MRI Document Management
MRI Document Management aids paper-free digital transformation by providing digital document storage, indexing, OCR, and tagging.
Maintain GDPR compliance with time based retention and redaction features, and integrate with complimentary solutions via documented APIs.
Document Management allows fast retrieval of records including collation for Subject Access Requests and court packs.
Features
- Convert physical documents to searchable files - MRI Document Management.
- Integration with MRI or third-party Housing Management systems.
- Redaction capability with version control.
- Image, Video and Audio file support.
- Built-In digital Mail Distribution module (e-Post).
- In-Line Page Editing & Removal – MRI Document Management.
- Customisable Tag, Entity & Content Type lists.
- Provision Document Access to Tenants or Customers.
- Encrypted Document storage using MRI Document Management
- Automated deletion scheduling based on defined policies.
Benefits
- Helps with efficient document management of your property portfolio.
- Documented API for open integration with third party products.
- User configurable security, setup, and rules: using MRI Document Management
- Annual Fees provide predictable solution costs for budgeting.
- Fast, effective reporting, dashboards & auditing, MRI Document Management
- Enhances housing management productivity by your teams.
- Proven to enable compliance with GDPR standards.
- Delivery of enhanced housing management services to your clients.
- Securely hosted resulting in reduced on premise operating costs.
- Reduce wasted space with removal of filing cabinets.
Pricing
£30,063 to £94,392 a licence a year
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
9 5 6 3 8 0 0 0 5 7 1 0 3 7 6
Contact
MRI Software Limited
Claire Brown
Telephone: 020 3861 7100
Email: tenders@mrisoftware.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
-
Planned maintenance is typically scheduled outside of regular business hours.
The mobile solution is available on Android, iOS and Windows devices - System requirements
-
- Microsoft supported versions of their Internet Explorer/Edge browsers
- Current versions of Chrome
- Current versions of Safari
- Current versions of Firefox
- Microsoft SQL 2012 or later
- Windows Server 2012 or later
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- MRI’s Global Client Support group will make every reasonable effort to ensure that submitted cases are assigned the proper level of Severity. Submitted cases will be responded to in the order in which they are received, with consideration given for higher Severity levels. Bundled Service (Normal Priority 6 Hours, Serious Priority 3 hours, Critical Priority Live Call Only)
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 A
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- We include support within our annual fee. Support includes a named Account Manager and a Client Support Helpdesk. The Client Support Helpdesk also serves as the contact for all cloud support requests for trained users. Cases and incidents can be recorded and viewed in the myMRI portal on a 24/7 basis. The myMRI Portal provides clients with information on support cases, regardless of whether a call is logged via a phone call or via the portal. Various information, documentation, forums and resources are also available on the portal.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Clients will be provided with data loading file formats which can be used for the mass upload of the modular data. Throughout the project, our data migration consultant will advise on the mapping of fields to the current sources to ensure the data is loaded accurately. The process will be iterative, and as part of the validation exercise, our consultants will be in regular contact to advise on data cleansing and corrections as necessary.
On-boarding activities will vary from client to client, according to requirements. The on-boarding process differs for clients who already run MRI Document Management compared to those clients migrating from other applications. Activities may include, as required:
Provision of access to an appropriate environment
Provision of a URL to log onto the system
System Administrator log on credentials supplied
Configuration services
Integration with third-party systems
Data services including data migration.
MRI will manage the onboarding process, including migration activities, using its experienced consultants and project managers with processes based on PRINCE2. All onboarding activities will be agreed with the client and charged in accordance with the MRI DM SFIA rate card. - Service documentation
- Yes
- Documentation formats
-
- HTML
- Other
- Other documentation formats
- Word docs
- End-of-contract data extraction
- A full data extract is available via data export (this can be made available at time of contract termination agreement over SFTP (PGP / SSH).
- End-of-contract process
-
The data will be provided in a predetermined format. If there are requirements which are different from our standard approach, we can discuss these with Clients to draw up an appropriate exit plan.
The initial de-commissioning (powering down of client-server images and movement to non-production storage) takes place on the agreed date (e.g. contract end date) with permanent de-commissioning taking place one month after the initial de-commissioning date (backups removed, and server images purged).
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Full functionality is available on all devices although a tablet is the smallest screen size on which practical operation is sensible
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 A
- Description of service interface
- The application user interfaces are designed with untrained users in mind and provide a consistent approach to usability for all. We observe all usability standards and design for ease of use.
- Accessibility standards
- None or don’t know
- Description of accessibility
- We are committed to providing solutions that are accessible to the widest possible audience, regardless of technology or ability.
- Accessibility testing
- None
- API
- Yes
- What users can and can't do using the API
- There are a number of APIs designed for integration with third-party systems. Typically, they are used for data transfer and viewing of data between systems.
- API documentation
- Yes
- API documentation formats
- Other
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- There are a large number of system parameters which control the behaviour of the service in its various modules. Lookup lists can all be user-defined, albeit controlled by a comprehensive user permissions structure.
Scaling
- Independence of resources
- Each client has their own working environment with servers configured to match the client's requirements.
Analytics
- Service usage metrics
- No
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- Less than once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
- Physical access control, complying with another standard
- Data sanitisation process
- No
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- There are around 150 standard reports as part of the system. Each can be run with a huge number of data filters and can be exported to Excel, PDF, CSV etc.
