MRI Software Limited

MRI ProLease

MRI ProLease is a true SaaS solution designed to help organisations manage their real estate and equipment leases while staying compliant with the latest IFRS 16 regulations.
Assists with lease management, lease accounting, maintenance and space management requirements.
2 Factor (2FA) or Multi-factor authentication (MFA) is supported.

Features

• Property Management, Lease Management, Lease Accounting, Document management,
• IFRS 16 Lease Accounting Compliance for property & equipment leases
• Audited to SOC 1 Type 2
• Portfolio Mapping through Google maps integration
• Facilities management (CAFM, CMMS)
• Fully integrated leasing, property and facilities management functionality
• Configurable Dashboard and Reporting
• Asset level accounting
• Space Management, Workplace Management (IWMS)
• Service Charge Management

Benefits

• User Friendly Intuitive straightforward screens, data entry, maintenance and reporting
• Manage and never miss key dates
• See results and returns quickly with our fast implementation methodology
• Cost effective solution based on requirements and size
• Streamline business processes
• Greater transparency and auditability
• Evidence based decision making drill down into data
• Improve occupancy utilisation
• Reduced costs identify overspend and erroneous or duplicate charges
• Safety First mitigate risks with in-depth facilities management features

£8,000 to £34,000 a licence a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@mrisoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

751806718716313

Contact

Claire Brown
020 3861 7100
tenders@mrisoftware.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Planned maintenance is typically scheduled outside of regular business hours.
• System requirements:
  • Microsoft Internet Explorer 8 or higher
  • Apple Safari (Mac or iPad)
  • Google Chrome (Mac or PC)
  • ProLease App on Google Play Store (Android)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: MRI’s Global Client Support group will make every reasonable effort to ensure that submitted cases are assigned the proper level of Severity. Submitted cases will be responded to in the order in which they are received, with consideration given for higher Severity levels. Response Time is the time it takes before a Global Client Support agent makes initial contact with the individual who submitted case. Bundled Service (Normal Priority 6 Hours, Serious Priority 3 hours, Critical Priority Live Call Only) Concierge Standard (Normal Priority 4 Hours, Serious Priority 2 hours, Critical Priority Live Call Only)
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We include support within our annual fee. Support includes a named Account Manager and a Client Support Helpdesk. The Client Support Helpdesk also serves as the contact for all cloud support requests for trained users. Cases and incidents can be recorded and viewed in the myMRI portal on a 24/7 basis. The myMRI Portal provides clients with information on support cases, regardless of whether a call is logged via a phone call or via the portal. Various information, documentation, forums and resources are also available on the portal.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our training program is designed to help you achieve the maximum return on investment. Our in-house team of professional trainers have extensive knowledge of our solutions. During the implementation phase we will train your core project team to have a strong understanding of the system. Your project team will learn how data is structured in ProLease, the available configuration options within the standard product and how the specific processes operate. This process involves reviewing your business processes as they are mapped to system functionality. It is your decision whether we deliver end user training or if you would prefer to adopt the ‘Train the Trainer’ approach. The implementation process will provide your core project team with a strong foundation to train co-workers. Our end user training services are delivered by our in-house team and tailored to suit your needs. We offer both classroom and webinar training. After commencement of live use of ProLease you will have access to our client portal for user guides, video clips, forums and helpdesk support.
• Service documentation: No
• End-of-contract data extraction: Clients have full access to data and can export using reporting tools. Alternatively, we can provide a SQL Server backup file and a copy of all uploaded documents.
• End-of-contract process: Following termination of the contract (for whatever reason), buyer shall certify that it has returned or destroyed all copies of the applicable software and confidential information of supplier and acknowledges that its rights to use the same are relinquished. Buyer shall use its commercially reasonable efforts to remove all buyer data from any software or SaaS service prior to termination of the contract. Buyer may engage supplier to assist buyer in removing such buyer data at supplier''s then standard rates. If any buyer data remains in the software or SaaS service more than thirty (30) calendar days after the effective date of termination, supplier may, in its sole discretion and without notice, delete any and all buyer data.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems: Android
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There is an android app available to access the full system via your mobile. A lightweight interface is available allowing access to key functionality on a tablet (e.g. iPad). Full system functionality is available via a supported browser on a desktop/laptop/tablet device.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: Systems Administrators can configure various parts of the software using the system, site and employee level parameters. Access to data can be restricted according to an individual's access rights via role and branch security

