EcoOnline

IEX ESG

Our ESG solution enable organisations to build one true view of their ESG performance, across the three pillars of a responsible business.

The suite of modules aggregate data into one platform to create greater transparency, improve internal benchmarking and leverage actionable insights to cascade policies and procedures throughout operations.

Features

• Carbon Module
• Waste Module
• Water Module
• Modern Slavery Module
• Social Value Module
• Diversity Module
• Cyber Security Module
• People Development Module
• Anti Bribery Module
• ESG Profit Module

Benefits

• Streamline ESG visibility
• Gain complete visibility of your ESG initiatives
• Improve transparency
• Provide stakeholders proof and transparency of sustainability results
• Manage compliance
• Reduce exposure to fines
• Connect various ESG practices
• The broadest range of applications available from a single provider
• Scale ESG programmes
• Adopt a company-wide approach

£10,000 a unit a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@ecoonline.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

908290931899196

Contact

Bid Team
01926 844 200
bidteam@ecoonline.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Up to date internet browser and internet connection required.
• System requirements:
  • Web browser (no special plug-ins required)
  • Internet access
  • Suitable mobile device for remote access.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We do not offer support SLAs as standard, allowing us to provide clients with lower pricing. We work to internal targets so that customers have comfort that these issues are important to us. Our typical internal process is as follows:; Support hours: Monday to Friday 9:00am to 5:30pm ; Priority 1 - Major Defect - Within two business hours. ; Priority 2 - Critical Defect - Within four business hours.; Priority 3 - Non-Critical Defect - Within twelve business hours. Priority 4 - Error - Within twenty-four business hours. Within twelve business hours. ; Priority 4 - Error - Within twenty-four business hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Access to help-desk support (UK based) Monday-Friday during core business hours. A dedicated Account Manager is provided.; ; Access to the above included in Licence Hosting & Help-desk Support Annual Fees; ; We do not offer support SLAs as standard, allowing us to provide clients with lower pricing. We work to internal targets so that customers have comfort that these issues are important to us. Our typical internal process is as follows:; Support hours: Monday to Friday 9:00am to 5:30pm ; Priority 1 - Major Defect - Within two business hours. ; Priority 2 - Critical Defect - Within four business hours.; Priority 3 - Non-Critical Defect - Within twelve business hours. Priority 4 - Error - Within twenty-four business hours. Within twelve business hours. ; Priority 4 - Error - Within twenty-four business hours.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: IEX ESG is designed to allow us to configure intuitive and easy to use on-line systems requiring minimal training for standard users. Historically most of our clients have found that they do not need comprehensive training packages or documentation. We can cite many large-scale client deployments where there has been virtually no user training required merely notification of the pending change with some outline guidance notes on timing and any change to in-house process or procedures. However, we do allow for thorough System Administration and Report Builder training workshops as part of the implantation and will also run as required Train the Trainer/User awareness workshops.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Data can be extracted through the search engine and downloaded to CSV files.
• End-of-contract process: Upon contract termination EcoOnline will act on the clients behalf to extract their data and structure in a format required. Depending on the amount of data and re-structuring will dictate the cost at our standard day rate. Additional costs may apply, dependent upon the level of support required.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The desktop application is designed to include a responsive UI/UX, facilitating use across tablet and mobile devices.; ; An additional offline app is available, with capabilities to save draft data on device and synchronise to the desktop application at a later date.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: The ystem has a robust, secure and flexible approach to connecting to third party applications. It incorporates both automated Import/Export (CSV/XML formats) and API functionality. Full supporting documentation is available upon request.
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Our software and functionality is configurable. In addition, users with administrator rights within our software solution have the ability to:; ; Manage Lookup Lists; Create Users Accounts; Create User Groups; Manage User Access; Manage Single Sign On Authentication IDs; Reset Passwords; Archive User Accounts; Lock and unlock Accounts; Assign User Permissions and; View Audit Logs

Scaling

• Independence of resources: IES ESG’s hosting partner is Microsoft Azure, one of the world leading cloud hosting providers. EcoOnline works closely with Azure to ensure that the hosting infrastructure meets the needs of our clients, has appropriate levels of security in place and has the ability to be maintained, scaled and upgraded with minimal, if any, impact to clients.

