Evotix Health And Safety Package For Ports and Marine Services
Evotix offers a proven health and safety solution tailored to ports and marine services. The software supports full risk, audit and incident management, reporting and visibility, e-learning/training, a mobile safety app and much more. Engage and boost productivity for your workforce whilst supporting your compliance needs.
Features
- Risk management
- Incident management
- Conduct audits on the go
- Safety training and microlearning
- Data analysis through a business intelligence tool
- Reporting at the point of work, online or offline
- Approval and review workflows including escalations and notifications
- Create bespoke templates, either site specific or applied company wide
Benefits
- One stop shop for all things health and safety
- Unified reporting based on all health and safety data
- Achieve and Demonstrate compliance
- Drive best practice
- Data analysis will help you identify and action improvements
- Full visibility of safety performance
- Improve engagement through a easy to use mobile web app
- Improve engagement through scan and go QR codes to forms
- Upskilling workforce through microlearning
Pricing
£39,500 an instance a year
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
6 2 2 1 0 8 0 7 8 0 3 4 9 1 0
Contact
EVOTIX LIMITED
David Coley
Telephone: 03003033657
Email: gcloud@evotix.com
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- The Assure health and safety management solution from Evotix is modular. This means each Assure module works standalone, but integrates powerfully with others to provide you with a complete solution.
- Cloud deployment model
- Public cloud
- Service constraints
- 99.9% service availability, assured by independent validation of assertion
- System requirements
- None
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
We offer different response times for queries for our standard and premium support offering.
For standard support, we provide a 4 hour response time
For premium support, we provide a 3 hour response time. - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 A
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Yes, at an extra cost
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- WCAG 2.1 A
- Web chat accessibility testing
- N/a
- Onsite support
- Onsite support
- Support levels
- Our customers prize our expert and friendly support both during implementation and ongoing. 95% of our customers renew every year. Our UK based customer services team answer all calls promptly and resolve problems quickly whether they relate to training or configuration. We follow a 6 stage case management process. All cases, issues, or requests for change are, in the first instance, reported to the Help Desk as the central point of contact. As first line support, the Help Desk can be contacted by phone or email Monday to Friday 8:30-17:30. Requests are recorded and monitored in our case management system which ties the request to your customer account to provide a complete history. Where first line support is unable to solve the customer issue, the case is escalated to second line support. Here, our system experts will work to understand the customer issue and diagnose the problem. Once derived, the solution is communicated, by phone and/or email, to the customer in our outlined SLA. If second line support cannot resolve the customer issue, the case is escalated to third line support for root cause analysis and/or data fix.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Assure has been designed with the user in mind, combining an intuitive consumer style interface with a corporate strength backbone. As a result, it meets business requirements while being straightforward and intuitive to use - not just by experts but by your organisation at large.
We provide users with different training delivery options: our most popular training delivery is online via webinar sessions, specifically for your organisation, and will be tailored for your solution and audience. These can be recorded so you can revisit and reuse them. We also offer interactive video tutorials which can be reused. If required, onsite training can be delivered at an additional cost.
Although influenced by the number of, and the level to which, users are to be trained, the number of training days required is always at your discretion.
We will discuss with you a suitable number of days and which delivery method is best suited to your individual requirements. All licensed users of Assure have access to our Knowledge Base, which contains a variety of help videos and articles. - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- The Customer should, no later than ten days after the effective date of the contract end, submit a written request for the delivery of the then most recent back-up of the Customer Data and any attachments that have been uploaded to the system.
- End-of-contract process
- If the customer is not renewing they can extract their data via the tools provided or the data extraction can be provided by Evotix at an additional cost.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
-
AssureGO+ is our next generation Progressive Web Application (PWA) which is ‘mobile first’ but eliminates app installation. The user interface reacts to the device using it so forms and content change to utilize the available screen – tablet, mobile or desktop.
Employees/contractors can easily capture hazards, near misses or incidents as well as completing audits, inspections or assessments 24/7, online or offline. If no internet is available, information is stored on the device until it can be synced.
AssureGO+ provides access to Assure forms anytime, anywhere on any device with a compatible browser. - Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
- Our Service Manager has been developed to provide a consumer level experience for logging Incidents and other Request Types by following a process of Progressive Capture. Progressive Capture is a graphical workflow tool that provides a new and simple way to define the capturing of information. Progressive Capture includes a number of small forms for collecting information related to the Incident. These forms are automatically configured depending on the information being captured.
- Accessibility standards
- WCAG 2.1 A
- Accessibility testing
- N/a
- API
- Yes
- What users can and can't do using the API
- Data insert using RESTful API.
