gliderbim
gliderbim is a cyber secure, data-driven, AIM CDE (Asset Information Management Common Data Environment), Project (PIM) CDE, Client Information Management Platform (IMP), Digital Twin. Open BIM standards (COBie, IFC). IDP, MIDP. Integration API with EAM, CAFM, BMS, IoT, Smart Buildings. AWS, Azure, Google Cloud. AI and ML (Machine Learning) capabilities.
Features
- AIM Common Data Environment (CDE) ISO 19650 compliance
- Information Management Platform (IMP) for full asset lifecycle management
- Asset Information Lifecycle Management & BIM platform for Facilities Management
- Digital Plan of Work for Asset Information verification and validation
- GSL (Government Soft Landings) handover management and tracking
- Import, enrich and export fully compliant COBie data
- Real-time reporting of the asset data collation/O&M process
- Integration API for Intelligent Building platforms (iBMS) and IoT devices
- Integration API for EDMS, EAM, CAFM, BMS, CWMS, Room Booking
Benefits
- Automatically connect BIM models with asset/O&M data
- Digital handover support for managing supply chain deliverables
- Version control and full audit trail for all models/data
- Single view of truth for management of Golden Thread
- Central repository for progressive assurance of Building Safety records
- Automate manual workflows for data collation and verification
- Integrate BIM with FM and building management systems
- IDP and MIDP tools to manage information procurement
- Enterprise search to enhance discoverability of asset information
Pricing
£12.50 to £35.00 a user a month
- Education pricing available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
7 8 0 7 3 2 1 3 6 2 5 8 6 7 2
Contact
Glider Technology Ltd
Nick Hutchinson
Telephone: +44 203 8268 001
Email: info@glidertech.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Private cloud
- Community cloud
- Hybrid cloud
- Service constraints
- None
- System requirements
- Modern web browsers which support WebGL
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Please see Section 7 of our Service Definition.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
The GliderBIM license fees includes telephone and helpdesk support for the number of user licenses included in the order.
Each GliderBIM order is assigned a GliderBIM Account Manager.
All Users have access to the support team via the telephone and email helpdesk facility.
The GliderBIM support telephone and email help desk is accessible Monday to Friday inclusive from 8:30am to 5:30pm GMT excluding UK bank holidays.
The GliderBIM support team will assign one of the priorities below to each support request:
• Priority 1: a business-critical feature of the Software Service is unavailable to all users, and consequently users are unable to continue with their normal course of business.
• Priority 2: an important feature of the Software Service is unavailable to all users, which is a significant inconvenience, however does not prevent users from continuing with their normal course of business.
• Priority 3: a feature of the Software Service is unavailable to one or more users.
• Priority 4: a feature of the Software Service is either unavailable or not performing as it
should, but is causing minimal business impact.
Support requests shall be escalated should the customer not agree with the prioritisation of the request. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- We provide onsite training, online training, and user documentation to suit the Buyer's requirements.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
-
GliderBIM provides automated export functionality for the following:
- BIM Models in IFC format,
- Asset registers in Excel, CSV, IFC formats,
- Documents in their native file format,
- COBie data in compliant Excel format.
Glider Technology can also provide digital archives on external hard drives to be shipped directly to the Buyer on request. - End-of-contract process
-
Upon termination of the Software-as-a-Service subscription, the following option is available for archiving of data (subject to contract):
• All model files, documents and schedules of asset data can be exported from GliderBIM and provided to the Customer via an external hard drive compatible with Windows or OSX operating systems. The hard drive can be encrypted as an option.
Without specific archiving instructions, customer data will be retained for a period of twelve calendar months after the subscription termination date before being destroyed.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
-
No differences in functionality.
The User Interface is responsively designed to suit the browser's screen resolution. - Service interface
- Yes
- User support accessibility
- None or don’t know
- Description of service interface
- The service is entirely web browser-based and has many user interfaces to access, store, process, track and download information.
- Accessibility standards
- None or don’t know
- Description of accessibility
- The service is accessed via a web browser so therefore any common screen reading software can be used. The only exception is the 3D model viewer but there is no technical way to describe what can be seen.
- Accessibility testing
- No testing carried out to date. We plan to do so in 2022.
- API
- Yes
- What users can and can't do using the API
-
The API is not available by default to Users.
The API can be made available to the Buyer for specific purposes to be agreed with the Supplier in writing. These purposes are usually regarding an integration with third party software. - API documentation
- Yes
- API documentation formats
- Open API (also known as Swagger)
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
GliderBIM is customised by the Buyer to meet the requirements of each individual project. Specifically, the Buyer can customise the following:
- the Digital Plan of Work module to suit the asset data requirements of the project,
- the Asset Register data schema verification rules
- Verifications rules for model/data imports
- Export formats for models and schedules of data
- O&M Manual templates
- Room Data Sheets
- Commissioning Test Sheets
Scaling
- Independence of resources
-
Each project gets several distinct databases. This ensures that if a write lock escalates to a full-table lock, it does not affect other projects.
We have automatic monitoring systems that look at system load and trigger new servers to be launched, in the event that a processing queue becomes backed up for example.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
- Server uptime performance
- Storage metrics
- User sessions including page visits - Reporting types
-
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with SSAE-16 / ISAE 3402
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
-
Users can export via the following means:
- export the asset register to Excel/CSV,
- export the asset register to COBie compliant Excel document,
- export IFC/IFC.zip models with or without asset data pushed into the model.
