Skip to main content

Help us improve the Digital Marketplace - send your feedback

Building Software Limited

m2i.SHEQ

m2i.SHEQ is a comprehensive system designed to address the Health, Safety, Environmental, and Quality (SHEQ) requirements of companies in the construction sector and housebuilders in particular. However this can be applied to any sector/industry.

Features

  • Inspections and Actions
  • Cross-Referenced Staff and Project Register
  • Safety Events
  • Behavioural Safety
  • Operational Dashboards:
  • Automatic Calculation of Key Statistics
  • Data Analysis
  • Workflow Automation
  • Full Audit Trail
  • Expansion and Scalability

Benefits

  • Compliance with regulations
  • Improved performance monitoring and process automation
  • Centralized document repository.
  • Streamlined incident reporting and response.
  • Creation of a safer working environment
  • No software required
  • Reduce administratve workload.
  • Lower paper and printing costs.
  • Avoidance of reputation damage and lower insurance premiums.

Pricing

£5,000.00 a unit

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at richard.howard@measure2improve.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

6 3 0 3 1 5 0 3 1 4 4 1 1 6 9

Contact

Building Software Limited Richard Howard
Telephone: 07740 740057
Email: richard.howard@measure2improve.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
No Constraints. Any planned downtime will always be scheduled for out of hours.
System requirements
  • Web Browser
  • Internet Access

User support

Email or online ticketing support
Email or online ticketing
Support response times
The initial response will be 2 hours during the working week. Support hours are Monday to Friday 8:30am to 5:00pm.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Our standard support offering is 8:30am to 5:00pm Monday to Friday. This is included in the costs. We will support you via phone/email and via MS Teams. We are able to connect to you via teams to see and provide support. You will be provided with a dedicated Client Account Director and Manager for your account. If you wanted extra support or a "Managed Service" this would be charged as follows:
10 Days @ £500 = Total £5,000. This time can be used as you wish * please see pricing as the above is an example.
Support available to third parties
No

Onboarding and offboarding

Getting started
Our implementation service includes the following:
*Creating your database and adding it to our primary and backup servers
*Setting up user domain name and security certificates (m2ipower URL )
*Setting system colours and system footer details
*Customising the menu page with your logo (logo to be supplied)
*A system run through with your user implementation team (up to 5 people) – 1 x 2 hour session
*A meeting to agree data required for system implementation – 1 x 2 hour session.
The system can be implemented within 4 weeks,
A complete set of training courses is provided for your different users:
* System administrator training - 1-hour sessions (will be recorded)
* Site Team training - 30-minute sessions (will be recorded)
* SHE Team Training – 30-minute sessions
* Management Team training – 30-minute sessions
Service documentation
Yes
Documentation formats
Other
Other documentation formats
Via MS Teams
End-of-contract data extraction
We will transfer all of your data on a fully encrypted data file (which you will need to provide). We will work with you and fully support you with this process.
End-of-contract process
At the end of the contract if you decide not to renew then we will transfer your data to you on a external drive or secure location provided by you. There would be no costs for us to transfer this data unless it exceeds 1 days work.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The screen will resize so icons/options will be in a slightly different place. Our service is built on a mobile first technology.
Service interface
No
User support accessibility
WCAG 2.1 AAA
API
Yes
What users can and can't do using the API
The API is intended for Developers to connect into. They have 3 options to either Post, Get or Put. We supply/provide the developers with all the code they need. This is on a unique page to them. This doesn't allow any changes to the fundamental configuration of the platform/database.
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
The m2iSHEQ product can be customised to have your branding, colours and logo's applied as part of the standard package. Modules names, fields names, menus, role groups can all be changed. There would be an extra charge for this.

Scaling

Independence of resources
Each system/or database is in its our restricted area. we have specialised tools to prevent this from happening. If your system has exceed its storage limit we will contact you regarding increasing this.

