Skip to main content

Help us improve the Digital Marketplace - send your feedback

True Compliance

True Compliance Platform, App and Services

True Compliance is a comprehensive solution for social housing providers to manage all compliance streams, everything from the 'Big 6' to Bin Lid Inspections, ensuring streamlined, accurate, and efficient management. TC Go is an app which enables users to create certificates onsite via mobile devices, reducing callbacks and wasted visits.

Features

  • PDF Reading technology with AI
  • Configurable by design
  • Public APIs to integrate any core system & data set
  • Intuitive & easy to use
  • Mobile ready - onsite action closing
  • Real time dashboard with configurable widgets
  • Centralised golden thread of Building Safety Information & compliance
  • Extract, auto-allocate, manage & track actions for every property
  • Realtime reporting suite with direct to inbox regulatory reports
  • Purpose built to manage health & safety compliance

Benefits

  • Reduce manual data administration & human error improving data quality
  • Mould to your processes, rulesets & working practices
  • Completely integrable giving one true complete view of your compliance
  • Intuitive for quick adoption & no need for formal training
  • Manage actions onsite
  • Realtime & accurate view of compliance & assurance
  • Keep residents safe in their homes
  • Regain control from contractors with more accurate, detailed KPIs
  • Reduce the risk of non compliance, regulatory failure & underperformance
  • Manage all compliance in one place regardless of the stream

Pricing

£5,000 to £1,000,000 a licence a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Matt@truecompliance.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

9 1 7 4 7 4 4 3 0 1 9 3 9 5 4

Contact

True Compliance Matt Rawlings
Telephone: 07545 399434
Email: Matt@truecompliance.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
The service has no constraints.
System requirements
  • Internet Explorer 11 or Edge
  • Chrome
  • Firefox
  • Safari

User support

Email or online ticketing support
Email or online ticketing
Support response times
Users will get a response within 24h of the request being made. On weekends a response will be received within 24 hours Monday 09:00am.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
No
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Users are able to ask questions using the web chat which is available on our Website and Customer Helpdesk portal. Users are able to talk live directly to an agent who can either resolve the issue or create a support ticket.
Web chat accessibility testing
None.
Onsite support
Yes, at extra cost
Support levels
Support tickets are answered by a Client Support Rep. The support you receive is included in the all inclusive price of the subscription. Help Desk support is available 9-5pm (exc. P & BH) and email auto-acknowledgement and Help Desk portal/FAQs etc... are available 7 x 24 x 365. Live web chat is available Mon-Fri 9am-5pm. Tickets will be responded to within 24h of receipt except weekends where your ticket would be responded to within 24h of the following Monday 9am. Account Management is also provided as part of your subscription to ensure that you gain the maximum benefit from using True Compliance. Prioritised tickets are available through our enhanced support package.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
True Compliance offers comprehensive levels of support for clients during the onboarding process. Clients have the ability to onboard True Compliance themselves; however, True Compliance are able to provide additional support services to suit the clients requirements.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Users have access to all their data via the reports centre and are able to download the information they want on demand whenever they need to. They also have complete control of data retention for deletion to meet their requirements.
End-of-contract process
There are no end of contract charges, once the customer is happy they have all their data, we would close access to the platform and delete data from our systems. Customers can also choose to delete their own data as they can control this via a customer accessible data retention mechanism.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
There are no differences between the mobile and desktop service.
Service interface
No
User support accessibility
None or don’t know
API
Yes
What users can and can't do using the API
Our Public RESTful API allows users to add certificates to our load queue, and fetch and search for certificate information.

POST Authorization
GET API Information
POST Queue a certificate
GET Get a certificate
GET Search for a certificate
GET Download a PDF

We do not currently allow clients to create their own API account, this is done in house via a request to the support desk. Clients can then send an authentication request to receive an access token. You can retrieve a token at any time, using the first API endpoint - authorization.

