Invida Limited

INVIDA property and facilities management platform

The INVIDA platform is a configurable cloud-based solution that can be quickly deployed. Optional modules provide tools to support the delivery of space & asset surveys; life-cycle planning; statutory compliance, fire risk assessment, asbestos management; auditing; CAFM and works order/payment management; permit-to-work; and document management.

Features

• Digitised model of your physical buildings, spaces, systems and assets
• Space management tools to manage risk, utilisation and usage reporting
• Apps to survey and validate space and asset condition
• Fully featured customer service desk/ helpdesk solution including self-serve
• Task management applications supported by field service apps
• Monitoring of statutory compliance, asbestos register, and defect management
• Works authorisation and permitting solution with contractor attendance
• Document management solution with version control and publishing tools
• Risk-based lifecycle costing/budgeting applications
• Configurable business intelligence reporting and dashboard application

Benefits

• Fully integrated solution that reduces number of applications in use
• Reduce time/cost spent surveying physical assets
• Improve visibility of risk if/when sweating asset service life
• Improve planning of backlog maintenance, and CAPEX works
• Ensure supply chain partners provide complete, accurate and timely information
• Optimise maintenance spend to better reflect risk profile of estate
• Greater visibility of statutory compliance, fire risk assessments, asbestos management
• Unlimited user accounts without additional charges
• Free-issue user accounts and apps to supply-chain partners
• Fixed cost pricing model for set-up and ongoing access charges

£750.00 an instance a month

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at chris.butchart@invida.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

672055386523568

Contact

Chris Butchart
0333 335 0041
chris.butchart@invida.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements:
  • Standard web browsers including Microsoft Edge, Chrome and Safari
  • Apple iOS or Android mobile devices to access apps (optional)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We aim to respond to all questions to reported issues within 30 minutes.; ; Resolution times vary depending upon criticality, and range from 30 mins (Critical) to 8 hours (Minor Issues).
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide all clients with our standard level of support. Access to our support help desk during business hours Mon-Fri 9am-5pm is included within our standard monthly access charges.; ; Each client is assigned a technical account manager.; ; Additional onsite support and training can be made available, and associated costs are detailed in our pricing table.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: An account manager will be assigned to each client. We will always meet with clients and develop a detailed deployment plan that outlines how we will work with clients to import existing data, configure template libraries and provide onsite user training.; ; The INVIDA platform includes access to a knowledge base that includes tutorials, user guides and FAQ sections.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Tools within the platform allow data to be exported at any point in time to CSV or ODF formats. Additionally, clients can request a periodic export of all data be securely delivered to them in an agreed format.
• End-of-contract process: Within 30 days following the termination of the contract, we will:; a) ensure all customer materials/data are returned to the client;; b) irrevocably delete from the platform all customer confidential information; and; c) irrevocably delete from our other computer systems all customer confidential information, and return to the customer or dispose of as the customer may instruct all documents and materials containing customer confidential information.; There are no additional charges made upon termination of the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The INVIDA platform contains a number of apps that can be downloaded and installed on both Apple and Android devices.; ; The apps are not designed to replicate the full features contained within the platform that is accessed via a desktop browser. Instead the apps provide specific features, such as field-service task management, self-serve raising and tracking of service tickets, completion of audit and surveying activities or inspections.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: There is a service interface within INVIDA that allows users to raise support tickets and access a knowledge-base of articles and guidance notes.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Interfaces use simple and concise labels, with dictation options present in platform apps where data entry is required by users.
• API: Yes
• What users can and can't do using the API: The INVIDA platform includes Json/RESTful APIs which can be used by clients, or third parties to interact with INVIDA via other systems. These APIs support data exchanges such as:; 1. transfer of space data;; 2. transfer of asset data;; 3. generation of reactive works orders in finance applications;; 4. exchange the completion status of reactive works orders managed in remote task management applications.; ; In addition, we work closely with customers or other software providers to develop bespoke integrations where required. Standard charges for such development are provided in our Pricing Document.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: Each client has its own server instance and segregated database. Service is hosted on Amazon Elastic Compute Cloud, with performance monitored and additional processing and storage resources deployed in order to ensure users are not affected by the demand of other users within their organisation. No additional access charges are passed on to customers when additional computing resources are deployed in this way.