Analytics

• Service usage metrics: Yes
• Metrics types: The IEX ESG system contains a full audit log of all events that take place within the application. Typically this includes:; Archive record; Assign workflow action; Change password; Complete workflow action; Create record; Create user; Delete record; Edit record; Email notification; Login; Logout; Password reset requested; Run report; Run search; Set application permissions
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export data through CSV download via the search engine, or through an automated data extract routine to a client-provided FTP site, or through API.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We do not offer SLAs as standard. We work to internal targets so that customers have comfort that these issues are important to us, but we believe that the majority of our customers prefer the lower pricing that our position on SLAs enables us to offer.; ; Our internal SLAs are 100% up-time of the hosting infrastructure and 99% up-time of the application.
• Approach to resilience: Detailed information available upon request. EcoOnline is hosted only in world-class datacentres holding appropriate internationally-recognised accreditation and certification for their operations, security and resiliency with applications running from multiple data centres with most component in an active/active configuration.
• Outage reporting: Nominated contacts are informed should there be a service outage.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: IEX ESG supports external authentication and integration to a third-party gateway as required.; The recommended authentication process is via Single Sign On through the use of an authenticated gateway access page and secure web services.; Using Single Sign On, a user is authenticated once within the client domain and is then given access to the Info Exchange application with access and authentication controlled by a one-time token that is valid only for the user session and is time bound to expire if not used.; Identity Provider Initiated SAML 2.0 SSO is also available as a configurable option for each exchange.
• Access restrictions in management interfaces and support channels: Access only provided to those who require access for the management, development and maintenance of the service. Logins are password authenticated using secure one way encryption methods. Level of access given to each users is dependent on the requirements of their role.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Description of management access authentication: IEX ESG supports external authentication and integration to a third-party gateway as required.; The recommended authentication process is via Single Sign On through the use of an authenticated gateway access page and secure web services.; Using Single Sign On, a user is authenticated once within the client domain and is then given access to the IEX ESG application with access and authentication controlled by a one-time token that is valid only for the user session and is time bound to expire if not used.; Identity Provider Initiated SAML 2.0 SSO is also available as a configurable option for each exchange.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 03/02/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We hold ISO/IEC 27001:2013 certification which was gained from a UKAS accredited certification body. It is the specification for an Information Security Management System (ISMS).; The Company will:; - Comply with all applicable laws, regulations and contractual obligations;; - Implement continual improvement initiatives, including risk assessment and treatment strategies, while making the best use of its management resources to meet and improve information security system’s requirements;; - Adopt an information security management system (ISMS) comprising of a security manual and procedures that provides direction and guidance on information security matters relating to employees, customers, suppliers and interested parties who come into contact with the Company’s work;; - Work closely with their Customers, Business Partners and Suppliers in seeking to establish Information Security Standards;; - Adopt a forward-looking view on future business decisions, including the continual review of risk evaluation criteria, which may have an impact on Information Security;; - Train all members of staff in their needs and responsibilities for Information Security Management;; - Constantly strive to meet, and when possible exceed, its customers and staff expectations.; - Communicate its Information Security objectives and its performance in achieving these objectives, throughout the Company and to interested parties.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: The organisation has policies and procedures in place pertaining to Annex A.12.1.2 Change management of ISO/IEC 27001:2013 and these are audited by our UKAS accredited certification body annually
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: The organisation has policies and procedures in place pertaining to Annex A.12.6.1 Management of technical vulnerabilities of ISO/IEC 27001:2013 and these are audited by our UKAS accredited certification body annually.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: The organisation has policies and procedures in place pertaining to Annex A.12.1.3 Capacity management of ISO/IEC 27001:2013 and these are audited by our UKAS accredited certification body annually.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: The organisation has policies and procedures in place pertaining to Annex A.16 Information security incident management of ISO/IEC 27001:2013 and these are audited by our UKAS accredited certification body annually.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  EcoOnline’s business impact opportunities are driven by our innovative solutions and how they can accelerate and improve our customers’ sustainability performance. Yearly, our reporting systems plays a crucial role in helping businesses conduct, track and manage millions of risk assessments and incidents. With the result that thousands of organizations can implement corrective actions, improve safety protocols, and create a safer working environment for their employees. ; ; Through our sustainability management software, our clients are able to reduce their carbon footprint with precise, auditable data, enabling informed decision-making. And stay ahead of emissions regulations, ensuring compliance from today into the future.; ; In addition, the chemicals safety tools and solutions play a vital role in combating climate change by enabling companies to reduce the use of hazardous chemicals, minimize emissions, and promote responsible chemical handling practices.; ; Furthermore, EcoOnline has put into place an internal carbon reduction programme, committing to science-based targets for carbon neutrality by 2050.; ; Using 2022 as our baseline, we aim to reduce emissions by 42% (scopes 1 and 2) and 25% (scope 3) by 2030. Annual progress reports and improved data accuracy will track our journey. Full information can be found at https://insights.ecoonline.com/global-reports/ecoonline-2022-esg-and-sustainability-report

