Skip to main content

Help us improve the Digital Marketplace - send your feedback

Ditto Sustainability Ltd

Rio

Rio is an online environmental reporting and sustainability platform that brings together behaviour change, environmental compliance, and environmental data analysis into one platform. Whilst also automating a range of consultancy activities. Rio is supported by a patented explainable AI technology that can advise users on a range of sustainability topics.

Features

  • Sustainability and Environmental Social Governance (ESG) data management and reporting
  • Operational environmental reporting on waste, electricity, gas, water and transport
  • CPD accredited and IEMA recommended Online elearning modules/content
  • Automated full scope GHG Carbon reporting
  • Environmental Legal Register
  • Normalise data with Intensity factors e.g FTE, Revenue, Production
  • Advanced permissions allowing account, user and group management
  • Online ISO 14001 and 50001 Management System functionality
  • Target setting for CDP, Science Based Targets, TCFD, GRi
  • CSR and SDG data reporting

Benefits

  • Visualise and analyse all sustainability data in one place
  • Assign tasks and action to users, monitor progress
  • Data upload via API or drag and drop .csv xls
  • Embedded data cleansing and automated carbon calculations
  • Flexible data structures & business intelligence dashboards
  • Enable behavioural change throughout their business and supply chain
  • Fully auditable document controls
  • Personal and business alerts that drive improvement and engagement

Pricing

£2,000 an instance a month

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at daniel.botterill@rio.ai. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

6 4 3 3 9 0 4 8 7 7 9 7 5 9 7

Contact

Ditto Sustainability Ltd Daniel Botterill
Telephone: 020 3371 7612
Email: daniel.botterill@rio.ai

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
Our service supports all modern browsers - except I.E
Our service is currently available on desktop only (WinOs and MacOs).
System does not require any planned outages for maintenance or upgrade
System requirements
  • Desktop device running modern web browser(chrome, firefox, Edge)
  • Laptop device running modern web browser(chrome, firefox, Edge)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Users will receive a response to their query within 4 hours and an attempted first time fix within one business day.

There is no support at weekends unless a separate agreement is agreed at an extra cost.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
For onsite or desk-based sustainability or environmental audits and reviews:
Junior Consultant
Consultant £700 per day
Senior Consultant £800 per day
Director £1500 per day

Software development available for bespoke functionality, prices available upon scoping.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Our Customer Success team work with the project sponsors to implement the system. We provide onsite training where required. However most of the training is carried out over the phone, via screen share and eLearning content. Rio has been developed to be as intuitive as possible, and as such no documentation is currently available. However this can be created upon request where required.
Service documentation
No
End-of-contract data extraction
Our Customer Success team delete or return all data from the platform when the contract comes to and end.
End-of-contract process
At the end of a standard contract there will be no additional costs to the user, and all personal data will be deleted or returned unless required by Applicable Law.

Should the contract be terminated before the end of the contract period, either Ditto or the User are required to submit a written notice 60 days prior to termination. All confidential data and information shall be deleted or returned on termination. Ditto reserve the right to claim any outstanding payments and issue a final invoice for services used, which shall be payable immediately upon receipt.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Mobile App functionality is limited to read only functions and auditing tools incl. photo/document upload.
Service interface
No
User support accessibility
None or don’t know
API
Yes
What users can and can't do using the API
Our RESTful API can make data available to users within other platforms if so required and is developed at an additional day rate cost
API documentation
No
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
Users can choose which areas of the platform they have access to dependant on their subscription, the platform is broken down into three key areas; Learning, Governance, Monitioring/Reporting. In addition there is a hierarchy of users in place allowing for different permissions and user types. Changes to these settings can be made by a system admin or account admin.

Organisation logo is also available to be added to the platform.

Organisations can also customise our off the shelf eLearning modules at a rate of £1000 per day

Scaling

Independence of resources
Rio is an entirely cloud-native application that utilises services and infrastructure provided by world-leading cloud computing provider - Amazon Web Services (AWS). AWS allows us to take advantage of its dynamic scalability, providing us with the ability to instantaneously react to usage spikes and scale our infrastructure automatically to fulfil user demand, without the need for human intervention.

Analytics

Service usage metrics
Yes
Metrics types
Last Login Date dd/mm/yy - hh:mm:ss
Total time spent in system hh:mm:ss
Reporting types
Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
Less than once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Encryption of all physical media
  • Other
Other data at rest protection approach
AWS adheres to independently validated privacy, data protection, security protections and control processes.
AWS is responsible for the security of the cloud; Ditto are responsible for security in the cloud. All data is encrypted both at rest and in transit.
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users can either export their raw data for any of our current resource types (Waste, electricity, gas, water) as an excel or CSV file. Data visualisation reports can be exported as pdfs, jpegs, ppt, excel, CSV. Knowledge bases, the infrastructure for our explainable AI can be exported as XML files. Account configurations can be exported as excel or CSV. In addition our RESTful API can make data available to users within other platforms if so required.
Data export formats
CSV
Data import formats
  • CSV
  • Other
Other data import formats
  • Xls
  • .doc
  • .pdf
  • .mp4
  • .jpg
  • .png
  • .ppt
  • SCORM

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
You acknowledge and agree that the Service is provided on-line via the Platform and, accordingly, while we shall use our reasonable endeavours to ensure that access to the Service is available at all times and that the Service operates to an appropriate standard, continuous access cannot be
guaranteed.

