Building Software Limited

m2i.SHEQ

m2i.SHEQ is a comprehensive system designed to address the Health, Safety, Environmental, and Quality (SHEQ) requirements of companies in the construction sector and housebuilders in particular. However this can be applied to any sector/industry.

Features

• Inspections and Actions
• Cross-Referenced Staff and Project Register
• Safety Events
• Behavioural Safety
• Operational Dashboards:
• Automatic Calculation of Key Statistics
• Data Analysis
• Workflow Automation
• Full Audit Trail
• Expansion and Scalability

Benefits

• Compliance with regulations
• Improved performance monitoring and process automation
• Centralized document repository.
• Streamlined incident reporting and response.
• Creation of a safer working environment
• No software required
• Reduce administratve workload.
• Lower paper and printing costs.
• Avoidance of reputation damage and lower insurance premiums.

£5,000.00 a unit

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at richard.howard@measure2improve.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

630315031441169

Contact

Richard Howard
07740 740057
richard.howard@measure2improve.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No Constraints. Any planned downtime will always be scheduled for out of hours.
• System requirements:
  • Web Browser
  • Internet Access

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The initial response will be 2 hours during the working week. Support hours are Monday to Friday 8:30am to 5:00pm.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our standard support offering is 8:30am to 5:00pm Monday to Friday. This is included in the costs. We will support you via phone/email and via MS Teams. We are able to connect to you via teams to see and provide support. You will be provided with a dedicated Client Account Director and Manager for your account. If you wanted extra support or a "Managed Service" this would be charged as follows:; 10 Days @ £500 = Total £5,000. This time can be used as you wish * please see pricing as the above is an example.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Our implementation service includes the following:; *Creating your database and adding it to our primary and backup servers; *Setting up user domain name and security certificates (m2ipower URL ); *Setting system colours and system footer details; *Customising the menu page with your logo (logo to be supplied); *A system run through with your user implementation team (up to 5 people) – 1 x 2 hour session; *A meeting to agree data required for system implementation – 1 x 2 hour session. ; The system can be implemented within 4 weeks,; A complete set of training courses is provided for your different users:; * System administrator training - 1-hour sessions (will be recorded); * Site Team training - 30-minute sessions (will be recorded); * SHE Team Training – 30-minute sessions; * Management Team training – 30-minute sessions
• Service documentation: Yes
• Documentation formats: Other
• Other documentation formats: Via MS Teams
• End-of-contract data extraction: We will transfer all of your data on a fully encrypted data file (which you will need to provide). We will work with you and fully support you with this process.
• End-of-contract process: At the end of the contract if you decide not to renew then we will transfer your data to you on a external drive or secure location provided by you. There would be no costs for us to transfer this data unless it exceeds 1 days work.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The screen will resize so icons/options will be in a slightly different place. Our service is built on a mobile first technology.
• Service interface: No
• User support accessibility: WCAG 2.1 AAA
• API: Yes
• What users can and can't do using the API: The API is intended for Developers to connect into. They have 3 options to either Post, Get or Put. We supply/provide the developers with all the code they need. This is on a unique page to them. This doesn't allow any changes to the fundamental configuration of the platform/database.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: The m2iSHEQ product can be customised to have your branding, colours and logo's applied as part of the standard package. Modules names, fields names, menus, role groups can all be changed. There would be an extra charge for this.