  Tackling economic inequality

  To address economic inequality, EcoOnline implements various mechanisms aimed at ensuring fair wages across all the markets in which we operate. We are committed to upholding a minimum wage standard that exceeds local requirements, thereby promoting economic stability and equity within our workforce. By providing competitive compensation packages and adhering to stringent wage standards, we aim to mitigate economic disparities and foster a more inclusive workplace environment. Additionally, we actively engage in initiatives and partnerships that support economic empowerment and upliftment, contributing to broader efforts to combat economic inequality on both local and global scales.

  Equal opportunity

  Our goal in EcoOnline is to leverage diversity, so that we can enhance performance, increase innovation and creativity, and achieve our sustainability goals together. ; Over the past year, EcoOnline has witnessed a remarkable stride towards gender equality and inclusivity within our workforce. In 2022, women represented 39% of our total full-time equivalent (FTE) employees, but by the end of 2023, this figure increased to an impressive 42%, marking a significant step towards narrowing the gender gap. Notably, within our extended management group, the representation of women also saw a notable uptick, climbing from 29% in 2022 to 40% in 2023. These positive developments underscore our commitment to fostering a diverse and equitable workplace culture, where everyone has equal opportunities to thrive and contribute to our shared success.; ; Nonetheless, we see that there is still room for improvement in terms of gender diversity. As a SaaS business operating in a global market, EcoOnline recognizes the challenges of recruiting women in traditionally male-dominated occupations, such as sales, product, and technology development. Throughout 2024 we will actively continue working towards gender equality within our business, striving to equalize the proportion of men-to-women in our workforce. We remain mindful of our desire to increase our diversity by hiring more women and underrepresented groups in the technology industry.; ; We have a zero-tolerance policy towards discrimination, we have an Equal Opportunity Policy committing to providing equal opportunities for all employees, workers, and job applicants, and to eliminating unlawful and unfair discrimination

  Wellbeing

  EcoOnline prioritizes the holistic wellbeing of its contract workforce, emphasizing both physical and mental health through a range of initiatives, including wellness programs and employee assistance resources. Recognizing the pivotal role of employee development, the company invests in learning and growth opportunities to enhance job satisfaction, engagement, and career progression. This includes comprehensive training for managers to foster a culture of recognition and value among employees, supported by progress reviews and personal coaching. ; ​​​; We offer a wide range of support globally which included​ within our MS Teams Channel: Wellbeing Hub​; ; ​Locally, our Health & Wellbeing leads share regular communication to promote local benefits, events and information quarterly. ; ; At the core of EcoOnline's mission is the creation of a diverse, supportive, and fulfilling work environment that prioritizes employee wellbeing and engagement. This commitment extends to stakeholders, with efforts to integrate health and wellbeing considerations into operations and service delivery. The company also promotes equality, diversity, and inclusion within its workforce, fostering a culture of respect and belonging.

Pricing

• Price: £10,000 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@ecoonline.com. Tell them what format you need. It will help if you say what assistive technology you use.