However, we shall use our reasonable endeavours to ensure that any steps taken by us to maintain or up-grade the Service are taken at times that ensure minimum disruption to Authorised Users.

It's not standard practice for Ditto to refund users in the case of service downtime.
Approach to resilience
Our application and data stores hosted on in AWS cloud service are deployed and replicated accross multiple availability zones ensuring seamless recovery and preventing any data loss in case of data centre failure.
AWS maintains a ubiquitous security control environment across all regions. Each data centre is built to physical, environmental, and security standards in an active-active configuration, employing an n+1 redundancy model, ensuring system availability in the event of component failure. Components (N) have at least one independent backup component. All data centres are online and serving traffic. In case of failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites.
Outage reporting
Internal Dashboard and Alerts based system
Manual Alerts to Customers/Users

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
We can restrict users based on system wide controls e.g. geography, job role, management level. Or we can create custom tags that would allow users access to specific portions of the system related to data, learning content, compliance documentation.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
No audit information available
Access to supplier activity audit information
No audit information available
How long system logs are stored for
Less than 1 month

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
British Assessment Bureau
ISO/IEC 27001 accreditation date
Valid from 08/04/2019
What the ISO/IEC 27001 doesn’t cover
Our archived platform WasteExpert
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Ditto Sustainability are ISO27001 certified and have implemented an Information Security Management system which covers all areas of the business. This system is managed and maintained by the Information Security Steering Committee to ensure all threats and risks are dealt with appropriately, and that the system evolves with the business.
All production systems are Penetration Tested once every 18 months and developers receive relevant technical training to ensure ongoing security. Furthermore, security checks are baked into the development process in order to manage threats and risks to production systems
We have robust Backup, Incident Management and Physical security policies which protect both digital and physical assets to the highest possible level, and all staff have been through our internal Information Security training and receive annual refresher courses to keep them up to date with threats, risks and advances in Information Security.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our configuration and change management processes are part of our ISO27001 accreditation. All processes and procedures below are reviewed whenever there is a change in business activities, operations, or a shortcoming has been identified.

Changes can only be initiated by senior staff within Ditto. All changes must be planned, evaluated (standard, significant or emergency change), reviewed, approved, communicated, implemented, documented and go through a post-change review.

Secure System Engineering Principles will be applied to IT changes by considering the following architectural layers; Business, Data, Appliction, Technology.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Ditto Sustainability manages it's vulnerability management process according to its ISO27001 accreditation. It protects against potential threats by controlling application gateways, maintaining anti-virus and anti-malware as well as setting perimeter defences (firewalls, intrusion detection systems). All security patches and software updates are managed by BitDefender to ensure the entirety of the IT infrastructure is up to date. It is the responsibility of the Information Security Manager to maintain our ISMS procedures. However it is the responsibility of all employees, contractors and third parties to report any potential incidents.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Our system monitors for unauthorized intrusion attempts on every level of application. Near real-time alerts flag incidents, based on Security Team-set thresholds.Incidents are investigated, resolved and prevented from re-occuring by Security Team.

All requests to and within the system are logged and monitored for usage abuse or abnormal behaviour.
Incident management type
Supplier-defined controls
Incident management approach
All staff are aware of the incident management policy that is in place in accordance with ISO27001. All severe events are logged by the reporter. These logs include a timeline of events, who was involved, how the incident occurred and what the outcome was. These logs are then used to inform our ISMS so that we can update our processes.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

Rio provides a a suite of tools to help users calculate monitor and manage their Scope 1-3 carbon emissions. This is supported with a wide range of sustainability training content.
Covid-19 recovery

Covid-19 recovery

n/a
Tackling economic inequality

Tackling economic inequality

As an Environmental, Social and Governance tool and consultancy we support our clients in creating and implementing effective strategies that also incorporates tackling economic inequality.
Equal opportunity

Equal opportunity

As an Environmental, Social and Governance tool and consultancy we support our clients in creating and implementing effective strategies that also incorporates equal opportunity themes.
Wellbeing

Wellbeing

n/a

Pricing

Price
£2,000 an instance a month
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at daniel.botterill@rio.ai. Tell them what format you need. It will help if you say what assistive technology you use.