MRI Software Limited

MRI Evolution

Concept Evolution is a browser-based CAFM (Computer aided facilities management)/CMMS (Computerised maintenance management system) IWMS (Integrated workplace management system) software solution. Easy & cost-effective to deploy and maintain, it offers scalability from a single-property to an enterprise basis, and is used globally by many major service providers and direct organisations.

Features

• CAFM/IWMS solution for owners, occupiers, and service providers
• Browser based solution offering ease of deployment and scalability
• Extensive OOTB functionality incorporated in core system offering
• Comprehensive suite of additional modules in a single integrated solution
• COTS solution allowing end user configuration without programming
• Asset management, helpdesk, and planned maintenance including supplier/resource management
• Extensive management information through user defined reports and dashboards
• Mobility solution for end users, direct labour and supplier resources
• Building Information Modelling (BIM)
• Full sub-contractor management platform

Benefits

• Industry leading CAFM/IWMS solution from established UK company
• COTS functionally rich product suite providing maximum client benefit
• OOTB deployment reduces implementation and maximises ROI
• Single scalable integrated solution providing statutory and legislative compliance
• Extensive business intelligence enabling informed business decisions
• Configurable solution reducing paper handling and manual processes
• Manage facilities and asset information in a single consolidated fashion
• Ensure statutory and legislative compliance across the portfolio
• Improve information quality, consistency and improve efficiencies
• Secure UK based Cloud service with many existing clients

£150 a unit a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@mrisoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

718272186792788

Contact

Claire Brown
020 3861 7100
tenders@mrisoftware.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: All work for the purpose of maintenance or support as part of planned outages will take place outside business hours. The client will be provided with at least ten (10) working days prior notice of any planned outage unless otherwise agreed or in case of an emergency planned outage. FSI shall wherever possible ensure that there are no more than two (2) planned outages each calendar month. Normal business hours are 08:00 – 18:00 Monday to Friday. FSI carries out all planned outages between 23:00 and 02:00 on the second and last Friday of each month
• System requirements:
  • Current Web Broswer
  • Current Mobile Device
  • Current Operating system on any workstations

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times based on the severity of an issue. Standard response for low priority issues is 2 hours and business critical issues 15 minutes. For business critical issues, FSI recommends customers call the dedicated UK support line for a live call response. Standard customer support hours are 08:30 to 18:00 (GMT) Monday to Friday, excluding UK Bank holidays. Customers also have 24/7 access to our customer support portal for the logging and tracking of cases. In the unlikely case of a SaaS outage or a system down the customer will be able to contact our after-hours emergency team for assistance.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We include support within our annual fee. Support includes a named Account Manager and a Client Support Helpdesk. The Client Support Helpdesk also serves as the contact for all cloud support requests for trained users. Cases and incidents can be recorded and viewed in the client portal on a 24/7 basis. The Portal provides clients with information on support cases, regardless of whether a call is logged via a phone call or via the portal. Various information, documentation, forums and resources are also available on the portal.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Dor our professional services department, it is no longer just about installing software. We have long recognised this shift from the standard provision of an operations framework to the need for a fully-fledged range of complementary professional services, based on a thorough understanding of our customer’s requirements and expectations starting from the initial discovery phase through to the post-delivery review of the project as a whole.; ; With the implementation of any new software application within a customer, it is imperative for the users of the application to be in receipt of a rewarding and information rich training programme to enable them to fully utilise the system as intended. We recognise the value that our training delivers to our customers and the importance that they place upon it. Professional training and support is delivered by our own highly skilled instructors, empowering and providing confidence and skills to make our solution work for your business. All our Training consultants are actively involved in the on-going development of the solution and many have worked across both FM and IT industries. As such they understand the reasons for implementing our solution and the benefits it will bring.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
  • Other
• Other documentation formats:
  • Microsoft Word
  • Hard Copy
• End-of-contract data extraction: All data within the system can be exported into CSV, HTML, PDF and Excel formats. This can then be imported into other systems.
• End-of-contract process: Following termination of the contract (for whatever reason), buyer shall certify that it has returned or destroyed all copies of the applicable software and confidential information of supplier and acknowledges that its rights to use the same are relinquished. Buyer shall use its commercially reasonable efforts to remove all buyer data from any software or SaaS service prior to termination of the contract. Buyer may engage supplier to assist buyer in removing such buyer data at supplier''s then standard rates. If any buyer data remains in the software or SaaS service more than thirty (30) calendar days after the effective date of termination, supplier may, in its sole discretion and without notice, delete any and all buyer data.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: We have native applications delivering specific functionality to end users or technical resources. This includes but is not limited to call logging, desk or room booking, task management, asset verification, cleaning and portering services. The applications are not designed to mimic, or replicate the desktop service.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: There are four types of web services exposed for use with the product suite.; ; Basic: The basic services can be accessed over encrypted or unencrypted HTTP, using plain text authentication. They are meant to be used by consumers that cannot access the standard services.; ; Standard: The standard set of services can be reached from any client able to communicate in SOAP messages over SSL. The services use a WS-Enhancements HTTPS binding, following the standard versions of reliable sessions and security protocols as defined by OASIS.; ; Federated: these services use federated authentication.; ; Windows: these services use windows login.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: End users are enabled to “configure” rather than customise. Typically customisation includes product development. All changes can be made by the customer’s system administrator without the need for programming. The following are examples of where the configuration of the system can be modified:; - Adding / removing users; - Changing user access permissions; - Editing menu and field terminology; - Defining field rules such as mandatory, unique, etc.; - Configuring default screen layouts and sort orders; - Adding / editing reports; - Adding / editing workflows; - Adding / editing dashboard sla/kpi metrics

Scaling

• Independence of resources: Our SaaS utilises VMware to provide a high availability architecture using clustered hosting resources (vCPU, RAM, Storage). Continual monitoring and analysis ensures resources are available to support current and future growth of customer systems. Each customer has dedicated virtual images (Application and Database Server) with appropriate resource reservations (vCPU, RAM, Storage) according to user and business process needs.