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- Xml
- Word
- Excel
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- We use commercially reasonable efforts to ensure availability twenty -four (24) hours a day, seven (7) days a week, except for: (a) planned downtime (of which we provide adequate notice and will schedule to the extent practicable during the weekend hours), or (b) any unavailability caused by circumstances beyond our reasonable control, including without limitation, Force Majeure events or internet service provider failures or delays.
- Approach to resilience
- Available on request.
- Outage reporting
- The client support desk is used to manage client/support interaction for specific customer system issues. E-mail advisories are in place and used to alert multiple clients/contacts of unplanned outages.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- Public key authentication (including by TLS client certificate)
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
- Access to management services is restricted by user identity. As users are added to the system settings are used to define which apps, which features and what is accessible by a security level setting.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- Data centre infrastructure and associated services are managed according to ISO 27001. The least privilege required for a role principle is followed in all areas, server access is restricted to only those employees who have reason to access it.
- Information security policies and processes
- We have a documented Information Security Policies and a dedicated Information Security Team work under the direction of our Information Security Council, which is responsible for assessing information security policies, technologies, and strategies. The Information Security Council in conjunction with the Information Security Team evaluates the role, scope, and size of the Information Security Team annually, based on our company size, our client's industries and the sensitivity of the data we house for those clients.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Change management is a matter of regular review with the management team. At each review all new software fixes and enhancements are assessed for both overall impact on such as system security, performance and functionality before being approved for scheduling in the development plans. All new developments are the subject of an in depth analysis of security, functionality and practicality for inclusion in future releases
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Critical and Important updates are applied automatically upon release. Other updates are checked for relevance to software/operating system installation and are installed as part of the scheduled maintenance where relevant.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Protective monitoring and associated responses are managed according to ISO 27001:2013 controls and processes utilising a mixture of automated features at the security device level (e.g. automatic blocking based on severity/signatures) and manual interaction based on alerts (e.g. manual investigation of alert before intervention). Access to the application/infrastructure is restricted to authorised personnel.
- Incident management type
- Supplier-defined controls
- Incident management approach
- Comprehensive monitoring tools are used to highlight potential problems before they become an issue. A defined "Security Incident Management Policy" includes reporting mechanisms for both Information Technology and Physical Security incidents, incident logging, communication to internal and external parties, escalation, reporting, planning, implementation of preventative actions, securing / forensic evidence and continued improvement incident review.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
MRI is committed to managing environmental risks that are material to our business and to reducing our carbon footprint by enhancing the energy efficiency of our operations and reducing the amount of waste that our company produces. We do this by utilising some of our own solutions with sensors in our own offices to assess our space utilization, energy usage and setting a reduction plan. As well as improving our own position, we also look at ways to help our clients work towards using services that have less impact on our planet’s scarce resources. A good example is HomeSwapper, our national mutual exchange solution. HomeSwapper enables tenants to swap homes either locally or anywhere across the United Kingdom with another social housing tenant, often to reduce their commute to work or schools which has a direct impact on carbon emisisons in the region.Covid-19 recovery
We have fully embraced hybrid working and have recently formalised our flexible working model and different types of flexibility offered to all employees. We believe flexible working benefits our employees and the business. Our solutions available on this framework are all available remotely allowing our clients employees, users and contractors as applicable to work from any location in accordance with your approved working practices to allow flexibilityTackling economic inequality
Our employees are all contracted and salaried fairly, in line with the Living Wage standards. All of our employees are paid at least the minimum rates as stated under the current Living Wage. We do not employ anyone on zero hours contracts and have a strong commitment to regularly review salaries in line with our appraisal process. We have a number of apprentices in the business who we are supporting to complete degree level qualifications, who all receive above the apprentice minimum wage. We also offer a comprehensive benefits package for all our staff, which includes health and wellbeing support and access to private health care.Equal opportunity
We work hard to ensure our employees have a voice. Our business has various committees in place, such as a Diversity, Equity and Inclusion Committee and Employee Resource Groups, such as Women & Allies and LGBTQIA+, which help us understand how employees feel about working at MRI and help us drive forward inclusive events. We have also very recently launched our first ERG – employee resource group for Women and Allies. As a business with over 250 employees in the UK we are required to produce a Gender Pay Gap report. We very much welcome this initiative and our reports are available publically on our website. This report shows the impact we have on reducing our Gender Pay Gap and also highlights the many initiatives we have underway to further reduce our gap. This includes the development of our Flexible Working and Inclusive Policies initiatives, educating our People, People Managers and Business Leaders and working with external partners to attract a diverse staffbase.Wellbeing
Work hard, play hard. From the day we opened our doors, we set out to build flexible, game-changing solutions that would make people's lives better. We do this by providing our clients with solutions that enable them to provide better places to live, work, and do business. The only way to carry out that mission is to hire the best employees and keep them. We are dedicated to creating a working environment which supports and develops our staff. Some of the benefits that we offer are: Gym reimbursements, Medical assistance, including mental health tools, Flexible working opportunities, including hybrid working Employee engagement is key to MRI's success and we hold quarterly spirit weeks to both connect and enthuse our teams globally. These weeks are themed and where staff are encouraged to learn about different topics or take part in activities that they might not typically have time for. These include fitness sessions, cooking sessions, engagement with families for those working from home or targeting one big event where we can globally feel like we are one team with the same goal. We also carry out bi-annual employee engagement surveys to ensure employees can express their views.
Pricing
- Price
- £30,063 to £94,392 a licence a year
- Discount for educational organisations
- No
- Free trial available
- No