True Compliance Platform, App and Services
True Compliance is a comprehensive solution for social housing providers to manage all compliance streams, everything from the 'Big 6' to Bin Lid Inspections, ensuring streamlined, accurate, and efficient management. TC Go is an app which enables users to create certificates onsite via mobile devices, reducing callbacks and wasted visits.
Features
- PDF Reading technology with AI
- Configurable by design
- Public APIs to integrate any core system & data set
- Intuitive & easy to use
- Mobile ready - onsite action closing
- Real time dashboard with configurable widgets
- Centralised golden thread of Building Safety Information & compliance
- Extract, auto-allocate, manage & track actions for every property
- Realtime reporting suite with direct to inbox regulatory reports
- Purpose built to manage health & safety compliance
Benefits
- Reduce manual data administration & human error improving data quality
- Mould to your processes, rulesets & working practices
- Completely integrable giving one true complete view of your compliance
- Intuitive for quick adoption & no need for formal training
- Manage actions onsite
- Realtime & accurate view of compliance & assurance
- Keep residents safe in their homes
- Regain control from contractors with more accurate, detailed KPIs
- Reduce the risk of non compliance, regulatory failure & underperformance
- Manage all compliance in one place regardless of the stream
Pricing
£5,000 to £1,000,000 a licence a year
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
9 1 7 4 7 4 4 3 0 1 9 3 9 5 4
Contact
True Compliance
Matt Rawlings
Telephone: 07545 399434
Email: Matt@truecompliance.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
- The service has no constraints.
- System requirements
-
- Internet Explorer 11 or Edge
- Chrome
- Firefox
- Safari
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Users will get a response within 24h of the request being made. On weekends a response will be received within 24 hours Monday 09:00am.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- No
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- Users are able to ask questions using the web chat which is available on our Website and Customer Helpdesk portal. Users are able to talk live directly to an agent who can either resolve the issue or create a support ticket.
- Web chat accessibility testing
- None.
- Onsite support
- Yes, at extra cost
- Support levels
- Support tickets are answered by a Client Support Rep. The support you receive is included in the all inclusive price of the subscription. Help Desk support is available 9-5pm (exc. P & BH) and email auto-acknowledgement and Help Desk portal/FAQs etc... are available 7 x 24 x 365. Live web chat is available Mon-Fri 9am-5pm. Tickets will be responded to within 24h of receipt except weekends where your ticket would be responded to within 24h of the following Monday 9am. Account Management is also provided as part of your subscription to ensure that you gain the maximum benefit from using True Compliance. Prioritised tickets are available through our enhanced support package.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- True Compliance offers comprehensive levels of support for clients during the onboarding process. Clients have the ability to onboard True Compliance themselves; however, True Compliance are able to provide additional support services to suit the clients requirements.
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- Users have access to all their data via the reports centre and are able to download the information they want on demand whenever they need to. They also have complete control of data retention for deletion to meet their requirements.
- End-of-contract process
- There are no end of contract charges, once the customer is happy they have all their data, we would close access to the platform and delete data from our systems. Customers can also choose to delete their own data as they can control this via a customer accessible data retention mechanism.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- There are no differences between the mobile and desktop service.
- Service interface
- No
- User support accessibility
- None or don’t know
- API
- Yes
- What users can and can't do using the API
-
Our Public RESTful API allows users to add certificates to our load queue, and fetch and search for certificate information.
POST Authorization
GET API Information
POST Queue a certificate
GET Get a certificate
GET Search for a certificate
GET Download a PDF
We do not currently allow clients to create their own API account, this is done in house via a request to the support desk. Clients can then send an authentication request to receive an access token. You can retrieve a token at any time, using the first API endpoint - authorization.
Whilst all information is available via API, bespoke APIs can also be created by request via the support desk that allows movement of key data into corporate systems. - API documentation
- Yes
- API documentation formats
- Other
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- Dashboard 'Widgets' can be customised to visualise whatever the user requires to be shown dependant on their needs which could be ie non compliant properties. The 'Rule Set' that is used to test the data from the incoming documents can have custom rules added to allow for better management of contractors & SLAs. The 'Property/Block View' page can be customised to show what the customer would like to see on that page (e.g. Accountable Person, Housing Officer name, Appointment information, description of premises from an FRA, etc.) All 'Reports' are made specially for each customer. 'Process' can be altered to match the customer's preferred process. Auto-allocation and triggers to workflow these processes can also be customised.
