STERLING DCS LIMITED

Sterling

Cost & Carbon Estimating for the Built Environment. Sterling Core is designed for BoQ, Cost Planning and Estimating. Package Manager allows Estimates to be packaged and sent to Subcontractors online for consistent bid comparison. Lifecycle aligns with RICS NRM3/ICMS providing cost & carbon transparency to maximise capital and operational value.

Features

• Estimating, Cost Planning and BoQ preparation
• Cost & Carbon Estimating
• 2D Take-off
• 3D Take-off
• Package Management
• Life cycle estimating (aligned with RICS NRM3/ICMS)
• SaaS and fully accesible within a browsers
• Library Management Resources (Labour, Plant, Material, etc) and Complex
• Mapping to Multiple Breakdown Structures
• Reporting Engine and API's

Benefits

• Top down and bottom up estimating
• Full Project Lifecycle Support: From concept to contract execution
• Informed Decision-Making
• Generate both cost and carbon values
• Delivery Partners quote for their work packages within Sterling
• Multiple industry breakdown structures are included as standard
• Manage the cost and carbon rates in a Library
• Centrally managed libraries to manage cost and carbon items
• Empowers organisations to calculate and control carbon reporting in-house
• Meet aspirations & attract talent providing contemporary and future-proof tools

£720.00 a user a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@sterling-dcs.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

929990966949180

Contact

James Hunter
01245808114
sales@sterling-dcs.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: No constraints
• System requirements:
  • Modern Web Browser (Edge, Firefox, Chrome, Safari, etc)
  • Internet Connection

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 4 Working hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: Testing with assistive technology users has not yet been completed
• Onsite support: Onsite support
• Support levels: Standard and Advanced Support options available. Advanced has a premium of 25% payment and included faster responses and higher SLA's
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Standard onboarding process which has been tested, reviewed and improved over the period of Sterling adoption. Online training material provided as standard, onsite training also available and is priced based on client requirements.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: All data is owned by client and can either be exported via the inbuilt XLS exports, via the report write or via the provided APIs
• End-of-contract process: No additional costs at End of Contract

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Sterling is built with an API first approach, meaning that all clients have access to secure APIs to access all of their own data.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: We run all clients on dedicated resources, and have load balancing in place to ensure no single user is affected by the activities/actions of other users.

Analytics

• Service usage metrics: Yes
• Metrics types: User Login (Time, Date, Location), Activity on Project activity
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users can easily export their data through our platform's intuitive interface. We provide user-friendly tools that allow for seamless extraction of data in standard formats, such as CSV or Excel. Additionally, users can customise export options to select specific data subsets or time ranges based on their needs. Our platform ensures data integrity and security during the export process, with built-in encryption and authentication mechanisms. Through this streamlined approach, users can efficiently access and utilise their data for analysis, reporting, or migration purposes.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • CSV
  • XLS, XLSX
  • Json
  • Xml
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XLS
  • XLSX
  • PDF, DWG, DGN, DXF
  • IFC, Revit, Navisworks

