MRI Software Limited

MRI On Location

The safety and security of your people, your assets, and your IP starts with knowing who is on-site. Our mission Is to provide easy to use tools that simplify how organizations manage workplaces and enable them to account for and verify the safety of people in their duty of care.

Features

• Visitor Management
• Contractor Management
• Employee Presence Management
• Evacuation Management
• Desk Booking
• Employee scheduling
• People presence reporting
• Inductions and access permissions management

Benefits

• Improve reception and lobby team productivity.
• Deliver amazing visitor experiences, enhancing your brand and reputation.
• Strengthen facilities and workplace security.
• Reduces risks: Provides real-time monitoring and alerts of breaches
• Strengthen systems and practises around managing employee safety.
• Governance, risk, and regulatory compliance alignment for H&S in workplaces.
• Reduce overhead and improve productivity related to the management
• Leverage occupancy data to optimise performance of building management systems.
• Optimize workspace occupancy and space utilization through visibility and reporting.
• Verify the safety of people in your duty of care.

£429 an instance a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@mrisoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

739512165067156

Contact

Claire Brown
020 3861 7100
tenders@mrisoftware.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Whilst we intend that the Service should be available 24 hours a day, seven days a week, it is possible that on occasions the Service or Site may be unavailable to permit maintenance or other development activity to take place.; ; We have achieved 99.9% availability each year since the Service was first activated in 2012. For clarification 99.9% up-time equals 8 hours, 45 minutes, and 57 seconds of downtime per year. Availability in the last 12 months has been 99.99%.
• System requirements: Modern Web Browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: MRI’s Global Client Support group will make every reasonable effort to ensure that submitted cases are assigned the proper level of Severity. Submitted cases will be responded to in the order in which they are received, with consideration given for higher Severity levels. Response; Time is the time it takes before a Global Client Support agent makes initial contact with the individual who submitted case.; Standard Service: ; Normal Priority - 6 Hours,; Serious Priority - 3 hours,; Critical Priority - Live Call Only
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We include support within our annual fee. Support includes a named Account Manager and a Client Support Helpdesk. The Client Support Helpdesk also serves as the contact for all cloud support requests for trained users
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: MRI On Location is very intuitive and designed to follow website conventions so end user training is not usually required other than providing general 'getting started' information. We will provide guidance on the content of these as part of your onboarding. We can deliver training if required and this can be scoped and quoted to meet your requirements. We will provide up to four content management training sessions which are typically delivered online as they do not take long as the system is not complex to use. We provide extensive guidance online via our website; https://helpdesk.whosonlocation.com/hc/en-us/articles/222043587-Get-started-with-MRI-OnLocation
• Service documentation: No
• End-of-contract data extraction: At the end of the service, we can extract any data required and issue it to the client using an agreed secure method.
• End-of-contract process: At the end of the service, we can extract any data required and issue it to the client using an agreed secure method. The solution will then be decomissioned.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: We design our solutions as 'mobile first' so the services offered are the same on mobile or desktop. The mobile application is specifically to provide user with a simple solution to use remotely, while on site or in the office. Bringing flexibility to how they can check-in, receive important notifications or alerts while on the go.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: The OnLocation API is built using REST conventions, with the standard HTTP methods (GET, POST, PUT, DELETE). The API supports JSON or XML data and is chosen via the Accept and Content-Type headers.; ; You can build integrations that utilize the following data:; ; Managing employee and contractor profiles; Viewing how employees and guests respond to custom questions; Creating and updating induction courses; Managing certification records and attached documents; Creating pre-registered visitor events; Managing the location list; Viewing the notifications sent across your organization
• API documentation: Yes
• API documentation formats:
  • ODF
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: The solution can be configured to use the banner and welcome screen on your kiosk to communicate policies to everyone on-site, or by personalising questions to each location.

Scaling

• Independence of resources: Our solutions are designed to minimise the load on the system for any process or interaction and incorporate load balancing to evenly distribute traffic. We host on an easily scalable AWS platform which is monitored 24x7x365 enabling us to manage capacity seamlessly in the background and our proactive monitoring ensures that we can respond to peaks in demand.

Analytics

• Service usage metrics: Yes
• Metrics types: A dashboard provides an easy-to-read, real-time summary of information displaying key people presence data at a given location. If you need to know how many people are on-site, if they are visitors, employees, or contractors; a dashboard is a great way to display people presence metrics and data.; ; You can set up as many dashboards as you'd like but you can only display one location at a time. The dashboard will display the people presence information for a specific location for a set period, then it will display the information for each chosen location before starting the cycle again.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Minimal end user data is stored in the system and all may be removed using copy and paste from their user device from within the portal with minimal effort.
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We use commercially reasonable efforts to ensure availability twenty -four (24) hours a day, seven (7) days a week, except for: (a) planned downtime (of which we provide adequate notice and will schedule to the extent practicable during the weekend hours), or (b) any unavailability caused by circumstances beyond our reasonable control, including without limitation, Force Majeure events or internet service provider failures or delays. We host our solution in a AWS data centre that is designed to deliver high availability.
• Approach to resilience: Available on request
• Outage reporting: All users are advised of upcoming service outages and new feature releases in their OnLocation message inbox. ; ; You can also subscribe to receive these messages by email. This could be useful if you log in intermittently and you don't want to miss any time-critical announcements.; ; You can choose to enable any of the following emails:; ; Service and maintenance outages; New feature releases; Quarterly newsletter

