Skip to main content

Help us improve the Digital Marketplace - send your feedback

EcoOnline

Ecometrica

Greenhouse gas and sustainability reporting solution providing tools and support from Sustainability Analysts allowing organisations to report their ESG metrics in an easy-to-use, robust and auditable way. Ecometrica supports disclosure to various UK specific and international standards including Greening Government Commitment, PPN 06/21, SECR, CDP and EU CSRD, amongst others.

Features

  • Extensive emission factors and assumptions database for automatic calculations.
  • Audit ready workflow to support verification.
  • Data entry via APIs, spreadsheet upload or manual entry.
  • Fast, flexible and configurable charts and visualisations.
  • Reports generated at question, category, asset or organisation level
  • Business Intelligence Dashboards for summarising results across organisations and portfolios
  • Quick and straight forward implementation, supported by experts.
  • Highlight areas of risk/opportunity and link to specific areas.
  • Physical climate risk data supports reporting to TCFD, CDP etc.
  • Support from highly experienced sustainability analysts based in Edinburgh.

Benefits

  • Automatic calculations saves time setting up and assigning emissions factors.
  • Prepare for third party verification of climate and sustainability data.
  • Easy to add data to software from multiple data sources.
  • Identify trends, track targets and communicate results easily.
  • Share information easily across departments
  • Detailed analysis of emissions data to identify improvements.
  • Quick time to value and fuss free set-up.
  • Keep up to speed with latest sustainability disclosure requirements.
  • Identify, manage and report climate risk.
  • Assistance is on hand for the Software and reporting frameworks.

Pricing

£2,425 a unit a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@ecoonline.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

7 9 6 1 0 2 0 1 5 6 7 7 2 9 5

Contact

EcoOnline Bid Team
Telephone: 01926 844 200
Email: bidteam@ecoonline.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Up to date internet browser and internet connection required.
System requirements
  • Web browser (no special plug-ins required)
  • Internet access

User support

Email or online ticketing support
Email or online ticketing
Support response times
We do not offer support SLAs as standard, allowing us to provide clients with lower pricing. We work to internal targets so that customers have comfort that these issues are important to us. Our typical internal process is as follows:
Support hours: Monday to Friday 9:00am to 5:30pm
Priority 1 - Major Defect - Within two business hours.
Priority 2 - Critical Defect - Within four business hours.
Priority 3 - Non-Critical Defect - Within twelve business hours. Priority 4 - Error - Within twenty-four business hours. Within twelve business hours.
Priority 4 - Error - Within twenty-four business hours.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Access to help-desk support (UK based) Monday-Friday during core business hours. Clients work with dedicated Client Services Manager and Sustainability Analyst.

Access to the above included costs.

We do not offer support SLAs as standard. We work to internal targets so that customers have comfort that these issues are important to us, but we believe that the majority of our customers prefer the lower pricing that our position on SLAs enables us to offer.

Our typical internal process is as follows:
We respond to all requests within 24 hours and to critical requests with 2 hours.

High-Impact Event:
- System bug/error with significant impact on a large number of end-users or critical impact on a few users.
- Resolution Time: One to two days.
- Resolution: Critical issues are dealt with immediately, pausing current development work until the issue is resolved. Fixes are released as soon as they have been QA tested.

Impactful Event:
- System bug/error that has an impact on a small number of end-users.
- Response time: Up to two weeks.
- Resolution: Issues are logged in the case management system, approved by CTO for build and added to the front of the development build list.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
The EcoOnline professional services team will provide a full setup of the EcoOnline system which comprises of onsite visits (if appropriate) or online meetings to understand the businesses requirements and objectives, User Acceptance Tests (UATs) and product delivery/roll-out.

EcoOnline provides web-based and/or on-site user training and materials.
Service documentation
Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
  • XLS
  • CSV
End-of-contract data extraction
Individual users can export their result data in .csv or .PDF format. All supporting evidence files uploaded or added to the system are also available to download directly. For larger exports, a .zip archive can be provided by EcoOnline of all datasets.

All client data is available for download in multiple formats at any point.
End-of-contract process
Upon contract termination EcoOnline will act on the clients behalf to extract their data and structure in a format required. Depending on the amount of data and re-structuring will dictate the cost at our standard day rate. Additional costs may apply, dependent upon the level of support required.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
User experience is optimised where possible through either a smart phone or tablet via the web browser. There is no native application required for download. Management and configuration of the application by administrators is possible but not recommended via phone but can be performed with a tablet.
Service interface
No
User support accessibility
WCAG 2.1 AAA
API
Yes
What users can and can't do using the API
EcoOnline uses industry leading ESG API Gateway as a Connected Data Platform designed with deep ESG Domain knowledge to support integration, monitoring, insight and action management between multiple systems. Connectors are built in line with the recommended industry standard. The EcoOnline Connected Data Platform offers 200+ off-the-shelf connections with options for bespoke data integration, OCR scanning, APIs and more also available.

