allow us to configure intuitive and easy to use on-line systems requiring minimal training for standard users. Historically most of our clients have found that they do not need comprehensive training packages or documentation. We can cite many large-scale client deployments where there has been virtually no user training required merely notification of the pending change with some outline guidance notes on timing and any change to in-house process or procedures. However, we do allow for thorough System Administration and Report Builder training workshops as part of the implantation and will also run as required Train the Trainer/User awareness workshops.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Data can be extracted through the search engine and downloaded to CSV files.
End-of-contract process
Upon termination of our contract or agreement and with a written request, we will deliver to the client (in CSV format or similar format) within 60 days of its receipt of such a written request, provided that the Client has, at that time, paid all fees and charges outstanding at and resulting from termination. The Client shall pay all reasonable expenses incurred by us in returning or disposing of the applicable Client Data.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The desktop application is designed to include a responsive UI/UX, facilitating use across tablet and mobile devices. Additional offline app with capabilities to save draft data on device and synchronise to desktop application at a later date.
Service interface
Yes
User support accessibility
None or don’t know
Description of service interface
Utilising all capabilities of your internet browser.
Accessibility standards
None or don’t know
Description of accessibility
Our software is accessible on all major web browsers, mobile and tablet devices, with an easy to use and intuitive interface.
Accessibility testing
Undertaken several client-led accessibility audits.
API
Yes
What users can and can't do using the API
The Alcumus ESG system has a robust, secure and flexible approach to connecting to third party applications. It incorporates both automated Import/Export (CSV/XML formats) and API functionality.

Full supporting documentation is available upon request.
API documentation
Yes
API documentation formats
Other
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Our software and functionality is configurable. In addition, users with administrator rights within our software solution have the ability to: Manage Lookup Lists Create Users Accounts Create User Groups Manage User Access Manage Single Sign On Authentication IDs Reset Passwords Archive User Accounts Lock and unlock Accounts Assign User Permissions and View Audit Logs

Scaling

Independence of resources
Alcumus ESG’s hosting partner is Microsoft Azure, one of the world leading cloud hosting providers. Alcumus works closely with Azure to ensure that the hosting infrastructure meets the needs of our clients, has appropriate levels of security in place and has the ability to be maintained, scaled and upgraded with minimal, if any, impact to clients.

Analytics

Service usage metrics
Yes
Metrics types
The Alcumus ESG system contains a full audit log of all events that take place within the application. Typically this includes: Archive record Assign workflow action Change password Complete workflow action Create record Create user Delete record Edit record Email notification Login Logout Password reset requested Run report Run search Set application permissions We also provide SLA and KPI reporting to our clients on Performance Uptime, RPO, RTO and Helpdesk resolution times.
Reporting types
Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users can export data through CSV download via the search engine, or through an automated data extract routine to a client-provided FTP site, or through API.
Data export formats
  • CSV
  • Other
Other data export formats
PDF
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We guarantee 100% up-time of the hosting infrastructure and 99% up-time of the application.
Approach to resilience
Our MSO document is available on request.
Outage reporting
Email alerts to user-base advising of any outages or performance-related issues.

Identity and authentication

User authentication needed
Yes
User authentication
  • Username or password
  • Other
Other user authentication
Alcumus ESG supports external authentication and integration to a third-party gateway as required. The recommended authentication process is via Single Sign On through the use of an authenticated gateway access page and secure web services. Using Single Sign On, a user is authenticated once within the client domain and is then given access to the Alcumus ESG application with access and authentication controlled by a one-time token that is valid only for the user session and is time bound to expire if not used. Identity Provider Initiated SAML 2.0 SSO is also available as a configurable option for each exchange.
Access restrictions in management interfaces and support channels
Access only provided to those who require access for the management, development and maintenance of the service. Logins are password authenticated using secure one way encryption methods. Level of access given to each users is dependent on the requirements of their role.
Access restriction testing frequency
At least once a year
Management access authentication
  • Username or password
  • Other
Description of management access authentication
Alcumus ESG supports external authentication and integration to a third-party gateway as required. The recommended authentication process is via Single Sign On through the use of an authenticated gateway access page and secure web services. Using Single Sign On, a user is authenticated once within the client domain and is then given access to the Alcumus ESG application with access and authentication controlled by a one-time token that is valid only for the user session and is time bound to expire if not used. Identity Provider Initiated SAML 2.0 SSO is also available as a configurable option for each exchange.