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Access to our systems and data is controlled through a formal process beginning with a formal notification from management. Each user is provided with a unique user ID for systems so that users can be linked to and made responsible for their actions. Access to is given through the provision of a unique account and complex password. The job function of the user decides the level of access the employee has to data. Vendor default accounts and passwords for our the systems are changed at the time of provisioning and unnecessary services and user/system accounts are disabled.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 14/12/2019
• What the ISO/IEC 27001 doesn’t cover: The certification covers all of the services associated with the delivery of MRI On Location.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: All staff are issued with our security policy when they join and confirm that they understand and will adhere to this. Our security policy is supported by processes and procedures such as our data breach reporting, new starters and leavers procedures. Our software development process incorporate privacy by design with security at the heart of everything that we do. All staff are trained on our security processes when they join and have regular refresher training. Our policies and processes are regularly reviewed by our operations managers and the outputs of these reviews are, in turn, reviewed with senior management. The focus of these reviews are the performance and ongoing applicability of our security management system.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Our planning processes ensure that all configuration changes are properly scoped and planned before implementation. Our design and development processes incorporate Privacy by Design and all changes are reviewed and approved prior to implementation. Our implementations are tracked and managed through our core line of business systems, including development tickets, code changes and deployments enabling us to control and manage work day to day and to support root cause analysis should issues arise.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our systems are monitored and managed 24x7x365 enabling us to quickly respond to threats. Part of this management includes a review of potential threats, as advised by trusted security partners and resources. The built in patch management function of our monitoring platform deploys patches and updates in a controlled manner than standard tools such as Windows Update or WSUS. Typically, we review and release all critical and security updates on a monthly basis as they are released but in some instances release an update or patch outside of this cycle if there is a need to mitigate an immediate risk.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Potential compromises are identified through the monitoring of alerts automatically triggered with our NOC via systems monitoring tools or from tickets raised by individuals. All such threats are handled as potentially high impact so receive a prompt response. Our first response is to contain the threat, followed by more detailed root cause analyse and implementation of a permanent fix.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our incident management processes are designed to align with ITIL recommended best practices. Due to the design of our product, no particular events are common but we do have pre-defined processes for incidents such as a site outage or compatibility issues with specific browsers. Users may report incidents via email, telephone or an online form may be delivered, if requested, within the portal. Incident reports are available on request for any incident and are provided by email.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Tackling economic inequality:

  Tackling economic inequality

  Whilst not a certified living wage employer, our employees are all contracted and salaried fairly, in line with the Living Wage standards. We do not employ anyone on zero hours contracts and have a strong commitment to regularly review salaries in line with our appraisal process. We have a number of apprentices in the business who we are supporting to complete degree level qualifications, who all receive above the apprentice minimum wage.
• Equal opportunity:

  Equal opportunity

  We work hard to ensure our employees have a voice. We have various committees in place within our business, for example a Diversity, Equity and Inclusion committee, An Events Group which helps us to understand how employees are feeling about working at MRI and helping us drive forward inclusive events. We have also very recently launched our first ERG – employee resource group for Women and Allies. As a business with over 250 employees in the UK we are required to produce a Gender Pay Gap report. We very much welcome this initiative and our latest report will be available via our website from 4th April 2022. This report shows the impact we have on reducing our Gender Pay Gap and also highlights the many initiatives we have underway to further reduce our gap.
• Wellbeing:

  Wellbeing

  Work hard, play hard. From the day we opened our doors we set out to build flexible, game-changing solutions to make people's lives better. We do this by providing our clients with solutions which can enable them to provide better places to live, work and do business. The only way to carry out that mission is to hire the best employees and keep them. We are dedicated to creating a working environment which supports and develops our staff. Some of the benefits that we offer are: Gym reimbursements Medical assistance, including mental health tools Flexible working opportunities, including hybrid working Employee engagement is key to MRI's success and we hold quarterly spirit weeks to both connect and enthuse our teams globally. These weeks are themed and where staff are encouraged to learn about different topics or take part in activities that they might not typically have time for. These include fitness sessions, cooking sessions, engagement with families for those working from home or targeting one big event where we can globally feel like we are one team with the same goal. We also carry our bi-annual employee engagement surveys to ensure employees can express their views. With our most recent survey we had an 89% completion rate and we are currently creating actions to help us improve as a business as a result of our employee feedback.

Pricing

• Price: £429 an instance a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Start your free 30-day trial; Touchless sign in/out & contact tracing; Employee, visitor, contractor, and evacuation management; Employee and contractor mobile app; Fully customizable screening questions; No credit card required. Full feature access.
• Link to free trial: https://www.mrisoftware.com/products/onlocation/free-trial/

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@mrisoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.