- API documentation
- Yes
- API documentation formats
-
- Other
- API sandbox or test environment
- No
- Customisation available
- Yes
- Description of customisation
- Assure combines complete out of the box health and safety functionality (allowing you to be up and running immediately) with an exceptional level of configurability - of forms, organisation, permissions, reports, dashboards, etc. The configurability is controlled by permission settings by user type. This meets all but the most specialist / bespoke requirements and satisfies 99% of customers.
Scaling
- Independence of resources
- Real-time monitoring of server load with alerts on critical components EG. CPU load, memory load, throughput. Application servers are load balanced.
Analytics
- Service usage metrics
- Yes
- Metrics types
- All system fields
- Reporting types
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
-
- Physical access control, complying with SSAE-16 / ISAE 3402
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
-
Report and download (templates and bespoke) into Excel
Reports in JSON format
Active data connections to Excel
SSIS - Data export formats
-
- CSV
- Other
- Other data export formats
-
- JSON
- Microsoft Word
- Microsoft Excel
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- API
- Initial data import by Evotix as an implementation service
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- Other
- Other protection within supplier network
- IP restricted access
Availability and resilience
- Guaranteed availability
- 99.9% uptime, scheduled and notified maintenance schedules, clawback in contract
- Approach to resilience
-
Environmental Controls are implemented to help mitigate against the risk of service interruption caused by fires, floods and other forms of natural disasters.
The Datacentre electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week. Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility. Datacentres use generators to provide back-up power for the entire facility. - Outage reporting
- Dedicated 24/7 monitoring at service centre. Real-time dashboard and email alerts.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Other
- Other user authentication
- The user can integrate with their own SSO provider if it supports the WS-Fed protocol.
- Access restrictions in management interfaces and support channels
- For environment administration, access can only be provided via VPN from a whitelisted IP address to authorised users confirmed by MFA.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Dedicated link (for example VPN)
- Username or password
- Other
- Description of management access authentication
- Whitelisted IP address.
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- ISO Quality Services Limited
- ISO/IEC 27001 accreditation date
- 20/06/2021
- What the ISO/IEC 27001 doesn’t cover
- N/a
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
A full suite of information security policies and processes is in place as required by ISO 27001.
Internal auditing checks take place to ensure that all security controls are being observed. This includes policies
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- Our hosting provider maintains documented operational procedures for both infrastructure operations and customer-facing support functions. Newly provisioned infrastructure undergoes appropriate testing procedures to limit exposure to any hardware failure. Documented procedures and configuration version controls provide protection from errors during configuration. Changes to an existing infrastructure are controlled by a technical change management policy, which enforces best practice change management controls including impact/risk assessment, customer sign off, and back-out planning.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
Patches to solution every 2 weeks unless critical, then immediate.
Penetration testing and internal code testing (peer reviewed and deployment testing services)
Employ best practice to mitigate against known issues (e.g. SQL Injection)
Regular automated vulnerability testing with risk based timescales for remediation if any issues are found. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Evotix uses AWS GuardDuty firewalls to protect the Assure systems, this includes the following protections: Access Control Lists, DDOS, Intrusion prevention, threat detection, API monitoring, log analysis and VPC analysis
One of its functions is checking for unusual events, based on a common baseline.
When alerts come in these logs \ areas are checked. Manual reviews are also carried out. These are done ad hoc to avoid pattern forming
Virtual firewalls (security groups) are used to restrict ingress between the layers of the platform in the VPC. - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
Where an Incident is identified, an Incident Response team is convened, the incident is classified, immediate action taken and an investigation is commenced.
It will be escalated internally to an appropriate level of management.
Following immediate action and investigation, follow up actions will be identified to implement corrective actions to resolve the incident and mitigate the potential for recurrence.
A customer will be notified if their information has been affected as soon as practical.
Whilst investigation is happening, the customer will receive updates. A full investigation will be completed and a report will be issued.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
Our solution offers the ability to track and report carbon emissions. Using this information customers can identify solutions to reduce their emissions. - Covid-19 recovery
-
Covid-19 recovery
Our solution is being used nationally to deliver valuable skills and training to communities, helping to get more people back into work post the COVID-19 Pandemic. - Tackling economic inequality
-
Tackling economic inequality
Our solution is being used nationally to deliver valuable skills and training to communities, helping to get more people back into work post the COVID-19 Pandemic. - Wellbeing
-
Wellbeing
We have a wellbeing toolkit, delivered through GLOW that provides a wellness and wellbeing framework from which to assess and diagnose areas of strength and weakness around mental health and general wellbeing. GLOW contains tools, advice and resources for users to address potential issues and create more resilience in this space, helping them be fit for work.
Pricing
- Price
- £39,500 an instance a year
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
-
- Immediate access to the AssureGO+ App
- See how easy it is for anybody to engage in health and safety
- Experience first hand how you can collect more consistent data
- Unlimited access - Link to free trial
- https://www.evotix.com/assurego-request-your-free-trial-now