Purcell Radio Systems Ltd

TopCat

TopCat is a flexible paperless system for carrying out compliance checklists, inspections, or audits on mobile devices.
Corrective Actions can be assigned to responsible parties.
Reporting is made simple in the TopCat desktop reporting suite and optional dashboard webpage.

Features

• Mobile compliance auditing with Android/iOS
• Real-time reporting (extensive reporting suite included as standard)
• Assign Corrective Actions
• Evidence compliance with photos and signatures
• Create your own bespoke compliance audit categories
• Email summary reports and Corrective Actions from mobile app
• Optional dashboard web-page
• Edit locations in mobile app
• Auditor app works offline
• Optional integration with CARPS Task Management System

Benefits

• Increase efficiency of compliance auditing and reporting processes
• Stay on top of compliance monitoring
• Demonstrate compliance with evidence
• View compliance data in real-time
• Easy to use, minimal training required
• Access extensive reporting suite
• Close the loop between monitoring and maintenance
• Easy to scale up at low additional cost
• Share benefits across the whole business

£6,735.00 an instance a year

Service documents

• Pricing document

  ODS

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@purcellradio.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

599242086416645

Contact

Tom Purcell
02077396080
info@purcellradio.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Support required for configuration and deployment.; TopCat Auditor app available for Android and iOS.
• System requirements:
  • Minimum supported Android OS v8.0
  • Minimum supported iOS v14
  • Recommended browser: Google Chrome, Microsoft Edge

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Emails are responded to within 1 hour during contracted support hours. Low & Medium priority service request hours - 9.00am till 5.00pm Monday to Friday excluding all public and bank holidays. High priority service request hours – 08.00am till 20.00pm Monday to Sunday including all public and bank holidays.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide one level of support for all clients. Support costs are included in the core Annual Software Licence package costs. Support level variations may be considered at our discretion, subject to additional costs. ; We will assign a priority depending on the details given and the impact on the TopCat service (Low / Medium / High). ; All support requests are handled by our in-house team of experienced support staff and engineers, according to the nature of the request, expertise required, and staff availability.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: According to user requirements and preferences, we can provide:; *On-site user training and/or train-the-trainer sessions.; *Remote live training sessions via MS Teams (or similar).; *PDF user manuals.; *Custom documents and videos for site-specific requirements.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: All data can be provided to users on request.
• End-of-contract process: At the termination of a contract, access to all TopCat software applications will cease. We will help to ensure that users have access to all historic data, as required, before such data is erased from our systems/records.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: TopCat Controller is a desktop app, not designed to work on Mobile devices, so some optimisation/usability issues are likely, depending on screen size, etc.; ; TopCat Auditor (Android/iOS) is designed for use on mobile devices.; ; TopCat Auditor is intended for completing audits and corrective actions, so there are very limited admin admin and reporting features available.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: TopCat Controller interface:; Desktop application with drop down lists and tabs to select what you want to look at (Audit Category, Locations, Corrective Actions, Reports, Administration). Each section has its own range of filters.; ; TopCat Auditor Interface:; Mobile app with access to available Audit Categories/Corrective Actions, according to user type and permissions.
• Accessibility standards: None or don’t know
• Description of accessibility: TopCat Controller interface:; * Select active Audit Category; * View and edit locations in "tree" or table view; * Perform/schedule audits; * View Pending and Completed Audits; * View Corrective Actions; * Access TopCat Reports; * Access Admin options (create/edit/delete Audit Categories, Users, etc); TopCat Auditor Interface:; * Manage app settings and database connection; * Access available audit categories to view and perform audits; * View and address Corrective Actions (as per user type/permissions); * Create and send summary reports; * Create Corrective Actions; * Add/edit locations (as per user permissions)
• Accessibility testing: To date, we have not done interface work with users of assistive technology.
• API: No
• Customisation available: Yes
• Description of customisation: Users can customise the following aspects of the system:; * Audit Categories (e.g. "NHS Cleaning 2021", "Food Safety & Hygiene", "Pest Control", Staff Uniform", "Vehicle Checks", "Groundskeeping", etc); * Audit questions/elements; * Locations; * Responsibilities; * Scoring system; * Users (named users and user type / permissions); * Audit scheduling; * Report formatting (colour scheme); ; All customisations listed above can be made via TopCat Controller.; ; TopCat Auditor app may be customised via settings with the following options:; * Only sync on WiFi; * Wireless sync interval; * Display orientation; * Sort categories; * Suggest audits; * Wizard-style audits (on/off); * Prompt for signature; * Show barcode indicator; * Download corrective action attachments; ; Permissions and access managed by "User Type" and admin password.; ; Further customisations may be possible, subject to request.