Whilst all information is available via API, bespoke APIs can also be created by request via the support desk that allows movement of key data into corporate systems.
API documentation
Yes
API documentation formats
Other
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Dashboard 'Widgets' can be customised to visualise whatever the user requires to be shown dependant on their needs which could be ie non compliant properties. The 'Rule Set' that is used to test the data from the incoming documents can have custom rules added to allow for better management of contractors & SLAs. The 'Property/Block View' page can be customised to show what the customer would like to see on that page (e.g. Accountable Person, Housing Officer name, Appointment information, description of premises from an FRA, etc.) All 'Reports' are made specially for each customer. 'Process' can be altered to match the customer's preferred process. Auto-allocation and triggers to workflow these processes can also be customised.

Scaling

Independence of resources
We utilise auto scaling technologies on Amazon Web Services (AWS) to automatically employ extra resources based on service demand.

We use load balancing technology to share the user load on our servers to ensure that we guarantee users aren't affected service demand.

The application is designed as a series of micro servers removing load from the main application api.

Analytics

Service usage metrics
No

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data is exportable from a central reports centre allowing for data to be downloaded and exported on demand via CSV.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Our SLA specifies the following uptime guarantees:

Live TC System and associated systems: 99.9%
Exports and Interfaces: 99.5%
Test TC system and associated systems: 99%

We offer a full pro rata refund for any downtime that breaches these guarantees.
Approach to resilience
We use Amazon Web Services (AWS) to host our platform. They have first rate security policies surrounding the actual data centre. More about AWS datacentre resilience & setup can be found at https://aws.amazon.com/compliance/data-center/controls/

All our servers are protected behind access keys, and within a Virtual Private Cloud. Database access is locked down to the specific application servers that need access.
Outage reporting
Downtime is relayed to the development team via automatic email alerts. This information is relayed to our customer facing teams who personally make contact to inform clients.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Access is restricted via user roles. Certain roles have greater access and privileges within the application.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
15/04/2019
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
None
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
CSA CCM version 3.0
Information security policies and processes
True Compliance's Chief Technical Officer is responsible for security policies & processes which are frequently reviewed to meet with the latest recommendations on information security. Our Data Security policy is self authored and incorporates the fundamental core of ISO27001 and CSA CCM Version 3.

The CTO must report on security processes and incidents at each board meeting.

Weekly external scans of the system are also undertaken.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
All application code is run through git version control.

We run tests on the codebase daily, and all changes and updates are tested locally and in a demo environment prior to release.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
We run weekly vulnerability tests, using a third party service.

Reports are generated and reviewed by the CTO. Appropriate remedial action is taken. High risk issues are fixed where possible within 24 hours. Other issues are remedied within 5 working days.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
We run weekly vulnerability tests, using a third party service. Reports are generated and reviewed by the CTO. Appropriate remedial action is taken. High risk issues are fixed where possible within 24 hours. Other issues are remedied within 5 working days.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Incidents can be reported to TC via the helpdesk support@truecompliance.co.uk or by contacting your account manager.

We have a documented incident management plan, which kicks into action upon discovery of an incident.

Incident reports will be sent to all clients on request.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

Wellbeing

Wellbeing

True Compliance prioritises the well-being and development of its employees, fostering a positive and supportive work environment. As a diverse team with a strong retention rate, we pride ourselves on being a living wage employer, ensuring fair compensation for our dedicated staff.

Investing in employee growth is central to our business ethos. We offer various training opportunities, including external sessions and online courses, empowering our team to develop diverse skills. Attending industry conferences and events is encouraged, enriching our understanding of client needs and fostering engagement with our mission-driven work.

Our training programs extend beyond job-related skills, encouraging employees to pursue personal interests and passions. Flexible working arrangements enable international team members to visit home or pursue extracurricular activities like music, volunteering, or sports. By embracing individual talents, we create a dynamic workplace culture where creativity thrives.

Regular in-person social gatherings further strengthen team cohesion. Whether it's our weekly after-work meetups or quarterly team-building activities, we prioritise fostering meaningful connections and camaraderie among our team members.

At True Compliance, we recognise that our success is built on the dedication and well-being of our employees. By providing opportunities for growth, supporting personal interests, and fostering a supportive community, we strive to create an environment where every team member can thrive both personally and professionally.

Pricing

Price
£5,000 to £1,000,000 a licence a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Matt@truecompliance.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.