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
09/11/2021
What the ISO/IEC 27001 doesn’t cover
Products and Services
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
ISO 27001 - certificate available on request

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Change requests are submitted via our configuration help-desk, reviewed in light of any security or solution impact. They are then submitted through a change control process before implementing into the live environment.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Strict adherence to developing secure web applications is backed up by full penetration testing on production systems. Penetration testing actively attempts to exploit vulnerabilities and exposures in the Alcumus ESG application, with additional considerations to the security of the surrounding infrastructure. Through exploiting any security weakness, a penetration test will attempt to gain read/write access to system resources, gain shell access to operating systems and obtain comprehensive access to application and database resources. Should the system be compromised, a penetration test will look to branch out and gain further access to system resources that reside on internal networks.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Common service operational activities include:
•Monitoring of services to detect that status of services and take any appropriate correctiveaction
•Management of infrastructure including internal and hosted systems
•Management of applications that deliver the services to customers
•Communication to users, customers, internal teams and Alcumus management
Potential compromises are investigated for impact and severity, and resolved according to critical priority.
Incident management type
Supplier-defined controls
Incident management approach
Alcumus ESG’s security management is led by a Director of the business with the responsibility of monitoring and acting upon any security incidents, and ensuring that Alcumus ESG continues to meet its security and legislative obligations to clients. More detail on our ISMS and copies of our Information Security Policy and ISO 27001 certificate are available upon request.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

Alcumus’ strategy follows a materiality assessment and includes reduction targets and timelines for a sustainability programme, echoing industry best practice and in line with Science Based Targets (SBTs) and net zero commitments. We believe that setting a net zero goal that follows a SBT is the best way to ensure that as an organisation we robustly contribute to global emissions reduction efforts.

The aim is to optimise the sustainability strengths, opportunities and potential at Alcumus, whilst also creating balanced targets and associated objectives. Best-in-class sustainability programmes go well ‘beyond green’ (environmental focus) to achieve equally ambitious positive social and economic impacts, as well as harnessing investments in staff wellbeing, development and engagement.

One of the crucial elements of our sustainability programme and reduction targets is the scope of the strategy. We have a global focus on reduction, for all our legal entities across the globe of which we have operational control and include reduction target metrics across all ESG factors. Further carbon reduction target metrics will be added to future strategy updates to include the whole of value chain, such as supply chain Scope 3 emissions. This is also vital for our external SBT commitments to the SBTi and TechZero Taskforce but also to ensure our sustainability programme is continually improving.

This strategy includes steps, prioritised for impact, to identify and schedule key initiatives to achieve our near-term targets (2030) and pathway to NetZero. These include links between sustainability objectives, internal communications and wider brand development. The reduction targets help alignment with ongoing development work for external sustainability products and services with a vision to influence how our customers do business in a responsible way thus improving the world around us. This strategy is reviewed and critiqued on an annually, with direction or adjustment to reduction targets at sign off.
Covid-19 recovery

Covid-19 recovery

The health, safety and wellbeing of our employees is our biggest priority, we’ve been working hard to make sure our workplace remains COVID secure. As we begin to encourage employees to return to the office at their own pace, we have reviewed and updated our COVID risk assessments for each of our offices. We’re keeping a number of our COVID measures in place in the office for the time being such as increased levels of cleaning for desks and hot spots, hand sanitiser points around the offices and clear surface desk policies to enable deeper cleaning at all times.

We are encouraging a gradual transition back to office working for those that feel comfortable, this will encourage a sense of social wellbeing as well as promoting flexible working practices such as remote working. We recently launched our ‘Alcumus Work Your Way: Flexible Working Policy’ which acknowledges that the Coronavirus pandemic has brought changes to all of our lives and how we work particularly for office-based roles. We’ve learned that some people prefer to work in the office all or some of the time, some have the perfect environment to work and achieve their job from home, whilst others are keen to be back out visiting client premises as part of their role. Recognising the importance of a better work-life balance, we’ve developed some new principles for flexible working arrangements in how and where our employees work.

