Verature Contractor Management and Compliance System
Digitalising your compliant contractor process, Verature manages contractors, subcontractors & in-house workers on multiple projects or locations, ensuring all arrive safe, work safe and stay safe.
Onboarding/assurance, project bookings, RAMS approvals/workflow, contractor portal, inductions &assessments, mobile check-in &digital badges, digital permit to work issue, permit/check-in/project mapping &audit.
Features
- Contractor Onboarding &Assurance, automated H&S Questionnaires & Renewals
- Centralised Approved Contractor Database across multiple locations and projects
- Secure storage and retrieval of compliance documents
- Automated renewals of compliance documents with Approve/Reject Workflow
- Daily view of live projects and contractors due on site
- Multiple permissions and access for Staff, Reception, and Security
- Unlimited Internal and External Users
- Online Inductions, Assessment and document upload through External Contractor Portal
- RAMS Approval and Workflow
- Live Site Fire Register, Electronic Permit Issue and on-site Audit
Benefits
- 24/7/365 access to information with real-time updates and reporting
- Configurable to meet your policies, processes and procedures
- Aligns with your incumbent IOSH/NEBOSH procedures
- Centralised contractor procedure for improved compliance and audit across locations
- One version of the truth around your projects and contractors
- Save time/costs through automating admin-heavy tasks and reduce chasing
- Comprehensive and automatically renewed Contractor Compliance documents for continuous compliance
- Mitigate risk and incidents caused by non-compliant contractors
- Prevent damage to your reputation
- Avoid H&S fines and prosecutions
Pricing
£5,988 to £21,000 an instance a year
- Education pricing available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
6 3 2 9 0 4 0 8 7 4 1 4 6 7 1
Contact
Target Information Systems Limited
Phil Atkinson
Telephone: 07702 248 948
Email: tenders@targetis.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
- Verature has unlimited internal and external users and each instance is restricted to 50GB data storage. Additional storage is available on request.
- System requirements
-
- A desktop, mobile or tablet computer
- A modern Internet browser
- A connection to the Internet
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- The ticket response times range from 1 hour to 48 hours depending on the priority level assigned to the ticket.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
Support
All support matters are to be first raised to the support email: support@verature.uk
Target provides application support between the hours of 9.00am and 5.30pm Monday to Friday excluding Bank Holidays.
A support matter emailed to the support email can be followed up with a call in office hours to: 01226 212 056.
Support incidents are split into three priorities:
Priority One
This is where an application is unavailable and users are unable to access the system. This will be responded to in one hour in business hours and have a resource dedicated to the problem until it is resolved. Target will work 24/7 on this problem until it is resolved.
Priority Two
This is for intermittent, non-critical support matters where the application is available and an error is occurring which does not affect normal usage of the system.
Priority two matters will be responded to within four business hours, and typically resolved within 72 hours.
Priority Three
For minor matters such as layout issues, spelling mistakes in graphical text or minor amends; these will either be resolved within seven working days or scheduled for an agreed date/time. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Verature is very easy to onboard. We provide all project management, regular project meetings, installation and 2x train the trainer webinar sessions including all training/user documentation and ongoing support via a support team and dedicated account manager. We are also able to help with data migration.
Risk is minimised as your Site(s) will have an incumbent method for control of contractors and Verature is not put to live until fully tested via a comprehensive UAT process and accepted by the client. - Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
-
Client will need to have their data exported into their preferred format at time of terminations.
Details on cost are available on request. - End-of-contract process
-
The contract end date is agreed and requirements for exporting the data are discussed with the Account Manager.
Where development work is required for recovery of the data this is clearly documented, communicated, and controlled via our ISO9001 Quality Management Processes
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- The available screen size of smaller devices can limit visibility of the information
- Service interface
- No
- User support accessibility
- WCAG 2.1 A
- API
- No
- Customisation available
- Yes
- Description of customisation
-
Clients are able to customise their instance of Verature to meet their specific policies, processes or procedures. Branding and email templates can be personalised, user types and associated permissions can be configured, schedule of reminders/alerts or approval workflows may be amended, and Verature can be configured to be used at additional sites.
This configuration is undertaken by Verature at the time of mobilisation.