Scaling

• Independence of resources: Continuous monitoring and optimization, predictable usage.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data can be exported in multiple ways including Excel, csv and xml.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We use commercially reasonable efforts to ensure availability twenty -four (24) hours a day, seven (7) days a week, except for: (a) planned downtime (of which we provide adequate notice and will schedule to the extent practicable during the weekend hours), or (b) any unavailability caused by circumstances beyond our reasonable control, including without limitation, Force Majeure events or internet service provider failures or delays. We host our solution in a UK-based Tier 3 data centre that is designed to deliver high availability.
• Approach to resilience: Available on request.
• Outage reporting: Webpage and notification subscriptions for email and text.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Each client is assigned one or more Administrator users who can add/modify/delete user logins, set access rights and create Security Groups. Standard access levels include: Administrator, Edit, Read/Report Only and Report Only. Custom Security Groups can be created with definable access rights. Within the ProLease application, each user has profile. The user profile includes a username, password, contact information and access rights. Administrators can set defaults from a series of strict Password controls such as eight-character minimum and at least one letter and one number. The password must be changed by the user after first receiving. ProLease employs password hashing
• Access restriction testing frequency: At least once a year
• Management access authentication: Dedicated link (for example VPN)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Data centre infrastructure and associated services are managed according to ISO 27001:2013 controls and processes. The application is audited to SOC 1 Type 2.
• Information security policies and processes: Data centre infrastructure and associated services are managed according to ISO 27001:2013 controls and processes. Security and processes are used to manage the Application Platform, we follow ISO27001 principles, and the requirements of SOC 1 Type 2 auditing.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Secure Software Development Lifecycle
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Critical and Important updates are applied automatically upon release. Other updates are checked for relevance to software/operating system installation and are installed as part of the scheduled maintenance where relevant.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Analysis of logs, instant alerting systems to identify changes from normal use, response as appropriate within commercially reasonable standards.
• Incident management type: Supplier-defined controls
• Incident management approach: MRI has a robust Incident Management program. ; The incident response plan outlines team member roles, such as Incident Commander, Subject Matter Experts, Scribes for documentation and creating timelines, Liaisons with stakeholders, and roles for potential external consultants.; ; Incidents are managed by the support desk from investigation to resolution. Clients receive an e-mail alert for notification and a follow up report for resolutions.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  MRI is committed to managing environmental risks that are material to our business and to reducing our carbon footprint by enhancing the energy efficiency of our operations and reducing the amount of waste that our company produces. We do this by utilising some of our own solutions with sensors in our own offices to assess our space utilization, energy usage and setting a reduction plan. As well as improving our own position, we also look at ways to help our clients work towards using services that have less impact on our planet’s scarce resources. A good example is HomeSwapper, our national mutual exchange solution. HomeSwapper enables tenants to swap homes either locally or anywhere across the United Kingdom with another social housing tenant, often to reduce their commute to work or schools which has a direct impact on carbon emisisons in the region.

  Covid-19 recovery

  We have fully embraced hybrid working and have recently formalised our flexible working model and different types of flexibility offered to all employees. We believe flexible working benefits our employees and the business. Our solutions available on this framework are all available remotely allowing our clients employees, users and contractors as applicable to work from any location in accordance with your approved working practices to allow flexibility

  Tackling economic inequality

  Our employees are all contracted and salaried fairly, in line with the Living Wage standards. All of our employees are paid at least the minimum rates as stated under the current Living Wage. We do not employ anyone on zero hours contracts and have a strong commitment to regularly review salaries in line with our appraisal process. We have a number of apprentices in the business who we are supporting to complete degree level qualifications, who all receive above the apprentice minimum wage. We also offer a comprehensive benefits package for all our staff, which includes health and wellbeing support and access to private health care.

  Equal opportunity

  We work hard to ensure our employees have a voice. Our business has various committees in place, such as a Diversity, Equity and Inclusion Committee and Employee Resource Groups, such as Women & Allies and LGBTQIA+, which help us understand how employees feel about working at MRI and help us drive forward inclusive events. We have also very recently launched our first ERG – employee resource group for Women and Allies. As a business with over 250 employees in the UK we are required to produce a Gender Pay Gap report. We very much welcome this initiative and our reports are available publically on our website. This report shows the impact we have on reducing our Gender Pay Gap and also highlights the many initiatives we have underway to further reduce our gap. This includes the development of our Flexible Working and Inclusive Policies initiatives, educating our People, People Managers and Business Leaders and working with external partners to attract a diverse staffbase.

  Wellbeing

  Work hard, play hard. From the day we opened our doors, we set out to build flexible, game-changing solutions that would make people's lives better. We do this by providing our clients with solutions that enable them to provide better places to live, work, and do business. The only way to carry out that mission is to hire the best employees and keep them. We are dedicated to creating a working environment which supports and develops our staff. Some of the benefits that we offer are: Gym reimbursements, Medical assistance, including mental health tools, Flexible working opportunities, including hybrid working Employee engagement is key to MRI's success and we hold quarterly spirit weeks to both connect and enthuse our teams globally. These weeks are themed and where staff are encouraged to learn about different topics or take part in activities that they might not typically have time for. These include fitness sessions, cooking sessions, engagement with families for those working from home or targeting one big event where we can globally feel like we are one team with the same goal. We also carry out bi-annual employee engagement surveys to ensure employees can express their views.

Pricing

• Price: £8,000 to £34,000 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@mrisoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.