Ecometrica
Greenhouse gas and sustainability reporting solution providing tools and support from Sustainability Analysts allowing organisations to report their ESG metrics in an easy-to-use, robust and auditable way. Ecometrica supports disclosure to various UK specific and international standards including Greening Government Commitment, PPN 06/21, SECR, CDP and EU CSRD, amongst others.
Features
- Extensive emission factors and assumptions database for automatic calculations.
- Audit ready workflow to support verification.
- Data entry via APIs, spreadsheet upload or manual entry.
- Fast, flexible and configurable charts and visualisations.
- Reports generated at question, category, asset or organisation level
- Business Intelligence Dashboards for summarising results across organisations and portfolios
- Quick and straight forward implementation, supported by experts.
- Highlight areas of risk/opportunity and link to specific areas.
- Physical climate risk data supports reporting to TCFD, CDP etc.
- Support from highly experienced sustainability analysts based in Edinburgh.
Benefits
- Automatic calculations saves time setting up and assigning emissions factors.
- Prepare for third party verification of climate and sustainability data.
- Easy to add data to software from multiple data sources.
- Identify trends, track targets and communicate results easily.
- Share information easily across departments
- Detailed analysis of emissions data to identify improvements.
- Quick time to value and fuss free set-up.
- Keep up to speed with latest sustainability disclosure requirements.
- Identify, manage and report climate risk.
- Assistance is on hand for the Software and reporting frameworks.
Pricing
£2,425 a unit a year
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
7 9 6 1 0 2 0 1 5 6 7 7 2 9 5
Contact
EcoOnline
Bid Team
Telephone: 01926 844 200
Email: bidteam@ecoonline.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- Up to date internet browser and internet connection required.
- System requirements
-
- Web browser (no special plug-ins required)
- Internet access
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
We do not offer support SLAs as standard, allowing us to provide clients with lower pricing. We work to internal targets so that customers have comfort that these issues are important to us. Our typical internal process is as follows:
Support hours: Monday to Friday 9:00am to 5:30pm
Priority 1 - Major Defect - Within two business hours.
Priority 2 - Critical Defect - Within four business hours.
Priority 3 - Non-Critical Defect - Within twelve business hours. Priority 4 - Error - Within twenty-four business hours. Within twelve business hours.
Priority 4 - Error - Within twenty-four business hours. - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
Access to help-desk support (UK based) Monday-Friday during core business hours. Clients work with dedicated Client Services Manager and Sustainability Analyst.
Access to the above included costs.
We do not offer support SLAs as standard. We work to internal targets so that customers have comfort that these issues are important to us, but we believe that the majority of our customers prefer the lower pricing that our position on SLAs enables us to offer.
Our typical internal process is as follows:
We respond to all requests within 24 hours and to critical requests with 2 hours.
High-Impact Event:
- System bug/error with significant impact on a large number of end-users or critical impact on a few users.
- Resolution Time: One to two days.
- Resolution: Critical issues are dealt with immediately, pausing current development work until the issue is resolved. Fixes are released as soon as they have been QA tested.
Impactful Event:
- System bug/error that has an impact on a small number of end-users.
- Response time: Up to two weeks.
- Resolution: Issues are logged in the case management system, approved by CTO for build and added to the front of the development build list. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
The EcoOnline professional services team will provide a full setup of the EcoOnline system which comprises of onsite visits (if appropriate) or online meetings to understand the businesses requirements and objectives, User Acceptance Tests (UATs) and product delivery/roll-out.
EcoOnline provides web-based and/or on-site user training and materials. - Service documentation
- Yes
- Documentation formats
-
- Other
- Other documentation formats
-
- XLS
- CSV
- End-of-contract data extraction
-
Individual users can export their result data in .csv or .PDF format. All supporting evidence files uploaded or added to the system are also available to download directly. For larger exports, a .zip archive can be provided by EcoOnline of all datasets.
All client data is available for download in multiple formats at any point. - End-of-contract process
- Upon contract termination EcoOnline will act on the clients behalf to extract their data and structure in a format required. Depending on the amount of data and re-structuring will dictate the cost at our standard day rate. Additional costs may apply, dependent upon the level of support required.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- User experience is optimised where possible through either a smart phone or tablet via the web browser. There is no native application required for download. Management and configuration of the application by administrators is possible but not recommended via phone but can be performed with a tablet.
- Service interface
- No
- User support accessibility
- WCAG 2.1 AAA
- API
- Yes
- What users can and can't do using the API
-
EcoOnline uses industry leading ESG API Gateway as a Connected Data Platform designed with deep ESG Domain knowledge to support integration, monitoring, insight and action management between multiple systems. Connectors are built in line with the recommended industry standard. The EcoOnline Connected Data Platform offers 200+ off-the-shelf connections with options for bespoke data integration, OCR scanning, APIs and more also available.
Set-up for a new API is managed through the Connected Data Platform service, supported by experts.