Analytics

• Service usage metrics: Yes
• Metrics types: We can produce reports on different elements of the SaaS environment, to provide in-depth information on how your environment is performing.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data can be easily exported from any table grid contained within the user interface. The data is in CSV or Excel format by default. The workflow module can also be used to export data in XML format. System report output can also be exported in a variety of formats including Excel, PDF and HTML.
• Data export formats:
  • CSV
  • Other
• Other data export formats: XML
• Data import formats:
  • CSV
  • Other
• Other data import formats: XML

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We use commercially reasonable efforts to ensure availability twenty -four (24) hours a day, seven (7) days a week, except for: (a) planned downtime (of which we provide adequate notice and will schedule to the extent practicable during the weekend hours), or (b) any unavailability caused by circumstances beyond our reasonable control, including without limitation, Force Majeure events or internet service provider failures or delays. We host our solution in a UK-based Tier 3 data centre that is designed to deliver high availability.
• Approach to resilience: Available on request
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: The solution supports robust role based access, and manages access to information for each individual user down to field level. We provide all of our customer's system administration training covering the establishment of user roles/user account definition and management. This also includes specific guidance on how to restrict access to specific application functional areas and interfaces as part of the implementation process.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Lloyd's Register Quality Assurance Limited
• ISO/IEC 27001 accreditation date: 05/12/2018
• What the ISO/IEC 27001 doesn’t cover: The scope of the approval is applicable to Development, implementation, hosting, maintenance and support of Facilities Management (FM) software products and solutions. Provision of associated product training. Provision of Managed Service Infrastructure, Software Support and Maintenance. Statement of Applicability vn2 (ISO27001 only).
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Data centre Infrastructure and associated services are managed according to ISO 27001:2013 controls and processes. Solution security and processes are used to manage the application platform.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our SaaS service is managed according to ISO 27001:2013 including platform patching (e.g. non-production testing, sign off), risk assessment and corrective action tracking. The product suite is developed using a code vault , allowing code changes to be tracked at line level. Executables are built from the code vault and subjected to separate development and system test cycles within dedicated non-customer environments. Releases to customer environments are authorised by the customer via a release notice and sign-off test plan. External penetration testing is undertaken frequently and the product suite is undergoes penetration testing regularly.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerabilities to the datacenter are managed according to ISO 27001:2013 controls and processes which allows the risk to be tracked throughout its lifecycle (identification, assessment and treatment). Regular scheduled maintenance is undertaken to ensure that the technical platform is routinely patched to the latest available security guidelines/ patches. Essential maintenance may be undertaken at short notice subject to a risk assessment, to ensure that critical vulnerabilities are addressed in a timely fashion and outside of regular scheduled maintenance as and when required.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Protective monitoring and the associated responses are managed according to ISO 27001:2013 controls and processes utilising a mixture of automated features at device level (e.g. automated blocking) and manual interaction based on alerts (e.g. investigation prior to intervention).
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents are managed according to ISO 27001:2013 controls and processes that include a defined "Security data breached and Incident Response Plan" including reporting mechanisms for both Information Technology and physical security incidents, incident logging, communication to internal and external parties, escalation, reporting, implementation of preventative actions, and ongoing improvement.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Tackling economic inequality:

  Tackling economic inequality

  Whilst not a certified living wage employer, our employees are all contracted and salaried fairly, in line with the Living Wage standards. We do not employ anyone on zero hours contracts and have a strong commitment to regularly review salaries in line with our appraisal process. We have a number of apprentices in the business who we are supporting to complete degree level qualifications, who all receive above the apprentice minimum wage.
• Equal opportunity:

  Equal opportunity

  We work hard to ensure our employees have a voice. We have various committees in place within our business, for example a Diversity, Equity and Inclusion committee, An Events Group which helps us to understand how employees are feeling about working at MRI and helping us drive forward inclusive events. We have also very recently launched our first ERG – employee resource group for Women and Allies. As a business with over 250 employees in the UK we are required to produce a Gender Pay Gap report. We very much welcome this initiative and our latest report will be available via our website from 4th April 2022. This report shows the impact we have on reducing our Gender Pay Gap and also highlights the many initiatives we have underway to further reduce our gap.
• Wellbeing:

  Wellbeing

  Work hard, play hard. From the day we opened our doors we set out to build flexible, game-changing solutions to make people's lives better. We do this by providing our clients with solutions which can enable them to provide better places to live, work and do business. The only way to carry out that mission is to hire the best employees and keep them. We are dedicated to creating a working environment which supports and develops our staff. Some of the benefits that we offer are: Gym reimbursements Medical assistance, including mental health tools Flexible working opportunities, including hybrid working Employee engagement is key to MRI's success and we hold quarterly spirit weeks to both connect and enthuse our teams globally. These weeks are themed and where staff are encouraged to learn about different topics or take part in activities that they might not typically have time for. These include fitness sessions, cooking sessions, engagement with families for those working from home or targeting one big event where we can globally feel like we are one team with the same goal. We also carry our bi-annual employee engagement surveys to ensure employees can express their views. With our most recent survey we had an 89% completion rate and we are currently creating actions to help us improve as a business as a result of our employee feedback.

Pricing

• Price: £150 a unit a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@mrisoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.