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We guarantee a high level of availability for our service, operating at a minimum uptime of 99.5%. This commitment is outlined in our Service Level Agreement (SLA), which clearly defines the expected availability levels and the corresponding compensation measures in the event of unmet targets.; ; Our SLA specifies that if we fail to meet the guaranteed availability level within a specified monitoring period, users are entitled to compensation in the form of service credits or refunds. The amount of compensation is determined based on the extent of the outage and its impact on the user's business operations.; ; Users are promptly notified of any incidents or outages through our outage reporting mechanisms, including a public dashboard, API, and email alerts. Additionally, we provide regular reports on service performance and uptime metrics to ensure transparency and accountability.; ; Our dedicated support team works closely with users to address any issues and minimise downtime. We also conduct thorough root cause analysis for major incidents to identify underlying causes and implement preventive measures.; ; Overall, our commitment to guaranteed availability and transparent SLAs underscores our dedication to providing a reliable and resilient service experience for our users.
• Approach to resilience: Our service is meticulously designed with resilience at its core, ensuring high availability and continuity of operations even in the face of disruptions. Our approach to resilience encompasses multiple layers of redundancy and failover mechanisms across all critical components.; ; At the infrastructure level, our data centre setup is built with robust redundancy measures, including multiple geographically distributed data centres with failover capabilities. This setup ensures that our service remains operational even in the event of a data centre failure or regional outage. Detailed documentation outlining our data centre resilience strategies is available upon request.; ; Moreover, our application architecture incorporates fault-tolerant design principles, such as load balancing, auto-scaling, and distributed caching. These measures enable our system to dynamically adapt to fluctuating loads and mitigate the impact of individual component failures.; ; Furthermore, we regularly conduct resilience testing and disaster recovery drills to validate our readiness and identify areas for improvement. This proactive approach ensures that our service remains resilient in the face of evolving threats and challenges.; ; By implementing a comprehensive resilience strategy, we prioritise the uninterrupted availability and reliability of our service, providing peace of mind to our users and stakeholders.
• Outage reporting: Our service employs a multi-tiered approach to promptly report any outages and ensure transparency with our users. Firstly, we maintain a public dashboard accessible to all users, providing real-time updates on service status and any ongoing incidents or outages. This dashboard offers visibility into system health and performance metrics, empowering users to stay informed.; ; Additionally, we offer an API that enables automated monitoring and integration with third-party tools or internal systems. This API allows users to retrieve outage information programmatically, facilitating proactive incident management and response.; ; Furthermore, we leverage email alerts to notify users directly in the event of an outage. These alerts are sent to subscribed users, providing timely notifications and updates on the status of the outage, as well as any remedial actions being taken.; ; By combining these reporting mechanisms, we ensure comprehensive coverage and accessibility for users to stay informed about any service disruptions. This proactive approach minimises downtime and enables efficient incident resolution, ultimately enhancing user experience and satisfaction.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to management interfaces and support channels is tightly controlled to safeguard system integrity and data confidentiality. Role-based access controls limit permissions based on job responsibilities, ensuring least privilege access. Multi-factor authentication adds an extra layer of security, mitigating unauthorised access risks. Additionally, IP whitelisting restricts access to predefined locations, further bolstering defence mechanisms. Regular audits and reviews maintain compliance and identify any access anomalies for immediate remediation. Our stringent access restriction measures guarantee confidentiality, integrity, and availability of resources across all operational facets.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: While our security governance is not certified to a standard, we adhere to industry best practices and frameworks to ensure robust protection. Our approach involves establishing clear policies, procedures, and controls aligned with security objectives. Regular risk assessments and audits inform governance decisions, ensuring continuous improvement and compliance. Collaboration across teams fosters a culture of security awareness and accountability. We prioritise regular training and awareness programs to empower personnel in adhering to security protocols. Our agile governance approach adapts to evolving threats and regulatory requirements, maintaining a proactive stance against cybersecurity risks.
• Information security policies and processes: We adhere to a comprehensive set of information security policies and processes to safeguard our systems and data. Our policies cover areas such as data classification, access control, encryption, incident response, and employee security awareness. These policies are regularly reviewed and updated to align with industry standards and regulatory requirements.; ; Our reporting structure ensures accountability and oversight. A dedicated Information Security Officer oversees the implementation and enforcement of policies. Reporting lines extend through various departments, ensuring clear communication and co-ordination. Regular audits and assessments validate policy adherence and identify areas for improvement.; ; To ensure policies are followed, we employ a multi-faceted approach. Regular training and awareness programs educate employees on their responsibilities and the importance of security practices. Access controls and role-based permissions limit access to sensitive information, reducing the risk of unauthorised access. Continuous monitoring and logging enable real-time detection of policy violations, triggering immediate corrective actions.; ; Moreover, periodic reviews and assessments evaluate the effectiveness of our security policies and processes. Any gaps or deficiencies identified are addressed promptly through remediation plans and policy updates. By integrating security into our organisational culture and workflows, we ensure ongoing compliance and resilience against emerging threats.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Our configuration and change management processes ensure meticulous tracking and oversight. Components undergo lifecycle tracking, enabling seamless management from inception to retirement. Changes undergo rigorous security assessments to mitigate potential impacts. Our approach guarantees robustness and security throughout, ensuring optimal performance and resilience.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our vulnerability management process is comprehensive and swift. We proactively assess potential threats through continuous monitoring and threat intelligence gathering. Rapid patch deployment is ensured through streamlined procedures and automated tools, minimising exposure windows. We source threat intelligence from reputable industry sources, security advisories, and collaborative networks, ensuring up-to-date insights and effective mitigation strategies.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Our protective monitoring processes employ advanced techniques for prompt threat detection and response. Potential compromises are identified through real-time monitoring, anomaly detection, and behavioural analytics, ensuring early detection of suspicious activities. Upon detection, our dedicated response team initiates swift action, following predefined incident response protocols to contain and mitigate the impact. Response times are expedited through automated alerts and orchestrated workflows, ensuring rapid intervention and minimising downtime or data exposure. Our proactive approach guarantees effective protection against emerging threats and swift resolution of security incidents.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our incident management processes are robust and user-friendly. Pre-defined processes for common events ensure swift and structured response, minimising disruption. Users report incidents via intuitive channels, including dedicated portals and support tickets, ensuring accessibility and efficiency. Incident reports are promptly generated, offering comprehensive insights into the event, its impact, and remedial actions taken. Transparent communication channels keep stakeholders informed throughout the incident lifecycle, fostering trust and accountability. Our approach prioritises rapid resolution, continuous improvement, and proactive risk mitigation.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Sterling is designed to help construction companies calculate and improve carbon on their construction projects.

Pricing

• Price: £720.00 a user a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@sterling-dcs.com. Tell them what format you need. It will help if you say what assistive technology you use.