Ditto Sustainability Ltd

Rio

Rio is an online environmental reporting and sustainability platform that brings together behaviour change, environmental compliance, and environmental data analysis into one platform. Whilst also automating a range of consultancy activities. Rio is supported by a patented explainable AI technology that can advise users on a range of sustainability topics.

Features

• Sustainability and Environmental Social Governance (ESG) data management and reporting
• Operational environmental reporting on waste, electricity, gas, water and transport
• CPD accredited and IEMA recommended Online elearning modules/content
• Automated full scope GHG Carbon reporting
• Environmental Legal Register
• Normalise data with Intensity factors e.g FTE, Revenue, Production
• Advanced permissions allowing account, user and group management
• Online ISO 14001 and 50001 Management System functionality
• Target setting for CDP, Science Based Targets, TCFD, GRi
• CSR and SDG data reporting

Benefits

• Visualise and analyse all sustainability data in one place
• Assign tasks and action to users, monitor progress
• Data upload via API or drag and drop .csv xls
• Embedded data cleansing and automated carbon calculations
• Flexible data structures & business intelligence dashboards
• Enable behavioural change throughout their business and supply chain
• Fully auditable document controls
• Personal and business alerts that drive improvement and engagement

£2,000 an instance a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at daniel.botterill@rio.ai. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

643390487797597

Contact

Daniel Botterill
020 3371 7612
daniel.botterill@rio.ai

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Our service supports all modern browsers - except I.E; Our service is currently available on desktop only (WinOs and MacOs).; System does not require any planned outages for maintenance or upgrade
• System requirements:
  • Desktop device running modern web browser(chrome, firefox, Edge)
  • Laptop device running modern web browser(chrome, firefox, Edge)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Users will receive a response to their query within 4 hours and an attempted first time fix within one business day.; ; There is no support at weekends unless a separate agreement is agreed at an extra cost.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: For onsite or desk-based sustainability or environmental audits and reviews:; Junior Consultant; Consultant £700 per day; Senior Consultant £800 per day; Director £1500 per day; ; Software development available for bespoke functionality, prices available upon scoping.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our Customer Success team work with the project sponsors to implement the system. We provide onsite training where required. However most of the training is carried out over the phone, via screen share and eLearning content. Rio has been developed to be as intuitive as possible, and as such no documentation is currently available. However this can be created upon request where required.
• Service documentation: No
• End-of-contract data extraction: Our Customer Success team delete or return all data from the platform when the contract comes to and end.
• End-of-contract process: At the end of a standard contract there will be no additional costs to the user, and all personal data will be deleted or returned unless required by Applicable Law.; ; Should the contract be terminated before the end of the contract period, either Ditto or the User are required to submit a written notice 60 days prior to termination. All confidential data and information shall be deleted or returned on termination. Ditto reserve the right to claim any outstanding payments and issue a final invoice for services used, which shall be payable immediately upon receipt.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile App functionality is limited to read only functions and auditing tools incl. photo/document upload.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Our RESTful API can make data available to users within other platforms if so required and is developed at an additional day rate cost
• API documentation: No
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Users can choose which areas of the platform they have access to dependant on their subscription, the platform is broken down into three key areas; Learning, Governance, Monitioring/Reporting. In addition there is a hierarchy of users in place allowing for different permissions and user types. Changes to these settings can be made by a system admin or account admin.; ; Organisation logo is also available to be added to the platform. ; ; Organisations can also customise our off the shelf eLearning modules at a rate of £1000 per day

Scaling

• Independence of resources: Rio is an entirely cloud-native application that utilises services and infrastructure provided by world-leading cloud computing provider - Amazon Web Services (AWS). AWS allows us to take advantage of its dynamic scalability, providing us with the ability to instantaneously react to usage spikes and scale our infrastructure automatically to fulfil user demand, without the need for human intervention.

Analytics

• Service usage metrics: Yes
• Metrics types: Last Login Date dd/mm/yy - hh:mm:ss; Total time spent in system hh:mm:ss
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: AWS adheres to independently validated privacy, data protection, security protections and control processes. ; AWS is responsible for the security of the cloud; Ditto are responsible for security in the cloud. All data is encrypted both at rest and in transit.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can either export their raw data for any of our current resource types (Waste, electricity, gas, water) as an excel or CSV file. Data visualisation reports can be exported as pdfs, jpegs, ppt, excel, CSV. Knowledge bases, the infrastructure for our explainable AI can be exported as XML files. Account configurations can be exported as excel or CSV. In addition our RESTful API can make data available to users within other platforms if so required.
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Xls
  • .doc
  • .pdf
  • .mp4
  • .jpg
  • .png
  • .ppt
  • SCORM

