XASSETS.COM LIMITED

Fixed Asset Management Software

Easy to use, fast, scalable, and configurable full lifecycle asset management with accessible pricing and powerful integration tools. Cloud-based or on-premise with Asset Register, Asset Accounting, Depreciation, barcoding, Procurement, Disposal, Planned Maintenance, Contracts, Service Management, Spares and powerful reporting.

Features

• Full lifecycle asset register with rich functionality
• Depreciation calculation, asset accounting and budgeting
• Barcoding
• Planned Maintenance
• Procurement, approvals and receiving
• Financials and depreciation
• Spares and storage
• Key performance indicators and management reporting
• Contract management

Benefits

• Cloud or on-premise
• Users only see the functions and data needed
• Build new processes and workflows
• Integrate to any system
• Add fields to any table, import/integrate from any source
• Add new functionality
• Email notifications
• Powerful reporting and notifications
• No installation needed

£461 to £1,108 a user a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul.lambert@xassets.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

578741235364569

Contact

Paul Lambert
01225704844
paul.lambert@xassets.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: No constraints. The software is used from any browser or mobile device from a cloud server.
• System requirements: Any browser or mobile device can access the service

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: SLA defined response times vary between one hour and one day depending on ticket severity.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: SLA align with industry standards, are defined in a document and can be adjusted for each customer
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide implementation services within the framework of a "statement of work", which covers initial setup, accounting periods, depreciation schedules, budgeting and forecasting, development of custom reports, custom fields, and any other customer-specific requirements etc.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: They can receive a sql server backup or they can use the export features of the software to pull data out into Excel, CSV, PDF etc
• End-of-contract process: No additional costs. Customers can receive a copy of their data and the contract can end at the end of the payment period. xAssets can retain backups in case the contract might need to restart in future,

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Screen layouts are different but by using mobile CSS, all functions are available in both interfaces.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: A self service portal which users can use to raise tickets etc. Users also have direct access to product specialists through phone or email
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: Industry standard browser based accessibility standards are implemented.
• API: Yes
• What users can and can't do using the API: Everything the product can do can also be achieved via API calls.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Everything in the visible system is built in the configuration layer so users can customise any part of the UI and create new server side functionality. However most customers keep the vanilla layout as a starting point and simply customise fields, reports, queries, forms, data flows and integrations to meet their needs.

Scaling

• Independence of resources: We provision high specification servers and users databases are within their own instance. Server load is monitored constantly.

Analytics

• Service usage metrics: Yes
• Metrics types: Customers can receive any service metrics, they may need to develop queries for metrics which are not "out of the box" but most people who can operate excel competently can do this.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: The system has built in import and export features which users can use to pull data into any format. Users can also receive a sql server database backup.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats: Any data format
• Data import formats:
  • CSV
  • Other
• Other data import formats: Any data format

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: SLA is more complex than this question allows. Service levels are clearly defined with best endeavours and both parties commit to maintaining the service with high availability for components within their control. xAssets has a 100% SLA uptime record since it started hosting in 2003 (as of March 2024)
• Approach to resilience: Servers are hardened to USAF/DoD STIG requirements and are firewalled. NVME Disk mirroring is used to avoid disk failures. Power outages are managed with a manual failover mechanism.
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Users are assigned to a user group - each user group sees only the data and functionality relevant to them.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: USAF DoD Authority to Operate

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: USAF/DoD STIG compliance
• Information security policies and processes: We have our own internal security policies which direct employees and contractors into compliance with GDPR, SOC2 and other standards.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Industry standard devops are applied to customer instance configuration and software development.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Weekly risk assessment, weekly PENtesting, weekly patching, automated continuous monitoring, allowed software lists reduce risk surface area.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: PENtesting, vulnerability scanning and patching are performed weekly. Servers are continuously monitored for availability, load etc. Our goal is to respond instantly when incidents occur, even when outside of SLA hours
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: ITIL aligned incident processing with our own service management software. Users can report incidents by phone, email or a self service portal. Incident reports are emailed to customers where needed.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  xAssets follows industry standards in Climate Change, Equal ops and wellbeing.

  Equal opportunity

  xAssets follows industry standards in Climate Change, Equal ops and wellbeing.

  Wellbeing

  xAssets follows industry standards in Climate Change, Equal ops and wellbeing.

Pricing

• Price: £461 to £1,108 a user a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Fully functional cloud instance is provided with product specialist support to get integrations etc up and running

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul.lambert@xassets.com. Tell them what format you need. It will help if you say what assistive technology you use.