Scaling
- Independence of resources
-
We utilise auto scaling technologies on Amazon Web Services (AWS) to automatically employ extra resources based on service demand.
We use load balancing technology to share the user load on our servers to ensure that we guarantee users aren't affected service demand.
The application is designed as a series of micro servers removing load from the main application api.
Analytics
- Service usage metrics
- No
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Data is exportable from a central reports centre allowing for data to be downloaded and exported on demand via CSV.
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
Our SLA specifies the following uptime guarantees:
Live TC System and associated systems: 99.9%
Exports and Interfaces: 99.5%
Test TC system and associated systems: 99%
We offer a full pro rata refund for any downtime that breaches these guarantees. - Approach to resilience
-
We use Amazon Web Services (AWS) to host our platform. They have first rate security policies surrounding the actual data centre. More about AWS datacentre resilience & setup can be found at https://aws.amazon.com/compliance/data-center/controls/
All our servers are protected behind access keys, and within a Virtual Private Cloud. Database access is locked down to the specific application servers that need access. - Outage reporting
- Downtime is relayed to the development team via automatic email alerts. This information is relayed to our customer facing teams who personally make contact to inform clients.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
- Access is restricted via user roles. Certain roles have greater access and privileges within the application.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- 15/04/2019
- CSA STAR certification level
- Level 1: CSA STAR Self-Assessment
- What the CSA STAR doesn’t cover
- None
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- CSA CCM version 3.0
- Information security policies and processes
-
True Compliance's Chief Technical Officer is responsible for security policies & processes which are frequently reviewed to meet with the latest recommendations on information security. Our Data Security policy is self authored and incorporates the fundamental core of ISO27001 and CSA CCM Version 3.
The CTO must report on security processes and incidents at each board meeting.
Weekly external scans of the system are also undertaken.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
All application code is run through git version control.
We run tests on the codebase daily, and all changes and updates are tested locally and in a demo environment prior to release. - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
We run weekly vulnerability tests, using a third party service.
Reports are generated and reviewed by the CTO. Appropriate remedial action is taken. High risk issues are fixed where possible within 24 hours. Other issues are remedied within 5 working days. - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- We run weekly vulnerability tests, using a third party service. Reports are generated and reviewed by the CTO. Appropriate remedial action is taken. High risk issues are fixed where possible within 24 hours. Other issues are remedied within 5 working days.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
Incidents can be reported to TC via the helpdesk support@truecompliance.co.uk or by contacting your account manager.
We have a documented incident management plan, which kicks into action upon discovery of an incident.
Incident reports will be sent to all clients on request.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
WellbeingWellbeing
True Compliance prioritises the well-being and development of its employees, fostering a positive and supportive work environment. As a diverse team with a strong retention rate, we pride ourselves on being a living wage employer, ensuring fair compensation for our dedicated staff.
Investing in employee growth is central to our business ethos. We offer various training opportunities, including external sessions and online courses, empowering our team to develop diverse skills. Attending industry conferences and events is encouraged, enriching our understanding of client needs and fostering engagement with our mission-driven work.
Our training programs extend beyond job-related skills, encouraging employees to pursue personal interests and passions. Flexible working arrangements enable international team members to visit home or pursue extracurricular activities like music, volunteering, or sports. By embracing individual talents, we create a dynamic workplace culture where creativity thrives.
Regular in-person social gatherings further strengthen team cohesion. Whether it's our weekly after-work meetups or quarterly team-building activities, we prioritise fostering meaningful connections and camaraderie among our team members.
At True Compliance, we recognise that our success is built on the dedication and well-being of our employees. By providing opportunities for growth, supporting personal interests, and fostering a supportive community, we strive to create an environment where every team member can thrive both personally and professionally.
Pricing
- Price
- £5,000 to £1,000,000 a licence a year
- Discount for educational organisations
- No
- Free trial available
- No