Analytics

• Service usage metrics: Yes
• Metrics types: All user activity is logged and usage metrics can be provided to nominated client representatives in the form of real-time dashboards or reports.
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Tools exist within the platform to export pre-determined data sets into CSV or ODF formats.
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Subscriptions include a service level agreement commitment that the platform is available 99.95% of the time during each calendar month.; In the event that the platform fails to meet the availability commitment then service credits are issued to the customer, such service credits to be deducted from future access charges.
• Approach to resilience: Available on request.
• Outage reporting: Email alerts are issued to agreed customer representatives (or optionally all users) when service outages of greater than 10 minutes are experienced.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: IAM provides user access control to AWS services, APIs and specific resources. Other controls include time, originating IP address, SSL use, and whether users authenticated via MFA devices.; ; API calls to launch/terminate instances, change firewalls, and perform other functions are signed by Invida's Amazon Secret Access Key. Amazon EC2 API calls cannot be made on Invida's behalf without access to customers’ Secret Access Key.; ; API calls can be encrypted with TLS/SSL for confidentiality and customers can use TLS/SSL-protected API endpoints.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We use AWS as our hosting provider as we have confidence in their approach to Cloud security and that our customers benefit from a data centre and network architecture built to meet the requirements of the most security-sensitive organisations.
• Information security policies and processes: Invida implements formal, documented policies and procedures that provide guidance for operations and information security within the organisation. Policies address purpose, scope, roles, responsibilities and management commitment.; ; Invida has established information security functions that are aligned with defined structure, reporting lines, and responsibilities. Leadership involvement provides clear direction and visible support for security initiatives.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Changes to the INVIDA platform follow secure software development practices, including security risk reviews prior to launch. Developer access to production environments is via explicit access system requests, subject to owner review and authorisation.; ; All production environment changes are reviewed, tested and approved. Stages include design, documentation, implementation (including rollback procedures), testing (non-production environment), peer to peer review (business impact/technical rigour/code), final approval by authorised party.; ; Emergency changes follow incident response procedures. Exceptions to change management processes are documented and escalated to AWS management.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Invida performs periodic scanning, penetration testing, file integrity monitoring and intrusion detection of our instances/ applications.; ; Our hosting provider AWS performs vulnerability scans on the host operating system, web applications, and databases in the AWS environment. This scanning includes 3rd party vendor external assessments (minimum frequency: quarterly).; Identified vulnerabilities are monitored and evaluated. Countermeasures are designed and implemented to neutralise known/newly identified vulnerabilities.; ; Our teams, and hosting provider, monitor newsfeeds/vendor sites for known issues and patches.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Invida relies on alerts generated by AWS cLog events.; ; AWS deploys (pan-environmental) monitoring devices to collect information on unauthorised intrusion attempts, usage abuse, and network/application bandwidth usage. Devices monitor:; ; • Port scanning attacks; • Usage (CPU, processes, disk utilisation, swap rates, software-error generated losses); • Application metrics; • Unauthorised connection attempts; ; Near real-time alerts flag incidents, based on AWS Service/Security Team- set thresholds.; ; Requests to AWS KMS are logged and visible via the account’s AWS CloudTrail Amazon S3 bucket. Logs provide request information, under which CMK, and identify the AWS resource protected through the CMK use.
• Incident management type: Supplier-defined controls
• Incident management approach: Invida adopts a three-phased approach to manage incidents:; ; 1. Activation and Notification Phase;; 2. Recovery Phase;; 3. Reconstitution Phase.; ; To ensure the effectiveness of the Invida Incident Management plan, we conduct incident response testing for the discovery of defects and failure modes as well as testing the systems for potential customer impact.; ; The Incident Response Test Plan is executed annually, in conjunction with the Incident Response plan. It includes multiple scenarios, potential vectors of attack, and varying reporting/detection avenues.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Tackling economic inequality:

  Tackling economic inequality

  Context: Invida are an approved G-Cloud 12 supplier, providing a SAAS offer to aid the management of Estates and Facilities to public sector bodies. Invida are therefore familiar with the Public Services (Social Value) Act 2012, the Public Contracts Regulations 2015, and Procurement policy Notes, in particular PPN 06/20 which seeks to maximise Social Value as part of public procurement.; ; Even as a small company Invida has a role to play in supporting the public sector maximising social value and this Statement describes how Invida will bring social value to contracts entered under the G-Cloud 13 framework.; ; Process: Invida have reviewed Annex A to PPN 06/20 and considering the size of Invida and nature of activities have decided to focus on a single theme, tackling economic inequality, ensuring we focus limited resource to achieve the most effective outcome.; ; Invida operate in the software technology sector where skills are in high demand and in limited supply. Growth of Invida via the addition of customers (both public and private) supports the recruitment of skilled staff to the company and it is in this area that we can create employment and training opportunities for people in a high growth sector with recognised skills shortages.; ; The main areas where employment could be encouraged is during the implementation phase of a SAAS deployment where Invida will provide internships to shadow / work alongside Invida personnel, potentially leading to permanent employment. ; ; Outcome: Provide a lasting outcome to a limited number of individuals in our local community and boosting skills in a strategic sector for the UK economy. Such skills would help support innovation for Invida, improving the SAAS offer to the benefit of contracting public sector organisations, but to the UK more generally in terms of the development and growth of Invida.

Pricing

• Price: £750.00 an instance a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Optionally, we can work with clients considering the adoption of the platform to implement a free trial instance of the application using our standard configuration and set-up limited to one or two buildings from the clients portfolio. Such trails usually have a duration of 3 months.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at chris.butchart@invida.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.