datb limited

datb - AIMS Asset Information Management System

AIMS is a BIM-compliant, flexible and configurable asset information management system supporting asset and work management requirements of all kinds. Its configurability enables its use in support of all types of assets (for instance infrastructure, property, vehicle asset types) can all be defined with associated attributes, relationships and business processes.

Features

• BIM-compliant, flexible and configurable asset information management system
• Administrator-configurable asset classes, attributes and relationships
• Asset Register supports full history including retrospective point-in-time asset state
• Integration with CAD, GIS, financial, CRM, document control
• Work management functionality including offline mobile data entry
• SaaS deployment, including all infrastructure, database and platform management
• Multiple asset types (infrastructure, property, IT, vehicles...) including linear assets
• Configurable lifecycle stages enable full project lifecycle support
• Bespoke functionality can be implemented easily and cost-effectively
• Open data architecture allowing integration with corporate systems

Benefits

• Consolidate management of many asset types within a single system
• Record & manage risks, compliance, installation, inspection, commissioning, maintenance
• Visualise asset location / relationships / dependencies
• Define and manage standard work types per asset class
• Schedule, assign and record work undertaken
• Deliver work orders to mobile devices for offline completion
• Update asset data from completed job cards
• Define, undertake and record surveys for condition, fire safety etc.
• Grant secure, constrained access to third parties as required
• Quick, cloud-hosted proof-of-concept environment can be used to assess fit

£95,000 a licence a year

• Free trial available

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mark.bushman@datb.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

748134047731656

Contact

Mark Bushman
020 7923 9239
mark.bushman@datb.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: None
• System requirements: Browser for end-user and administrative access

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: One hour during business hours; additional out-of-hours cover by arrangement.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our standard support agreement covers faults in the application by telephone, email or online, plus assistance to administrative users in the configuration and operation of the application.; Additional levels of cover (out-of-hours, business support etc.) can be arranged by agreement.; Reported issues are assigned a priority that determines the target time to resolution: ; Priority 1 - One business day, ; Priority 2 - Three business days, ; Priority 3 - 10 business days, ; Priority 4 - Next scheduled release. ; Support costs are included in the platform licence cost.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Users may request access to a cloud-hosted proof-of-concept environment to assess suitability. Typically, configuration will start with the definition of asset classes for the asset types that will be recorded within AIMS, followed by the loading (via XML, CSV or templated Excel spreadsheets) of asset data.; datb can provide whatever assistance is required to allow users to evaluate AIMS and to configure and populate clients' AIMS instances on service commencement.; Training is provided to administrative users as a part of the initial configuration process. Documentation is available within the product as well as in the form of PDF documentation.; Training can be undertaken online or on site as required.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data is stored using conventional relational database structures in the database platform of the client's choosing (Oracle, SQL Server, MariaDb, MySQL). This can be accessed using conventional database tools from the DBMS provider or a third party. Alternatively, data can be accessed via web services defined within the application and described elsewhere in this document.
• End-of-contract process: No additional costs at the end of contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: AIMS provides adaptive and responsive behaviours enabling use on devices of all sizes without application changes. Application content can be made specific to mobile devices if specific use-cases require it. A separate capability enables the delivery of forms and associated data to mobile devices when connected, to allow completion of forms (surveys, work orders, fault reports etc.) when the device is offline. Entered data is synchronised with the main application when network connectivity is regained. This offline functionality is device independent, relying only on modern browser capabilities.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Asset information can be delivered to, or read from, AIMS using a set of XML-based web services delivered as a standard part of the application. Full validation is applied to data received by these web services, ensuring that data integrity is not compromised by third-party technical issues.; Asset class definitions can also be accessed via web services.; Access to web services requires a token generated by the application; separate tokens may be assigned to individual users, organisations or systems to control access and to audit data access / updates as required.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: AIMS is highly configurable. The Asset Data Dictionary (ADD) maintains asset class definitions, enabling administrative users to manage asset types, attributes, relationships and other characteristics. Asset-related data types such as risks, decisions, undertakings, surveys, condition reports, non-compliance report and any other required asset information are also administrator-configurable. Work types are associated with asset classes; these are defined by administrative users.; Access to administrative capabilities is controlled by the system administrator, who can manage the assignment of roles to users, and the assignment of capabilities to roles.

Scaling

• Independence of resources: Instances of AIMS are isolated within the chosen cloud environment and do not share resources with those of other clients.

