Vatix Limited

EHSQ Platform

Vatix's EHSQ Platform empowers organisations to efficiently manage all aspects of Environment, Health, Safety, and Quality. It features modular components for risk assessments, audits, event reporting, and more, supporting comprehensive management workflows and compliance monitoring with detailed dashboards.

Features

• Modular System Design: Select only needed EHSQ components.
• Risk Assessment Tools: Streamline risk management processes.
• Audit and Inspection Scheduling: Organise and track audits efficiently.
• Event Reporting Capabilities: Report and log events promptly.
• Permit Management: Control and manage work permits.
• COSHH Assessments: Manage chemical safety effectively.
• Document Control: Centralise and secure document management.
• ESG & Training Management: Oversee ESG compliance and training.

Benefits

• Enhances Regulatory Compliance: Meets global health and safety standards.
• Reduces Risk Exposure: Identifies and mitigates potential risks.
• Improves Operational Efficiency: Streamlines EHSQ management processes.
• Encourages Accurate Reporting: Facilitates timely event documentation.
• Enhances Document Security: Protects sensitive information effectively.
• Supports Proactive Management: Prepares organisations for audits.
• Boosts Employee Safety: Increases workplace safety awareness.
• Adaptable to Needs: Flexible to suit various industry requirements.

£25,000 a licence a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@vatix.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

680779843511136

Contact

Sales
0203 991 5555
sales@vatix.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements:
  • Web Browser (Chrome, Firefox, Edge, Safari)
  • Android
  • IOS

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Monday to Friday during business hours. Email response time <24 hours, and calls <30 seconds.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AAA
• Web chat accessibility testing: Webchat is audited to the WCAG 2.1 guidelines.
• Onsite support: Yes, at extra cost
• Support levels: We offer customer success tiers that define the level of ongoing account management and technical support tailored to your needs. As standard, we provide email and phone support to handle all customer support-related queries. These tiers allow us to cater to different requirements, ensuring that every customer receives the appropriate level of service and support for their organisation.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: To help users start using our service effectively, we provide a comprehensive help centre that includes detailed user documentation and guides. For users seeking more personalised assistance, we offer additional support and training options which can be purchased according to our rate card or included as part of a customer success plan. These training services can be delivered online or on-site, depending on the specific needs and preferences of the user, ensuring a smooth onboarding process and optimal use of our service from the outset.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: At the end of the contract, users can extract their data using the front-end table views and bulk data export features available at any time. Additionally, we offer a data extract service for users who prefer a managed solution. This service is available at an additional cost, providing a convenient option for users to obtain their data securely and efficiently.
• End-of-contract process: At the end of the contract, we typically offer a renewal option 3-6 months prior to the expiry. If the customer chooses not to continue, they have the ability to extract all their data using system options that allow downloads to CSV format, as data ownership always remains with the customer. For those requiring a more comprehensive data retrieval, a full copy of the structured data can be provided at an additional cost. This ensures that all data management needs are met, whether continuing with our service or transitioning away.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Yes, our EHSQ platform is designed to function seamlessly on mobile devices. The mobile app is primarily designed for on-the-go access, allowing employees to report events, conduct inspections, and manage tasks directly from their devices. However, the full suite of administrative functions and in-depth analytics are exclusively available through the web portal. This ensures that comprehensive management and oversight capabilities are maintained within the desktop service, providing a more robust interface for detailed data analysis and system configuration.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Our EHSQ platform features a user-friendly web application that enables users to comprehensively manage and review all aspects of environment, health, safety, and quality within their organisation. Through the web interface, users can access detailed information on each module, including risk assessments, audits, events, and training management, complete with historical data and current status. This facilitates effective oversight and ensures all EHSQ elements are managed promptly and thoroughly. Additionally, users can access the help center directly through the web application, providing guidance and support for all service features.
• Accessibility standards: None or don’t know
• Description of accessibility: Software is accessible on the web (web application).; For users of assistive technology:; ; • There are no significant audio cues; • A vast majority of the interactive UI has text, which can be resized (browser permitting); • Use of blue, red, and amber colours across the whole application
• Accessibility testing: Currently, we've conducted no tests for users of assistive technology.
• API: Yes
• What users can and can't do using the API: API integrations with our platform are available, enabling users to set up and modify services efficiently. However, the extent of what can be done through the API, including setting up the service and making changes, must first be discussed with a Vatix Project Manager. This is because the implementation details and capabilities of the API can vary significantly depending on the specific use case and organisational requirements. This ensures that the API integration is tailored to meet the unique needs and constraints of each user effectively.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Yes, our EHSQ platform is highly customisable to meet specific user needs. Users can customise various aspects of the service, including forms for risk assessments and audits, configurations of dashboards, settings for event reporting, workflows for permit management, and parameters for training management, among others. These customisations can significantly enhance operational efficiency and are best discussed with our project team before initiation. Customisation is optional, and the platform is fully functional in its standard setup. However, opting for customisation may involve implementation fees, detailed in our rate card. This ensures users can tailor the service according to their specific requirements while being informed of any associated costs.