Set-up for a new API is managed through the Connected Data Platform service, supported by experts.
Changes for an API connection are managed through the Connected Data Platform service, supported by experts.

Further specification is required to identify any limitations.
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
Customers can customise the organisational structure / heirachy, questionnaire structure, users roles, some of the visualisation / chat options.

Who can customise the above is set in a permission system managed by the platform administrator (this may be a customer user or an EcoOnline analyst)

Scaling

Independence of resources
Our platform is architected in Amazon Web Services to scale both horizontally and vertically. We use autoscaling metrics to track key indicators on our systems such as CPU or RAM usage as custom indicators such as task queue length to automatically scale automatically additional resources to cope with and respond rapid and unpredictable changes in demand within minutes. We also have decoupled microservices that can be scaled independently depending on specific activities. Notifications are sent and monitored internally whenever autoscaling events occur.

Analytics

Service usage metrics
Yes
Metrics types
We track and log usage metrics throughout the application including but not limited to the number of user sessions, URL requests, specific activity tracking, duration, user location, etc. Client reports of usage for their application(s) can be generated on demand or scheduled.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Individual users can export their result data in .csv or .PDF format. All supporting evidence files uploaded or added to the system are also available to download directly.

All client data is available for download in multiple formats at any point.
Data export formats
  • CSV
  • Other
Other data export formats
PDF
Data import formats
  • CSV
  • Other
Other data import formats
Through the user interface

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We do not offer SLAs as standard. We work to internal targets so that customers have comfort that these issues are important to us, but we believe that the majority of our customers prefer the lower pricing that our position on SLAs enables us to offer.

The Platform offers an internal SLA base uptime of 99.95% for unscheduled downtime. In the event of an outage we offer the following with a Recovery Time Objective (RTO). The RTO is our target time for restoring service after an outage, in 50% of cases services would be restored within 4 hours for example. 0-4 hours - 50% 4-8 hours - 45% 8+ hours - 5%.
Approach to resilience
We use AWS cloud services and Multi-AZ DB Instances. Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ). Each AZ runs on its own physically distinct, independent infrastructure, and is engineered to be highly reliable. In case of an infrastructure failure, Amazon RDS performs an automatic failover to the standby, so that you can resume database operations as soon as the failover is complete. The Platform has a regular database hourly backup schedule. Static assets are stored and encrypted on Amazon’s S3 service and replicated across two regions.
Outage reporting
We have a maintenance page with direct contact details that displays in the event of of an unexpected outage. In the event of longer unplanned durations of more than 30 minutes, emails are sent from our analyst team to users so that they are aware of an outage and plan accordingly.

The public dashboard is available here: https://uptime.statuscake.com/?TestID=TRe3v4ExJm
.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication
SSO and SAML V2 upon request
Access restrictions in management interfaces and support channels
The platform uses access control with different user roles granting various rights, or actions to segregate access to data or application management features. The roles can be applied on a per user basis. .

Clients have full control and responsibility for access privileges on individual users. So you can grant/edit/revoke access permissions to individuals on an as needed basis.

Authorization, roles and permissions can be separately set for internal and external data providers.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Description of management access authentication
A centralized authentication service securely manages and validates the authentication of all clients to the platform. The platform uses access control with different user roles granting various rights, or actions to segregate access to data or management functions. For example only an authenticated user explicitly assigned the "Application Administrator" role, can access the administrative functions of the platform.

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
The EcoOnline Group holds ISO/IEC 27001:2013 certification which was gained from a UKAS accredited certification body. It is the specification for an Information Security Management System (ISMS).
The Company will:
- Comply with all applicable laws, regulations and contractual obligations;
- Implement continual improvement initiatives, including risk assessment and treatment strategies, while making the best use of its management resources to meet and improve information security system’s requirements;
- Adopt an information security management system (ISMS) comprising of a security manual and procedures that provides direction and guidance on information security matters relating to employees, customers, suppliers and interested parties who come into contact with the Company’s work;
- Work closely with their Customers, Business Partners and Suppliers in seeking to establish Information Security Standards;
- Adopt a forward-looking view on future business decisions, including the continual review of risk evaluation criteria, which may have an impact on Information Security;
- Train all members of staff in their needs and responsibilities for Information Security Management;
- Constantly strive to meet, and when possible exceed, its customers and staff expectations.
- Communicate its Information Security objectives and its performance in achieving these objectives, throughout the Company and to interested parties.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our entire process follows agile software development methodologies mixed with a Kanban Board to manage and track progress on issues and features. All our source code is securely stored using Git and is accessible only by authorized users. Each product has a separate repository, and all products have multiple branches for various issues and features in development at any given time. We also practice code review where developers review each other’s work. All issues and features are tracked in a central management system with strictly enforced process controls. All software design decisions follow the Open Web Application Security Project Guidelines
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
In addition to monitoring CVE alerts and the National Vulnerability Database (https://nvd.nist.gov/vuln/data-feeds) we use a third-party monitoring service to track vulnerabilities in all third-party software libraries used in our applications. We deploy updates to our system on a weekly basis, but can release as needed in the event of a critical vulnerability. In addition we conduct a third party grey box penetration test on an annual basis.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
The organisation has policies and procedures in place pertaining to Annex A.12.1.3 Capacity management of ISO/IEC 27001:2013 and these are audited by our UKAS accredited certification body annually.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
The organisation has policies and procedures in place pertaining to Annex A.16 Information security incident management of ISO/IEC 27001:2013 and these are audited by our UKAS accredited certification body annually.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