Changes for an API connection are managed through the Connected Data Platform service, supported by experts.
Further specification is required to identify any limitations. - API documentation
- Yes
- API documentation formats
- Open API (also known as Swagger)
- API sandbox or test environment
- No
- Customisation available
- Yes
- Description of customisation
-
Customers can customise the organisational structure / heirachy, questionnaire structure, users roles, some of the visualisation / chat options.
Who can customise the above is set in a permission system managed by the platform administrator (this may be a customer user or an EcoOnline analyst)
Scaling
- Independence of resources
- Our platform is architected in Amazon Web Services to scale both horizontally and vertically. We use autoscaling metrics to track key indicators on our systems such as CPU or RAM usage as custom indicators such as task queue length to automatically scale automatically additional resources to cope with and respond rapid and unpredictable changes in demand within minutes. We also have decoupled microservices that can be scaled independently depending on specific activities. Notifications are sent and monitored internally whenever autoscaling events occur.
Analytics
- Service usage metrics
- Yes
- Metrics types
- We track and log usage metrics throughout the application including but not limited to the number of user sessions, URL requests, specific activity tracking, duration, user location, etc. Client reports of usage for their application(s) can be generated on demand or scheduled.
- Reporting types
-
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- European Economic Area (EEA)
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Physical access control, complying with another standard
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
-
Individual users can export their result data in .csv or .PDF format. All supporting evidence files uploaded or added to the system are also available to download directly.
All client data is available for download in multiple formats at any point. - Data export formats
-
- CSV
- Other
- Other data export formats
- Data import formats
-
- CSV
- Other
- Other data import formats
- Through the user interface
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
We do not offer SLAs as standard. We work to internal targets so that customers have comfort that these issues are important to us, but we believe that the majority of our customers prefer the lower pricing that our position on SLAs enables us to offer.
The Platform offers an internal SLA base uptime of 99.95% for unscheduled downtime. In the event of an outage we offer the following with a Recovery Time Objective (RTO). The RTO is our target time for restoring service after an outage, in 50% of cases services would be restored within 4 hours for example. 0-4 hours - 50% 4-8 hours - 45% 8+ hours - 5%. - Approach to resilience
- We use AWS cloud services and Multi-AZ DB Instances. Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ). Each AZ runs on its own physically distinct, independent infrastructure, and is engineered to be highly reliable. In case of an infrastructure failure, Amazon RDS performs an automatic failover to the standby, so that you can resume database operations as soon as the failover is complete. The Platform has a regular database hourly backup schedule. Static assets are stored and encrypted on Amazon’s S3 service and replicated across two regions.
- Outage reporting
-
We have a maintenance page with direct contact details that displays in the event of of an unexpected outage. In the event of longer unplanned durations of more than 30 minutes, emails are sent from our analyst team to users so that they are aware of an outage and plan accordingly.
The public dashboard is available here: https://uptime.statuscake.com/?TestID=TRe3v4ExJm
.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Other
- Other user authentication
- SSO and SAML V2 upon request
- Access restrictions in management interfaces and support channels
-
The platform uses access control with different user roles granting various rights, or actions to segregate access to data or application management features. The roles can be applied on a per user basis. .
Clients have full control and responsibility for access privileges on individual users. So you can grant/edit/revoke access permissions to individuals on an as needed basis.
Authorization, roles and permissions can be separately set for internal and external data providers. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Other
- Description of management access authentication
- A centralized authentication service securely manages and validates the authentication of all clients to the platform. The platform uses access control with different user roles granting various rights, or actions to segregate access to data or management functions. For example only an authenticated user explicitly assigned the "Application Administrator" role, can access the administrative functions of the platform.
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- Between 6 months and 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
The EcoOnline Group holds ISO/IEC 27001:2013 certification which was gained from a UKAS accredited certification body. It is the specification for an Information Security Management System (ISMS).
The Company will:
- Comply with all applicable laws, regulations and contractual obligations;
- Implement continual improvement initiatives, including risk assessment and treatment strategies, while making the best use of its management resources to meet and improve information security system’s requirements;
- Adopt an information security management system (ISMS) comprising of a security manual and procedures that provides direction and guidance on information security matters relating to employees, customers, suppliers and interested parties who come into contact with the Company’s work;
- Work closely with their Customers, Business Partners and Suppliers in seeking to establish Information Security Standards;
- Adopt a forward-looking view on future business decisions, including the continual review of risk evaluation criteria, which may have an impact on Information Security;
- Train all members of staff in their needs and responsibilities for Information Security Management;
- Constantly strive to meet, and when possible exceed, its customers and staff expectations.