Analytics

Service usage metrics
Yes
Metrics types
We provide details on all the areas of the system from how much each module is being used, Inspections - the number of, the number of workflow items and how many have been run in the past year. Also the actual size of the database.
Reporting types
Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Dashboard reports can be extract on demand. We can also offer you as part of a managed service bundle ad hoc data transfers.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The target for the availability of the system during the support hours of 8:30am to 5pm is 99.9% within a calendar month. No refunds, as we are ISO 9001 & 20000-1 we will investigate this fully and report back to you our findings and corrective actions.
Approach to resilience
Rackspace host our servers and are ISO 270001 accredited. Our server infrastructure diagrams are available on request.
Outage reporting
Any planned service outages will be notified via email to the key Client contact and also using our banner message on the site.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
We can restrict access based on role permission groups. A standard user would not have limited access whereas an Admin user can however have access to the configuration of the site. The user groups can be defined and changed to work with your business needs. These spilt into areas of reporting, Pages, Modules, and Workflow allowing us to define each role more closely.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
  • ISO20000-1
  • ISO9001

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
All policies are tracked using our ISO management system. We are 9001 and 20000-1 and Rackspace who provide the server infrastructure are 270001.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
.Our configuration and change management approach involves a systematic process to maintain and control changes in our environment.

Identification: Documenting and classifying configuration items.
Control: Managing changes through an established request and approval process.
Monitoring: Tracking changes and configuration states.
Verification: Regularly reviewing configurations to ensure they match desired states.
Implementation: Carrying out approved changes with minimal disruption.
Evaluation: Assessing the impact of changes on performance and security.
Our approach emphasizes clear communication, thorough documentation, and efficient implementation to maintain a stable and reliable system.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Our vulnerability management process is designed to proactively identify, assess, and address vulnerabilities across our systems.

Identification: Regular scanning and monitoring to detect potential vulnerabilities in our network, applications, and infrastructure.
Assessment: Prioritizing vulnerabilities based on risk level and potential impact on business operations.
Remediation: Implementing patches, updates, or configuration changes to mitigate identified risks.
Verification: Validating the effectiveness of remediation measures through follow-up scans and testing.
Documentation: Maintaining records of vulnerabilities, assessments, and remediation efforts for auditing and compliance.
Our process focuses on continuous monitoring and swift action to maintain a secure and resilient environment.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Our protective monitoring process aims to safeguard our systems by actively detecting and responding to potential compromises.

Identification: Real-time monitoring tools track system and network activity, detecting signs of unusual behavior such as unauthorized access attempts or data breaches.
Response: Upon detecting potential compromises, we quickly investigate the incident to assess its severity and impact. We follow established incident response protocols, including containment measures to minimize damage.
Timeliness: We respond to incidents within minutes of detection, operating 24/7 for quick incident response and to minimize potential risks.
Our approach focuses on continuous monitoring, prompt investigation, and efficient mitigation strategies.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Our incident management process focuses on quick identification, response, and resolution of incidents to minimize disruption and impact.

Pre-defined Processes: We have established protocols for handling common events such as system outages, security breaches, and performance issues. These processes include steps for investigation, escalation, and resolution.
User Incident Reporting: Users can report incidents through a dedicated helpdesk, email, or phone line. These reports are logged and tracked for follow-up.
Incident Reports: After resolving an incident, we provide detailed reports outlining the incident's root cause, impact, and resolution steps. These reports are shared with relevant stakeholders for transparency and future prevention.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

Where possible we are using Public transport to travel to Client Meetings. We are also turning off screens, lights and sockets in the office. We are encouraging staff to be green where possible.

Covid-19 recovery

We have built-in resilience so that we now have the capabilities to work from home if something like this happens again. We are much more flexible in the workplace and offer hybrid working.

Tackling economic inequality

We are giving people in the local community new employment opportunities by offering apprenticeships with us. We have a track record of this and have been since 2014

Equal opportunity

We are committed to giving everyone the same opportunities for employment, pay, and promotion. We operate an open day approach to all employees and believe in giving everyone a right to have their say on how we can improve things. We treat everyone the same regardless of their background or position, beliefs.

Wellbeing

We promote healthy eating by having healthy snacks (Fruit) in the workplace. We encourage walking, giving employees a chance to move from their desks. We also have a number of social events / team building events.

Pricing

Price
£5,000.00 a unit
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
We can allow the use of our Pilot System for an agreed time. We can also provide a proof of concept, this would be chargeable but we will offset these costs against the annual agreement fee if you signup for the service going forward.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at richard.howard@measure2improve.com. Tell them what format you need. It will help if you say what assistive technology you use.