We will continue to monitor the COVID situation, if there are any changes, we will review our strategy in line with Government Guidance.
Tackling economic inequality

Tackling economic inequality

As a result of our recent Equity, Diversity & Inclusion survey we were able to understand more about the socio-economic background of our people and as a result can do more to support those from a lower socio-economic background, take steps to attract more diverse talent and support our local communities. We are taking steps to make our hiring process fairer by removing formal qualifications or degree requirements from most of our job descriptions ensuring only experience or technical requirements are included where there is no legal regulatory requirement. We are also ensuring we actively promote internal progression and development, last year saw 20% of our internal people progress within Alcumus.

We are continuing to participate in the Kickstart scheme providing opportunities for young people in our communities and continuously working to strengthen our links with local Job Centre Plus in the UK and Job Bank in Canada. We are also committed to ensuring that all our people receive at least the real living wage, with changes implemented regularly.

Since implementing our ‘Work your way’ policy and a hybrid working model we are able to recruit from a geographically diverse range of locations including locations that may fall into the lower socio-economic scale opening equal opportunities out globally.

Each of our UK offices have also implemented a Community Impact Plan to ensure as a business we are giving back to our local communities, a large part of this is engaging with our local communities to talk about opportunities within our business.
Equal opportunity

Equal opportunity

At Alcumus we believe that creating a diverse and inclusive culture is not only the right thing to do but also what is best for our people and our business. Having employees across a mix of backgrounds and life experience makes us better at supporting each other, our customers and our communities.

We recently rolled out our ‘Everyone’s Included Survey’ so that we can understand more about our people and take steps to drive diversity and inclusion at Alcumus. As a result of the survey our ED&I strategy focuses on six pillars: Gender, Socio-Economic, Multicultural, Multigenerational, LGBTQ+ and Disability. We have already taken steps to support EDI in our business such as sharing our job vacancies on different job boards to help reach more diverse applicants. Continuing to use gender decoding software on our job advertisements and have introduced a new applicant tracking system which anonymises applications to ensure candidates are assessed exclusively on their experience and skills, removing any unconscious bias that may exist.

We have also created internal communities within Alcumus which are our employee groups. They help ensure all our people have an equal voice and provide a global support network to strengthen our EDI efforts across the business. As we launch these communities, we hope that these build and grow over time to provide our people the chance to influence and shape our EDI strategy.

We will continue to celebrate Pride month annually in June, celebrate Pride events, Bi Visibility Day and ACE awareness days. We’re also making new commitments to creating a women's forum, new polices, working with organisations to increase our attraction for all ethnicities, women in tech and much more.
Wellbeing

Wellbeing

At Alcumus our people are our biggest strength, it is priority to support the physical, emotional and psychological wellbeing of all our people, this is good for both individuals and business. We held our first wellbeing week in 2018 and have added new initiatives each year since. Our wellbeing strategy moving forward is to continue with our established activities, build on the familiar and promote all the existing great wellbeing benefits and initiatives that Alcumus have already invested in. We will continue to focus on our 5 pillars of wellbeing; Be Active, Give, Take Notice, Keep Learning & Connect.

We have a great foundation in place of existing wellbeing initiatives such as our Healthcare cash back plan, Employee Assistance Programme, Cycle to Work scheme, Occupational health, Mental Health First Aiders and family friendly policies to name a few. In addition, there are numerous wider activities ongoing throughout the business that link closely to wellbeing including celebration of achievements which we encourage through our biannually values recognition awards and daily recognition e-cards sent amongst colleagues.

We also encourage our people to connect and engage with their local community by providing a ‘Giving Day’ each year to all employees which is an additional paid day away from work that can be used to make a difference to a good cause such as a local charity.

Pricing

Price
£950 a unit
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at james.thompson@ecoonline.com. Tell them what format you need. It will help if you say what assistive technology you use.