- Communicate its Information Security objectives and its performance in achieving these objectives, throughout the Company and to interested parties.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Our entire process follows agile software development methodologies mixed with a Kanban Board to manage and track progress on issues and features. All our source code is securely stored using Git and is accessible only by authorized users. Each product has a separate repository, and all products have multiple branches for various issues and features in development at any given time. We also practice code review where developers review each other’s work. All issues and features are tracked in a central management system with strictly enforced process controls. All software design decisions follow the Open Web Application Security Project Guidelines
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- In addition to monitoring CVE alerts and the National Vulnerability Database (https://nvd.nist.gov/vuln/data-feeds) we use a third-party monitoring service to track vulnerabilities in all third-party software libraries used in our applications. We deploy updates to our system on a weekly basis, but can release as needed in the event of a critical vulnerability. In addition we conduct a third party grey box penetration test on an annual basis.
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- The organisation has policies and procedures in place pertaining to Annex A.12.1.3 Capacity management of ISO/IEC 27001:2013 and these are audited by our UKAS accredited certification body annually.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- The organisation has policies and procedures in place pertaining to Annex A.16 Information security incident management of ISO/IEC 27001:2013 and these are audited by our UKAS accredited certification body annually.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
EcoOnline’s business impact opportunities are driven by our innovative solutions and how they can accelerate and improve our customers’ sustainability performance. Yearly, our reporting systems plays a crucial role in helping businesses conduct, track and manage millions of risk assessments and incidents. With the result that thousands of organizations can implement corrective actions, improve safety protocols, and create a safer working environment for their employees.
Through our sustainability management software, our clients are able to reduce their carbon footprint with precise, auditable data, enabling informed decision-making. And stay ahead of emissions regulations, ensuring compliance from today into the future.
In addition, the chemicals safety tools and solutions play a vital role in combating climate change by enabling companies to reduce the use of hazardous chemicals, minimize emissions, and promote responsible chemical handling practices.
Furthermore, EcoOnline has put into place an internal carbon reduction programme, committing to science-based targets for carbon neutrality by 2050.
Using 2022 as our baseline, we aim to reduce emissions by 42% (scopes 1 and 2) and 25% (scope 3) by 2030. Annual progress reports and improved data accuracy will track our journey. Full information can be found at https://insights.ecoonline.com/global-reports/ecoonline-2022-esg-and-sustainability-reportTackling economic inequality
To address economic inequality, EcoOnline implements various mechanisms aimed at ensuring fair wages across all the markets in which we operate. We are committed to upholding a minimum wage standard that exceeds local requirements, thereby promoting economic stability and equity within our workforce. By providing competitive compensation packages and adhering to stringent wage standards, we aim to mitigate economic disparities and foster a more inclusive workplace environment. Additionally, we actively engage in initiatives and partnerships that support economic empowerment and upliftment, contributing to broader efforts to combat economic inequality on both local and global scales.Equal opportunity
Our goal in EcoOnline is to leverage diversity, so that we can enhance performance, increase innovation and creativity, and achieve our sustainability goals together.
Over the past year, EcoOnline has witnessed a remarkable stride towards gender equality and inclusivity within our workforce. In 2022, women represented 39% of our total full-time equivalent (FTE) employees, but by the end of 2023, this figure increased to an impressive 42%, marking a significant step towards narrowing the gender gap. Notably, within our extended management group, the representation of women also saw a notable uptick, climbing from 29% in 2022 to 40% in 2023. These positive developments underscore our commitment to fostering a diverse and equitable workplace culture, where everyone has equal opportunities to thrive and contribute to our shared success.
Nonetheless, we see that there is still room for improvement in terms of gender diversity. As a SaaS business operating in a global market, EcoOnline recognizes the challenges of recruiting women in traditionally male-dominated occupations, such as sales, product, and technology development. Throughout 2024 we will actively continue working towards gender equality within our business, striving to equalize the proportion of men-to-women in our workforce. We remain mindful of our desire to increase our diversity by hiring more women and underrepresented groups in the technology industry.
We have a zero-tolerance policy towards discrimination, we have an Equal Opportunity Policy committing to providing equal opportunities for all employees, workers, and job applicants, and to eliminating unlawful and unfair discriminationWellbeing
EcoOnline prioritizes the holistic wellbeing of its contract workforce, emphasizing both physical and mental health through a range of initiatives, including wellness programs and employee assistance resources. Recognizing the pivotal role of employee development, the company invests in learning and growth opportunities to enhance job satisfaction, engagement, and career progression. This includes comprehensive training for managers to foster a culture of recognition and value among employees, supported by progress reviews and personal coaching.
We offer a wide range of support globally which included within our MS Teams Channel: Wellbeing Hub
Locally, our Health & Wellbeing leads share regular communication to promote local benefits, events and information quarterly.
At the core of EcoOnline's mission is the creation of a diverse, supportive, and fulfilling work environment that prioritizes employee wellbeing and engagement. This commitment extends to stakeholders, with efforts to integrate health and wellbeing considerations into operations and service delivery. The company also promotes equality, diversity, and inclusion within its workforce, fostering a culture of respect and belonging.
Pricing
- Price
- £2,425 a unit a year
- Discount for educational organisations
- No
- Free trial available
- No