Scaling

• Independence of resources: Our service is hosted using a multi-tenancy architecture, which adheres to the best practices of cloud development. We are ISO 27001 accredited, ensuring rigorous security standards. Our dedicated technical team continuously monitors our infrastructure's performance to guarantee that user demand does not affect the stability or speed of the service for others.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide comprehensive usage metrics to the customer through in-application dashboards and reports, offering detailed insights into service utilisation and performance.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: We protect data at rest by implementing stringent security measures in compliance with ISO 27001 standards. This includes the use of encrypted storage solutions and robust access controls to ensure data remains secure and inaccessible to unauthorised parties. Our ISO 27001 accreditation underscores our commitment to upholding high security practices across all data handling processes.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Reports can de downloaded in CSV and PDF formats.; ; Also, data exports can be requested from our organisation in both .PDF or .CSV formats.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Vatix is committed to providing exceptional service, aiming for 100% connectivity and guaranteeing an availability of better than 99.9% for our solution. Historical data from the previous G-Cloud period shows that our hosted customers experienced an availability of better than 99.975%, excluding periods of scheduled maintenance. In the event that we do not meet these guaranteed levels of availability, service credits may be offered as defined in our service level agreements (SLAs). These SLAs outline the specifics of availability guarantees and the compensation mechanism through service credits, ensuring transparency and reliability for our users.
• Approach to resilience: Our service is designed for resilience, fully adhering to ISO 27001 standards and utilising AWS infrastructure across multiple availability zones. We incorporate best practices for redundancy and resilience at both infrastructure and application layers, ensuring robust fault tolerance and continuous availability.
• Outage reporting: Our service uses several methods to report any outages, ensuring timely and clear communication. We maintain a public dashboard that displays real-time service status and any outage information. In the unlikely event of a service outage, we proactively communicate with the technical contact of the customer via email to provide detailed updates and information on resolution progress. This approach ensures that our users are well-informed and can manage any service interruptions effectively.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: We restrict access to management interfaces and support channels through role-based access control (RBAC), ensuring only authorised personnel have access based on their job requirements. Authentication mechanisms, including multi-factor authentication, are employed to enhance security, with regular audits conducted to maintain compliance and integrity.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 27/04/2022
• What the ISO/IEC 27001 doesn’t cover: The services are within the scope of our ISO certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: CREST Certified Penetration Testing

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Our information security policies and processes are structured around our ISO 27001 accreditation, serving as the baseline for our Information Security Management System (ISMS). We have a dedicated information security team tasked with implementing and monitoring these policies throughout our organisation. To ensure compliance, we conduct regular training sessions and audits. Our approach includes continuous monitoring and improvement strategies to address evolving security threats effectively. Compliance with our security policies is mandatory for all staff, with clear accountability and escalation procedures in place to manage and rectify security issues promptly.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our configuration and change management processes are integral to our ISMS, structured around ISO 27001 standards. We meticulously track the lifecycle of service components using a centralised management system, ensuring all assets are continually accounted for and reviewed. Changes to our systems and configurations undergo a rigorous assessment process to evaluate potential security impacts. This includes a preliminary risk assessment followed by testing in a controlled environment before deployment. Stakeholder reviews and approvals are mandatory for each change, with detailed documentation maintained for audit and compliance purposes, ensuring security integrity throughout the process.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our vulnerability management process aligns with ISO 27001 standards, involving regular assessments of potential threats, including annual penetration testing by an external CREST-certified consultancy. We rapidly deploy patches, sourcing threat intelligence from reputable security channels, to maintain robust defenses against emerging security challenges.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We employ industry-leading monitoring tools to identify potential compromises in our infrastructure and applications. Upon detection, our incident response team evaluates and responds swiftly, often within hours, to mitigate impacts. This proactive approach ensures rapid resolution and minimises disruption to services.
• Incident management type: Supplier-defined controls
• Incident management approach: Our organisation's incident management processes are structured around a comprehensive incident response plan led by our Head of Engineering. This ensures effective management and swift resolution of incidents. The plan and our incident management processes are audited annually as part of our ISO27001 certification, affirming our commitment to high standards of operational security and continuous improvement.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Our commitment to fighting climate change is evidenced by our proactive environmental management policies. We operate a comprehensive recycling program ensuring that all hardware supplied is recycled at end-of-life, significantly reducing environmental impacts. Additionally, we actively manage the environmental footprint of our supply chain to support sustainable practices.

  Covid-19 recovery

  Our services are pivotal in supporting the UK's growing number of home and hybrid workers, particularly during the COVID-19 recovery phase. By providing best-in-class technology and support, we ensure that workers can operate safely and efficiently from various locations, enhancing emergency response capabilities for lone workers.

  Tackling economic inequality

  We are dedicated to tackling economic inequality by providing apprenticeship programs aimed at young individuals aspiring to careers in technology. These programs offer extensive training, support, and mentorship, enabling participants to gain valuable skills and opportunities for career advancement in high-growth sectors.

  Equal opportunity

  Our company is committed to fostering a diverse and inclusive workforce. We actively employ and support individuals with disabilities and other challenges, ensuring that all employees have equal opportunities to succeed and contribute to our success.

  Wellbeing

  Our comprehensive wellbeing program underscores our commitment to employee health and satisfaction. This includes offering health insurance and creating a highly ergonomic work environment. We ensure that all employees have access to the best ergonomic equipment, promoting comfort and wellbeing in the workplace.

Pricing

• Price: £25,000 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@vatix.com. Tell them what format you need. It will help if you say what assistive technology you use.