Scaling

• Independence of resources: Each system/or database is in its our restricted area. we have specialised tools to prevent this from happening. If your system has exceed its storage limit we will contact you regarding increasing this.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide details on all the areas of the system from how much each module is being used, Inspections - the number of, the number of workflow items and how many have been run in the past year. Also the actual size of the database.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Dashboard reports can be extract on demand. We can also offer you as part of a managed service bundle ad hoc data transfers.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The target for the availability of the system during the support hours of 8:30am to 5pm is 99.9% within a calendar month. No refunds, as we are ISO 9001 & 20000-1 we will investigate this fully and report back to you our findings and corrective actions.
• Approach to resilience: Rackspace host our servers and are ISO 270001 accredited. Our server infrastructure diagrams are available on request.
• Outage reporting: Any planned service outages will be notified via email to the key Client contact and also using our banner message on the site.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: We can restrict access based on role permission groups. A standard user would not have limited access whereas an Admin user can however have access to the configuration of the site. The user groups can be defined and changed to work with your business needs. These spilt into areas of reporting, Pages, Modules, and Workflow allowing us to define each role more closely.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO20000-1
  • ISO9001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: All policies are tracked using our ISO management system. We are 9001 and 20000-1 and Rackspace who provide the server infrastructure are 270001.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: .Our configuration and change management approach involves a systematic process to maintain and control changes in our environment.; ; Identification: Documenting and classifying configuration items.; Control: Managing changes through an established request and approval process.; Monitoring: Tracking changes and configuration states.; Verification: Regularly reviewing configurations to ensure they match desired states.; Implementation: Carrying out approved changes with minimal disruption.; Evaluation: Assessing the impact of changes on performance and security.; Our approach emphasizes clear communication, thorough documentation, and efficient implementation to maintain a stable and reliable system.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our vulnerability management process is designed to proactively identify, assess, and address vulnerabilities across our systems.; ; Identification: Regular scanning and monitoring to detect potential vulnerabilities in our network, applications, and infrastructure.; Assessment: Prioritizing vulnerabilities based on risk level and potential impact on business operations.; Remediation: Implementing patches, updates, or configuration changes to mitigate identified risks.; Verification: Validating the effectiveness of remediation measures through follow-up scans and testing.; Documentation: Maintaining records of vulnerabilities, assessments, and remediation efforts for auditing and compliance.; Our process focuses on continuous monitoring and swift action to maintain a secure and resilient environment.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Our protective monitoring process aims to safeguard our systems by actively detecting and responding to potential compromises.; ; Identification: Real-time monitoring tools track system and network activity, detecting signs of unusual behavior such as unauthorized access attempts or data breaches.; Response: Upon detecting potential compromises, we quickly investigate the incident to assess its severity and impact. We follow established incident response protocols, including containment measures to minimize damage.; Timeliness: We respond to incidents within minutes of detection, operating 24/7 for quick incident response and to minimize potential risks.; Our approach focuses on continuous monitoring, prompt investigation, and efficient mitigation strategies.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our incident management process focuses on quick identification, response, and resolution of incidents to minimize disruption and impact.; ; Pre-defined Processes: We have established protocols for handling common events such as system outages, security breaches, and performance issues. These processes include steps for investigation, escalation, and resolution.; User Incident Reporting: Users can report incidents through a dedicated helpdesk, email, or phone line. These reports are logged and tracked for follow-up.; Incident Reports: After resolving an incident, we provide detailed reports outlining the incident's root cause, impact, and resolution steps. These reports are shared with relevant stakeholders for transparency and future prevention.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Where possible we are using Public transport to travel to Client Meetings. We are also turning off screens, lights and sockets in the office. We are encouraging staff to be green where possible.

  Covid-19 recovery

  We have built-in resilience so that we now have the capabilities to work from home if something like this happens again. We are much more flexible in the workplace and offer hybrid working.

  Tackling economic inequality

  We are giving people in the local community new employment opportunities by offering apprenticeships with us. We have a track record of this and have been since 2014

  Equal opportunity

  We are committed to giving everyone the same opportunities for employment, pay, and promotion. We operate an open day approach to all employees and believe in giving everyone a right to have their say on how we can improve things. We treat everyone the same regardless of their background or position, beliefs.

  Wellbeing

  We promote healthy eating by having healthy snacks (Fruit) in the workplace. We encourage walking, giving employees a chance to move from their desks. We also have a number of social events / team building events.

Pricing

• Price: £5,000.00 a unit
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We can allow the use of our Pilot System for an agreed time. We can also provide a proof of concept, this would be chargeable but we will offset these costs against the annual agreement fee if you signup for the service going forward.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at richard.howard@measure2improve.com. Tell them what format you need. It will help if you say what assistive technology you use.