Scaling

• Independence of resources: Each contracted client is given their own virtual environment for their users to operate in.

Analytics

• Service usage metrics: Yes
• Metrics types: Users per month.
• Reporting types: Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: In Control Pty Ltd

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Other
• Other data at rest protection approach: SQL TDE
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Day-to-day data export is done via the TopCat on-board reporting suite. Each report can be customised with a range of filters and saved in a variety of formats. Once saved, reports can be downloaded from the hosted platform to the user's local device.
• Data export formats: Other
• Other data export formats:
  • XML (*.xml)
  • Text (tab delimited) (*.txt)
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.9%
• Approach to resilience: Multiple redundant virtual environments. Hosted in Azure as part of availability set.
• Outage reporting: Email.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Access to Management interface is restricted by User Type (user permissions) and separate password protection for Admin/Global Config access.; Email support is offered to users with a recognised email domain.; Phone support users are asked to identify themselves.; Sensitive requests are referred to a known Manager from the client organisation for approval.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Peers Quality Assurance Ltd
• ISO/IEC 27001 accreditation date: 01/08/2023
• What the ISO/IEC 27001 doesn’t cover: In our Statement of Applicability (FORM FM018) we exclude nothing from the Annex A reference or the clauses.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: NHS Data Security and Protection Toolkit

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We follow information security policies and processes in line with ISO27001. We have developed formal policies and processes for the following (more details available on request).; Policies:; Legislation; Information Security Policy; ICT Asset Register with RA & RT; Operating Procedures for ICT; Secure Development Policy; Information Classification Policy; Access Control Policy; Access Control Matrix; Development & Change Control Form; Policy of Cryptographic Controls; Risk Assessment & Treatment Methodology; Acceptable Use Policy; Bring Your Own Device (BYOD) Policy; Business Continuity & Disaster Recovery Plan; ; Processes:; Sub-contractor Software and Hardware; Incident & Improvement process; Internal audits & management review; Control of non-conforming outputs; ; We ensure policies and processes are followed by carrying out internal and external audits, staff training and continual assessment.; ; Our reporting structure is two tier. The Software Engineering Department, Hardware Engineering Department, Projects Team, and Business Development Team report to the Technical Director and Managing Director.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our Customer Relationship Management (CRM) software tracks the components required for delivering a service. All physical and virtual assets requiring Planned Preventative Maintenance, Patching, Reactive Maintenance and End of Life / Support are scheduled through the CRM. ; ; All change requests are recorded in the CRM for review and authorisation. Where applicable the FORM FM029 Development and change control form is used.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Monthly patching and annual PEN tests.; Review Microsoft Digital defence report.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Endpoint protection software, firewall monitoring and Azure security. Events trigger Incident Management Systems process.
• Incident management type: Supplier-defined controls
• Incident management approach: Users can report incidents via phone or email.; Upon incident report or detection via monitoring solutions or review processes the incident is noted in management software and Directors are emailed. The appropriate team is then tasked with resolving the incident. Upon resolution a review is conducted and outcomes put in place to prevent incident from happening again.; Incident reports can be provided by email on request.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  We offset CO2 by recycling through First Mile. We can assist our clients with disposal of defunct hardware in line with WEEE regulations.

Pricing

• Price: £6,735.00 an instance a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  ODS

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@purcellradio.com. Tell them what format you need. It will help if you say what assistive technology you use.