- export all documents in their native format. - Data export formats
-
- CSV
- Other
- Other data export formats
-
- IFC (Industry Foundation Class)
- IFCZIP
- Microsoft Excel (.xlsx)
- COBie
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- IFC
- IFCZIP
- Microsoft Excel (.xlsx)
- COBie (Excel)
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- Other
- Other protection between networks
- If required we can set up a peering relationship via AWS Direct Connect or a hardware VPN.
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- We offer a 99.95% service level agreement, but we do not offer a saving to customers.
- Approach to resilience
-
All our servers are managed by Amazon; they will be automatically relaunched if the hardware fails. We monitor system load and automatically launch new servers as required to deal with it.
When files are uploaded to our system, they are automatically replicated off-site in Frankfurt within a second or two. This hot replica is available in the event of a regional outage.
Our database server is also replicated off-site in real-time. It has a transactional backup every 5 minutes and has a full backup every 24 hours.
We can fail-over to the off-site Frankfurt datacenter within about 30 minutes in the event of an AWS regional outage. It is also worth noting that our application is stored in the Ireland region which has never experienced a total outage. - Outage reporting
- We have a status dashboard for GliderBIM users. Users can sign up and receive e-mail alerts in the event of the system experiencing an outage or degraded performance.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
- A user cannot access a project without being a member of it; they must temporarily add themselves. This is an administrative function that is audited so we can know which of our staff had access to which projects at which time. Any changes that user made to the project would also be audited.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- The British Assessment Bureau
- ISO/IEC 27001 accreditation date
- 11/04/2022
- What the ISO/IEC 27001 doesn’t cover
- Not applicable
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
-
- ISO 27001
- MOD CyDR
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
- Cyber Essentials, Cyber Essentials Plus
- Information security policies and processes
-
Our Information Security Management System contains detailed security policies and processes, which we will summarise here.
1. All staff computer hard drives must be encrypted
2. All communications over the public internet must be encrypted with a valid SSL certificate
3. All internal communications in our datacenter must be encrypted
4. All customer data must be encrypted at rest
5. When using a shared internet connection, network communication must go via a VPN.
6. If customer data is required to diagnose an issue, it must be securely erased within 48 hours of the issue being resolved.
7. Passwords and other security critical tokens can only be stored in the company password safe. They must never be e-mailed or texted.
8. 2FA is required when connecting to any AWS or mail account
We audit this regularly by issuing employee questionnaires and audits where we check the configuration of employee workstations.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Changes are requested either by a customer or internally. The development committee meets every fortnight to discuss the next fortnight's work, and what features should be prioritised. A technical specification is prepared by the senior technical staff and signed off by the technical director. After a developer prepares the changes, they are code reviewed reviewed by the technical director and senior staff. During the code review, we identify potential security risks and mitigate them wherever possible. We use the same approach for changes to servers, patches or configurations.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
We are subscribed to the Ubuntu and Windows security alerts mailing list and RSS feed. We review it daily to ensure that no software we use is specified in this list.
In most cases, we deploy patches to our staging environment and test them for 2-3 days to ensure there are no effects. In the event of a high-profile serious issue we will accelerate this process and aim to have it done within a day or less.
We maintain a risk register and review it regularly to ensure that we are aware of our security profile. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
We have numerous automated methods of identifying potential compromises. We would be happy to discuss this on request but not to announce the details publicly.
When a potential compromise is identified, we first determine whether it is possible it was triggered by mistake by a developer calling an API call that they didn't mean to.
If it appears that a system is compromised then it is isolated from the network for analysis. If necessary we will firewall the entire environment until an assessment can be made.
Alerts raise SMS alerts to senior technical staff and are assessed within minutes. - Incident management type
- Supplier-defined controls
- Incident management approach
-
We have an internal playbook which details common issues and their solutions. This is proactively updated as we add more elements to the system.
Users report incidents via our online ticketing mechanism, or by contacting their account manager. However, we have automatic monitoring systems that usually tell us about any problem before any customer notices. In most cases we are informed about a potential problem (such as high CPU usage) before it becomes an outage and fix it without downtime.
Incident reports are provided to all subscribers of our status web service.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
gliderbim is a collaborative information management platform that enables remote parties to engage around electronic information and workflows to make infirmed decisions about their projects, programmes and assets in their wider estate.
Historically, teams would have to travel to meetings to attain the same collaborative engagement afforded by gliderbim, so the software usage reduced travel cost and carbon emissions significantly.
Similarly, rather than print paper documents relating to project and asset information records, gliderbim enables users to create highly navigable electronic archives, complete with online review and markup tools. - Covid-19 recovery
-
Covid-19 recovery
gliderbim is a online collaborative environment that enables users to access information securely from any location, including home working.
The gliderbim application drives efficiencies in to the digital delivery of projects, and ensures Government clients (and any other major asset owner) benefit from operational soft landings and faster operational mobilisation of new assets.
These 2 things combined underpin the drive for smarter, faster and greener delivery of projects, programmes, assets and wider digitised estates.
Pricing
- Price
- £12.50 to £35.00 a user a month
- Discount for educational organisations
- Yes
- Free trial available
- No