Bentley Systems (UK) Limited

SYNCHRO Perform

SYNCHRO Perform is the leading field-based construction delivery platform, connecting project leaders with real-time insights and providing unparalleled visibility of project performance.

Features

• Data capture of construction actions
• Real-time reporting and analytics of project performance (SPI, CPI, etc).

Benefits

• Aggregate project performance information
• Generating accurate and current reports on project performance

£29,790 an instance a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@bentley.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

646015453802737

Contact

Andy Bowles
+44 7919 892183
gcloud@bentley.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements: All requirements covered with the offered service

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: SLA is within 24 hours on business days. Weekends not included.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support sent to 1 repository, support escalated through tiers.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Preliminary configuration comes with live (in-person or online) professional services. On-going training can be accessed through free online resources or additional paid professional services training.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • Other
• Other documentation formats:
  • PDF
  • Online videos
  • In-app guides
• End-of-contract data extraction: Documents can be downloaded in the same format, data can be extracted to PDF or CSV at no additional cost.
• End-of-contract process: Documents can be downloaded in the same format, data can be extracted to PDF and CSV at no additional cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Pages and menus are made more easily readable for smaller screens. Not all capabilities available on web are available on mobile for optimum user experience.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Authorized users can access data from the system for reporting, as well as update information and create new data points.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: Systems are logically separated in a virtual cloud environment. All systems are monitored in real-time for performance and availability.

Analytics

• Service usage metrics: Yes
• Metrics types: Usage via Bentley licensing server can be self-reported. In addition, hosted systems will provide a quarterly feature usage report. Feature usage reports include up to 60 features based on usage of those features. A real-time dashboard for usage is provided while feature usage reports are emailed quarterly.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Other
• Other data at rest protection approach: Encryption via AES-258
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Dedicated functions
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XLSX
  • PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats: XLSX

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: HTTPS
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Logging of service, user, file integrity monitoring, and network intrusion detection are logged and correlated to detect suspicious network behaviour. Bentley and Azure provide tools to protect against data leaks. IT tools such as CrowdStrike are used to detect suspicious activity and protect against data leaks.

Availability and resilience

• Guaranteed availability: No formal SLA, but the service has an availability target of 99.9%
• Approach to resilience: All services are deployed in a fully redundant configuration within fully redundant data centres meaning that any failure of equipment, service provider or software service will result in zero, or minimal, impact on the overall service.
• Outage reporting: Planned and unplanned outage notification emails are sent to registered users for affected systems.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Other
• Other user authentication: Bentley’s IMS authenticates through the users Identity Provider. If MFA is enabled by the user then by default it is utilized in the authentication process. Bentley currently supports federated identity via the OIDC, SAML2 protocol, so MFA is supported via your identity provider.
• Access restrictions in management interfaces and support channels: Bentley follows a role-based access (RBAC) process to approve and review all access to infrastructure and data. Bentley has controls in place to restrict access, provide separation of duties, enforce role-based access and has a least privilege access principle. Segregation of duties is split by tasks upon the individual responsible group.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Description of management access authentication: Bentley follows a role-based access (RBAC) process to approve and review all access to infrastructure and data. Bentley has controls in place to restrict access, provide separation of duties, enforce role-based access and has a least privilege access principle. Segregation of duties is split by tasks upon the individual responsible group. In order for any Bentley administrator to access a system using this account, they must be on a Bentley network. Non-Bentley network access (via RDP) has Two Factor Authentication in place.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Bentley's Data Security Architecture is designed using industry standards and best practices such as NIST. Various products and services are operated under ISO 27001, SOC, CSA Star, G Cloud, and others.
• Information security policies and processes: Information Security policies are designed utilising ISO 27001, SSAE16, ITIL and CSA frameworks. Several SaaS offerings are ISO 27001 certified and others are SOC2 certified. All Bentley colleagues are required to review and acknowledge Bentley's Information Security Policy upon hire and thereafter annually. The policies themselves are emailed out at least annually and reside permanently on Bentley's intranet site for quick retrieval.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Configuration and Change Management follow the ITIL framework and policies and procedures are documented with various security standards. All SaaS offerings go through a cloud approval process and are scanned for vulnerabilities prior to production.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerability management is conducted through various technologies internal and external to the Bentley network. Threats are identified using industry standard listings and patches/updates are applied at least monthly, or as needed, based on criticality.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: IDS/IPS is active on the network perimeter and on selected systems under the scope for SOC2 certifications. Bentley has an Incident Management Service Plan that includes cybersecurity events.; Bentley can quarantine any system on demand and will do so based on its incident response process. In the event of an incident, Bentley's incident response plan is compliant with GDPR requirements. Information security events will be assessed and a decision will be made if the event should be considered a security incident. Reporting requirements shall align with the corporate Incident Response Plan.
• Incident management type: Supplier-defined controls
• Incident management approach: The Incident Management process covers all aspects of a potential incident from start to finish with defined procedures and colleague involvement. Common events are handled depending on severity, users have multiple methods of reporting and reports are provided as part of the incident management procedure.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Bentley’s mission is to leverage our leading software and services to drive impact through the world’s infrastructure – advancing both the global economy and the environment for improved quality of life. As part of our Environmental, Social, & Governance (“ESG”) strategy, we are committed to managing our business in a way that enhances the environmental impacts of our products and mitigates environmental risks from our operations. Our Environmental Policy details our commitments to Environmental Responsibility and the ways in which we expect our colleagues to act to drive progress on our ESG strategy. Bentley expects all colleagues, visitors, vendors, and suppliers to follow the below practices in order to drive progress on Bentley’s ESG strategy. Bentley's Environmental Policy is here: https://prod-bentleycdn.azureedge.net/-/media/files/documents/miscellaneous/environmental_policy.pdf?la=en&modified=20211021075240
• Covid-19 recovery:

  Covid-19 recovery

  When the world locked down to combat the COVID-19 virus, we took immediate action to ensure our colleagues had the equipment and resources they needed to work from home, which also enabled success for our users. Our global task force provided continuous communication, education, and support services to our colleagues. Their wellbeing fuelled our response plan, and we created learning resources to support them throughout the pandemic. These resources included guides and practices for managers to lead virtually with empathy, tips for maintaining team collaboration, and resources and support for colleagues to maintain a healthy work-life balance.
• Tackling economic inequality:

  Tackling economic inequality

  As a global company with colleagues of different cultures, backgrounds, and perspectives based in more than 40 countries worldwide, our diversity is what makes us successful. We have developed strategies and programs focused on increasing diversity and equity, as well as fostering a culture of inclusion and wellbeing in the workplace. These initiatives include building a pipeline of diverse candidates by recruiting at and partnering with Historically Black Colleges and Universities. ; We also partner with educational and professional organizations to provide internships, scholarships, grants, and projects that support groups underrepresented in technology. ; Bentley has active and engaged colleague resource groups within the Inclusion, Diversity, and Equity Alliance (IDEA) that have allowed colleagues, during this pandemic, to join their peers from all regions and departments with the goals of building community and fostering diversity and inclusion. IDEA currently has four focus groups open to all global colleagues: OpenPride, OpenAbilities, People of Colour in the U.S., and Women at Bentley. IDEA has been a platform for education and a place to securely have difficult discussions about racism, discrimination, and bias through book clubs, panel discussion, speakers, and global awareness events. Members of executive management are key sponsors of each focus group and have been instrumental as sounding boards and in providing access to resources and the executive team.; We have implemented robust training with topics focused on respect in the workplace, identifying and overcoming bias, and anti-discrimination. We have held interactive sessions with our executives, emerging leaders, and talent acquisition in fostering diversity, equity, and inclusion and eliminating unconscious bias, and have implemented training for hiring managers to ensure fairness in the interview process.; You can find additional information, including our commitment to anti-slavery on our ESG website: https://www.bentley.com/en/esg/data-center
• Equal opportunity:

  Equal opportunity

  Bentley is an equal opportunity employer and considers all qualified applicants for employment without regard to race, colour, sex, sexual orientation, gender identity, disability, protected veteran status, religion, national origin, age, or any other protected characteristic. This commitment extends to all aspects of employment, including, but not limited to, hiring, placement, promotion, compensation, and training. EEO is the Law and EEO is the Law Supplement documents provide additional information about your rights as an applicant under the law.
• Wellbeing:

  Wellbeing

  As a company, it is our goal to ensure our colleagues know they are supported and valued as the first order of business.; Therefore, our Talent Management strategy puts colleagues at the centre of the workplace at Bentley. We focus on enriching colleague experience and creating memorable, meaningful, and purposeful connections. We invest in developing an impactful experience that reflects the company’s mission and values. We build practices and programs that deliver on engagement, recognition, communication, and development while rewarding colleagues through our robust total rewards package.

Pricing

• Price: £29,790 an instance a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@bentley.com. Tell them what format you need. It will help if you say what assistive technology you use.