Additional modules may be added on at any time during the lifecycle of the contract, such as electronic permits to work, permit mapping, shift handover.
Verature is a highly flexible and configurable platform.
Scaling
- Independence of resources
- Verature instances are on high-end server infrastructure with immediate access to CPUs, scalable memory and server storage.
Analytics
- Service usage metrics
- Yes
- Metrics types
- User defined.
- Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- Never
- Protecting data at rest
- Physical access control, complying with CSA CCM v3.0
- Data sanitisation process
- No
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Clients export their data through their requirements to their Account Manager.
- Data export formats
- CSV
- Data import formats
- Other
- Other data import formats
- Import not available to users, only at time of mobilisaton
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- 99.7%
- Approach to resilience
- Available on request.
- Outage reporting
- Planned and unplanned outages are communicated via email.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
-
Verature is configured to clients requirements where the permissions to access the database are configured at time of mobilisation.
Certain users/ system admin users have permission to set what access Users have to the database. - Access restriction testing frequency
- At least once a year
- Management access authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- NQA
- ISO/IEC 27001 accreditation date
- 1 July 2020
- What the ISO/IEC 27001 doesn’t cover
- We have been assessed on all control measures of the standard.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
The Information Security Policy and its supporting controls, processes and procedures apply to all information used, in all formats. It is compliant to Target's ISO 27001 certification.
The Information Security Policy and its supporting controls, processes and procedures apply to all individuals who have access to Target Information Systems information and technologies.
Target's Information Security policy covers the following:
Access Control
Backup Policy
Business Continuity
Change Management
Encryption
Information Handling
Information Risk Assessment
IT Usage Policy
Password Policy
Secure Development and Deployment Policy
Supplier Security
Starters, Movers and Leavers Policy
Compliance with controls in the policy are monitored by the Information Security Group and reported/escalated to the Leadership Team and Board where appropriate.
More details and access to external policy document available on request.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Configuration of Verature happens upon mobilisation which is supported by a project roadmap listing any out of scope items for future consideration.
Changes are managed through a Change Request procedure as part of our ISO9001 Quality Management System - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Risk assessments are undertaken to identify, rank and mitigate risks that can be reasonably identified. In general terms, security incidents will have one or more of the following impacts:
Release of sensitive personal data eg. in a data breach;
Loss of reputation;
Loss of funding streams;
Inability to meet legal obligations;
Loss of business continuity;
The following timescales apply to updates and patches:
Critical or high risk vulnerabilities – 7 days o Medium – 30 days;
Low – 60 days
Further policy details available on request. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
We check server logs daily and undertake monthly vulnerability scans.
When vulnerabilities are identified they are dealt with in accordance with their potential risk:
Critical or high risk vulnerabilities – 7 days;
Medium risk – 30 days;
Low risk – 60 days;
Further details available on request. - Incident management type
- Supplier-defined controls
- Incident management approach
-
Incidents are handled effectively in a manner that minimises the adverse impact to the client and risk of data loss according to Target's incident management policy &process.
Employees' responsibility to report security incidents actual, suspected, threatened or potential and observed security weaknesses through the appropriate known channels. Users report incidents through support/to their dedicated account manager.
Incidents are handled by appropriately authorised and skilled personnel and escalated to appropriate levels of management to determine response. All impacted subjects are informed, incidents are recorded and documented, evidence is gathered and maintained in a form that will withstand scrutiny.
Full policy available.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Wellbeing
Fighting climate change
Target is working towards achieving Net Zero and has sent team members on Net Zero courses to support our agenda. Influencing customers through the delivery of the contract to support environmental protection and improvement by offering alternative tools and approaches from paper-based systems and additional hardware e.g. QR code check-ins and digital badges.Wellbeing
Target supports the health and wellbeing, including physical
and mental health, of our contract workforce through the training and assignment of a mental health first aiders, monthly wellbeing 1-1's and has achieved Barnsley Council's Be Well@ Work Silver Award to demonstrate our commitment to wellbeing: https://www.barnsley.gov.uk/services/business-information/health-and-safety-at-work/be-well-work-award/
Pricing
- Price
- £5,988 to £21,000 an instance a year
- Discount for educational organisations
- Yes
- Free trial available
- No