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: You acknowledge and agree that the Service is provided on-line via the Platform and, accordingly, while we shall use our reasonable endeavours to ensure that access to the Service is available at all times and that the Service operates to an appropriate standard, continuous access cannot be; guaranteed.; ; However, we shall use our reasonable endeavours to ensure that any steps taken by us to maintain or up-grade the Service are taken at times that ensure minimum disruption to Authorised Users.; ; It's not standard practice for Ditto to refund users in the case of service downtime.
• Approach to resilience: Our application and data stores hosted on in AWS cloud service are deployed and replicated accross multiple availability zones ensuring seamless recovery and preventing any data loss in case of data centre failure.; AWS maintains a ubiquitous security control environment across all regions. Each data centre is built to physical, environmental, and security standards in an active-active configuration, employing an n+1 redundancy model, ensuring system availability in the event of component failure. Components (N) have at least one independent backup component. All data centres are online and serving traffic. In case of failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites.
• Outage reporting: Internal Dashboard and Alerts based system ; Manual Alerts to Customers/Users

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: We can restrict users based on system wide controls e.g. geography, job role, management level. Or we can create custom tags that would allow users access to specific portions of the system related to data, learning content, compliance documentation.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: Less than 1 month

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: Valid from 08/04/2019
• What the ISO/IEC 27001 doesn’t cover: Our archived platform WasteExpert
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Ditto Sustainability are ISO27001 certified and have implemented an Information Security Management system which covers all areas of the business. This system is managed and maintained by the Information Security Steering Committee to ensure all threats and risks are dealt with appropriately, and that the system evolves with the business.; All production systems are Penetration Tested once every 18 months and developers receive relevant technical training to ensure ongoing security. Furthermore, security checks are baked into the development process in order to manage threats and risks to production systems; We have robust Backup, Incident Management and Physical security policies which protect both digital and physical assets to the highest possible level, and all staff have been through our internal Information Security training and receive annual refresher courses to keep them up to date with threats, risks and advances in Information Security.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our configuration and change management processes are part of our ISO27001 accreditation. All processes and procedures below are reviewed whenever there is a change in business activities, operations, or a shortcoming has been identified.; ; Changes can only be initiated by senior staff within Ditto. All changes must be planned, evaluated (standard, significant or emergency change), reviewed, approved, communicated, implemented, documented and go through a post-change review.; ; Secure System Engineering Principles will be applied to IT changes by considering the following architectural layers; Business, Data, Appliction, Technology.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Ditto Sustainability manages it's vulnerability management process according to its ISO27001 accreditation. It protects against potential threats by controlling application gateways, maintaining anti-virus and anti-malware as well as setting perimeter defences (firewalls, intrusion detection systems). All security patches and software updates are managed by BitDefender to ensure the entirety of the IT infrastructure is up to date. It is the responsibility of the Information Security Manager to maintain our ISMS procedures. However it is the responsibility of all employees, contractors and third parties to report any potential incidents.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our system monitors for unauthorized intrusion attempts on every level of application. Near real-time alerts flag incidents, based on Security Team-set thresholds.Incidents are investigated, resolved and prevented from re-occuring by Security Team.; ; All requests to and within the system are logged and monitored for usage abuse or abnormal behaviour.
• Incident management type: Supplier-defined controls
• Incident management approach: All staff are aware of the incident management policy that is in place in accordance with ISO27001. All severe events are logged by the reporter. These logs include a timeline of events, who was involved, how the incident occurred and what the outcome was. These logs are then used to inform our ISMS so that we can update our processes.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Rio provides a a suite of tools to help users calculate monitor and manage their Scope 1-3 carbon emissions. This is supported with a wide range of sustainability training content.
• Covid-19 recovery:

  Covid-19 recovery

  n/a
• Tackling economic inequality:

  Tackling economic inequality

  As an Environmental, Social and Governance tool and consultancy we support our clients in creating and implementing effective strategies that also incorporates tackling economic inequality.
• Equal opportunity:

  Equal opportunity

  As an Environmental, Social and Governance tool and consultancy we support our clients in creating and implementing effective strategies that also incorporates equal opportunity themes.
• Wellbeing:

  Wellbeing

  n/a

Pricing

• Price: £2,000 an instance a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at daniel.botterill@rio.ai. Tell them what format you need. It will help if you say what assistive technology you use.