Analytics

• Service usage metrics: Yes
• Metrics types: Application metrics include numbers of assets / attributes and the completion of mandatory information per asset class over time. ; User sessions are recorded within the platform. ; Resource usage (memory, sessions etc.) is logged periodically.; Service availability and status are subject to automated monitoring.
• Reporting types:
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Web services allow querying of data as XML or JSON. Exports can also be performed using tools provided by the database vendor or a third party. ; datb can implement other data export functionality (Excel, PDF, CSV or other) to meet clients' specific requirements.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • Excel
  • JSON
  • PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XML
  • JSON
  • Excel

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Different cloud infrastructure providers offer various levels of availability. Oracle Cloud Infrastructure (OCI), which is our standard choice if no alternative is preferred, offers 99.9% or greater availability for the components that we deploy (server, database, load balancer etc.)
• Approach to resilience: Depends on the selected cloud infrastructure provider. For Oracle Cloud Infrastructure (OCI), please refer to https://www.oracle.com/a/ocom/docs/caiq-oracle-cloud-applications.pdf
• Outage reporting: Datb performs automated monitoring of all AIMS instances on behalf of our clients. Clients will be informed via email / telephone in the event of a service outage or other notifiable event.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to specific functionality such as configuration changes can be restricted to whitelisted networks if required.; Access to the management interface is typically via SSO or user name and password, requiring additionally a second authentication factor (for instance a one-time code generated by Google Authenticator or similar, or emailed to the user). Access to the support portal is via user name and password.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Approachable Certification (UKAS 8320)
• ISO/IEC 27001 accreditation date: 15/03/2024
• What the ISO/IEC 27001 doesn’t cover: Nothing
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: The selected cloud infrastructure provider will have appropriate additional certifications.

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We hold ISO27001 certification and Cyber Essentials Plus. Our technical director holds overall responsibility for security policy. All staff are required to undertake a security self-assessment semi-annually; we conduct a semi-annual security questionnaire to ensure that staff are aware of correct processes. All security exceptions are logged within our internal management system and reviewed weekly at board level. We monitor threat reporting services to ensure that we are aware of emerging threats. End-user devices (desktops, laptops) are encrypted and centrally managed. Mobile devices with corporate access must be of defined types with biometric security, and are required to be kept up-to-date with security patches. Our activities are also controlled by our ISO 9001 certification.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All components of the service are subject to change management processes in compliance with ISO27001.; All changes are subject to a quality review; this includes an assessment of all code and configuration changes with specific reference to any security impacts that they may have.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We monitor a variety of threat notification resources weekly and assess these in terms of any threat that they may present.; We deploy patches regularly, or in response to a newly-identified security issue. ; We commission comprehensive penetration testing at least annually - this involves a skilled third party with full knowledge of, and access to, a configured application server in order to attempt to exploit any vulnerability present in our standard build.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We monitor cloud infrastructure logs, network activity logs and application event logs.; The application server monitors and records all external access attempts. Security exceptions (failed login attempts, CSP violations etc.) are recorded and reported to the management server, which is configured to alert administrative users of significant events / exceptions. If a potential compromise is suspected, our security exception process ensures that specific actions are taken to minimise impact, preserve evidence, ensure that appropriate people are informed and to prevent further compromise.
• Incident management type: Supplier-defined controls
• Incident management approach: Our internal management application requires staff to record an 'exception' in response to any out-of-the-ordinary incident. Depending on the exception type, a variety of processes may be appropriate, but will generally result in the recording of an 'intervention', this being used to record the steps required to mitigate the incident. Exceptions and interventions are reviewed weekly in order to determine changes to processes, training needs etc. to prevent recurrence.; Customers are notified of specific event types such as security exceptions.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Our staff have worked remotely since 2002, reducing the impact of transport emissions. We seek to minimise use of consumables in our work. ; datb recognises the importance of climate change issues and addresses these in the following ways:; The company does not produce a physical product requiring tangible resources; All staff work from home, largely eliminating the carbon footprint of commuting; Staff equipment is selected with regard to its energy efficiency, longevity and recyclability; All of our servers are cloud hosted, which has been shown to reduce energy use and the carbon footprint; Suppliers providing cloud hosting are vetted by datb to ensure that they hold ISO27001 certification, this will ensure that these suppliers have considered the impacts of climate change upon their services.; Most significantly, our technology facilitates the development of systems enabling collaborative working by geographically separated teams, reducing travel requirements and greatly reducing the need for paper documentation.

Pricing

• Price: £95,000 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We can provide a test instance of AIMS suitable for a trial exercise, allowing potential clients to investigate capabilities with no commitment.; This provides all functionality available within the full product. Timescales are subject to discussion with the potential client.

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mark.bushman@datb.com. Tell them what format you need. It will help if you say what assistive technology you use.