EcoOnline’s business impact opportunities are driven by our innovative solutions and how they can accelerate and improve our customers’ sustainability performance. Yearly, our reporting systems plays a crucial role in helping businesses conduct, track and manage millions of risk assessments and incidents. With the result that thousands of organizations can implement corrective actions, improve safety protocols, and create a safer working environment for their employees.

Through our sustainability management software, our clients are able to reduce their carbon footprint with precise, auditable data, enabling informed decision-making. And stay ahead of emissions regulations, ensuring compliance from today into the future.

In addition, the chemicals safety tools and solutions play a vital role in combating climate change by enabling companies to reduce the use of hazardous chemicals, minimize emissions, and promote responsible chemical handling practices.

Furthermore, EcoOnline has put into place an internal carbon reduction programme, committing to science-based targets for carbon neutrality by 2050.

Using 2022 as our baseline, we aim to reduce emissions by 42% (scopes 1 and 2) and 25% (scope 3) by 2030. Annual progress reports and improved data accuracy will track our journey. Full information can be found at https://insights.ecoonline.com/global-reports/ecoonline-2022-esg-and-sustainability-report

Tackling economic inequality

To address economic inequality, EcoOnline implements various mechanisms aimed at ensuring fair wages across all the markets in which we operate. We are committed to upholding a minimum wage standard that exceeds local requirements, thereby promoting economic stability and equity within our workforce. By providing competitive compensation packages and adhering to stringent wage standards, we aim to mitigate economic disparities and foster a more inclusive workplace environment. Additionally, we actively engage in initiatives and partnerships that support economic empowerment and upliftment, contributing to broader efforts to combat economic inequality on both local and global scales.

Equal opportunity

Our goal in EcoOnline is to leverage diversity, so that we can enhance performance, increase innovation and creativity, and achieve our sustainability goals together.
Over the past year, EcoOnline has witnessed a remarkable stride towards gender equality and inclusivity within our workforce. In 2022, women represented 39% of our total full-time equivalent (FTE) employees, but by the end of 2023, this figure increased to an impressive 42%, marking a significant step towards narrowing the gender gap. Notably, within our extended management group, the representation of women also saw a notable uptick, climbing from 29% in 2022 to 40% in 2023. These positive developments underscore our commitment to fostering a diverse and equitable workplace culture, where everyone has equal opportunities to thrive and contribute to our shared success.

Nonetheless, we see that there is still room for improvement in terms of gender diversity. As a SaaS business operating in a global market, EcoOnline recognizes the challenges of recruiting women in traditionally male-dominated occupations, such as sales, product, and technology development. Throughout 2024 we will actively continue working towards gender equality within our business, striving to equalize the proportion of men-to-women in our workforce. We remain mindful of our desire to increase our diversity by hiring more women and underrepresented groups in the technology industry.

We have a zero-tolerance policy towards discrimination, we have an Equal Opportunity Policy committing to providing equal opportunities for all employees, workers, and job applicants, and to eliminating unlawful and unfair discrimination

Wellbeing

EcoOnline prioritizes the holistic wellbeing of its contract workforce, emphasizing both physical and mental health through a range of initiatives, including wellness programs and employee assistance resources. Recognizing the pivotal role of employee development, the company invests in learning and growth opportunities to enhance job satisfaction, engagement, and career progression. This includes comprehensive training for managers to foster a culture of recognition and value among employees, supported by progress reviews and personal coaching.
​​​
We offer a wide range of support globally which included​ within our MS Teams Channel: Wellbeing Hub​

​Locally, our Health & Wellbeing leads share regular communication to promote local benefits, events and information quarterly.

At the core of EcoOnline's mission is the creation of a diverse, supportive, and fulfilling work environment that prioritizes employee wellbeing and engagement. This commitment extends to stakeholders, with efforts to integrate health and wellbeing considerations into operations and service delivery. The company also promotes equality, diversity, and inclusion within its workforce, fostering a culture of respect and belonging.

Pricing

Price
£2,425 a unit a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@ecoonline.com. Tell them what format you need. It will help if you say what assistive technology you use.