EcoOnline

COSHH Management Software

A leading cloud-based chemical management tool that gives control back to employees who manage chemical safety. Our COSHH Management and Risk Assessment software lets your employees easily create usable, relevant and compliant risk assessments that will help you in managing the risks associated with chemical usage.

Features

  • COSHH MANAGEMENT: Making it easy to manage COSHH related risks
  • CHEMICAL RISK MAPPING: Map out different hazard groups automatically
  • COSHH RISK ASSESSMENT: Build compliant task based risk assessments
  • CUSTOMISED COSHH ASSESSMENTS: Build your own COSHH assessment Template
  • COSHH ASSESSMENT BUILDER: Step-by-step process in the creation of assessments

Benefits

  • Deliver relevant, focused COSHH/chemical risk assessments to your staff
  • Design a template specific to the needs of your organisation
  • Full management of revision numbers and archiving of old assessments
  • Log all updates to COSHH/chemical assessments by registered users
  • Avail of pre-filled GHS classification information
  • Instant access to information for your staff
  • Users can download PDFs of COSHH/Chemical Assessments quickly
  • Efficiently manage user read confirmation from one central location
  • Calculate the degree of risk with mapping tools
  • Ability to create complex risk matrices - 3x3, 5x5

Pricing

£240 to £2,000 a user a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at marketing.feed@ecoonline.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

9 7 1 5 2 9 4 4 3 2 5 0 8 7 5

Contact

EcoOnline Emma Evans
Telephone: 0151 289 6811
Email: marketing.feed@ecoonline.com

Service scope

Software add-on or extension
Yes
What software services is the service an extension to
EcoOnline EHS
Cloud deployment model
Private cloud
Service constraints
Up to date internet browser
System requirements
  • Web browser (no special plug-ins required)
  • Network access
  • Apple or Android phone (for the Mobile App)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Support hours are Monday to Friday 9:00am to 5:30pm

Priority 1 - Major Defect - Within two (2) business hours.
Priority 2 - Critical Defect - Within four (4) business hours.
Priority 3 - Non-Critical Defect - Within twelve (12) business hours.
Priority 4 - Error - Within twenty-four (24) business hours.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Priority 1 - Major Defect
The entire Software Service is “down” and inaccessible to all Authorised Users. Priority 1 incidents shall be reported by telephone only.
Response Time : Within two (2) business hours.
Target resolution time : Eight (8) business hours. Continuous effort after initial response and with Client co-operation.

Priority 2 - Critical Defect
Operation of the Software Service is severely degraded, or major components of the Software Service are not operational, and work cannot reasonably continue. Priority 2 incidents shall be reported by telephone only.

Response Time : Within four (4) business hours.
Target resolution time : Within two (2) business days after initial response.

Priority 3 - Non-Critical Defect
Certain non-essential features of the Software Service are impaired while most major components of the Software Service remain functional.
Response Time : Within twelve (12) business hours.
Target resolution time : Within fifteen (15) days after initial response.

Priority 4 - Error
Errors that are non-disabling or cosmetic and have little or no impact on the normal operation of the Software Service.
Response Time : Within twenty-four (24) business hours.
Target resolution time : Next Maintenance Event.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
The EcoOnline professional services team will provide a full setup of the EcoOnline system which comprises of onsite visits to understand the businesses requirements and objectives, User Acceptance Tests (UATs) and product delivery/roll-out. Built-in online help and documentation is provided coupled with classroom based train the trainer sessions.
Service documentation
No
End-of-contract data extraction
EcoOnline EHS has a built-in export function to extract data on a module by module basis. However when leaving a platform like EcoOnline users usually requires large volumes of data and some form of re-structuring which is done upon their instruction.
End-of-contract process
Upon contract termination EcoOnline will act on the clients behalf to extract their data and structure in a format required. Depending on the amount of data and re-structuring will dictate the cost at our standard day rate.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The service is responsive and so will look different on some mobile browsers Vs a desktop browser
As well as being available on mobile browsers the service also has a dedicated mobile App available for Apple and Android devices
Service interface
No
User support accessibility
None or don’t know
API
Yes
What users can and can't do using the API
Yes, we have APIs or can offer direct access to a replica of our DataWarehouse which is a Microsoft SQL Server instance.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
As a best-practice solution, huge considerations have been made to ensure that our software is as feature rich as it is easy to use. Customisable forms and workflows, as well as flexible data relationships make the software highly configurable. Configuration is managed partly by our professional services team, but in the main it is managed by the clients system administrator(s)

Scaling

Independence of resources
EcoOnline monitor the compute resources, in real-time, and increase if needed.

Analytics

Service usage metrics
Yes
Metrics types
Metrics types

On request EcoOnline will provide the average and peak login concurrency on the system.
Reporting types

Reports on request
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users can either export at the module level from the user interface or contact Safety Software to make a complete export of the data.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
99.5%
Approach to resilience
Detailed information available upon request. EcoOnline is hosted only in world-class datacentres holding appropriate internationally-recognised accreditation and certification for their operations, security and resiliency.
Outage reporting
Nominated contacts are informed should there be a service outage.

Identity and authentication

User authentication needed
Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Only named personnel have access to the management interface and given authority to communicate with the support channel.
Access restriction testing frequency
At least once a year
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
SGS UK Ltd
ISO/IEC 27001 accreditation date
10/02/2014
What the ISO/IEC 27001 doesn’t cover
111 of the 114 controls in the 2013 standard are applicable to us. The following are not applicable: A.9.4.4 Use of privileged utility programs; A.11.1.6 Delivery and loading areas; A.14.1.3 Protecting application services transactions.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
We hold ISO/IEC 27001:2013 certification which was gained from a UKAS accredited certification body. It is the specification for an Information Security Management System (ISMS).
The Company will:
- Comply with all applicable laws, regulations and contractual obligations;
- Implement continual improvement initiatives, including risk assessment and treatment strategies, while making the best use of its management resources to meet and improve information security system’s requirements;
- Adopt an information security management system (ISMS) comprising of a security manual and procedures that provides direction and guidance on information security matters relating to employees, customers, suppliers and interested parties who come into contact with the Company’s work;
- Work closely with their Customers, Business Partners and Suppliers in seeking to establish Information Security Standards;
- Adopt a forward-looking view on future business decisions, including the continual review of risk evaluation criteria, which may have an impact on Information Security;
- Train all members of staff in their needs and responsibilities for Information Security Management;
- Constantly strive to meet, and when possible exceed, its customers and staff expectations.
- Communicate its Information Security objectives and its performance in achieving these objectives, throughout the Company and to interested parties.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
The organisation has policies and procedures in place pertaining to Annex A.12.1.2 Change management of ISO/IEC 27001:2013 and these are audited by our UKAS accredited certification body annually.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
The organisation has policies and procedures in place pertaining to Annex A.12.6.1 Management of technical vulnerabilities of ISO/IEC 27001:2013 and these are audited by our UKAS accredited certification body annually.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
The organisation has policies and procedures in place pertaining to Annex A.12.1.3 Capacity management of ISO/IEC 27001:2013 and these are audited by our UKAS accredited certification body annually.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
The organisation has policies and procedures in place pertaining to Annex A.16 Information security incident management of ISO/IEC 27001:2013 and these are audited by our UKAS accredited certification body annually.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

EcoOnline's SDS and COSHH Management module will allow you to identify and ultimately reduce the environmental hazards in your organisation
Wellbeing

Wellbeing

Due to poor health and safety, millions of workdays are lost due to work-related ill health and non-fatal workplace accidents.

We know that a lot of the occupational diseases and accidents could be avoided by increasing knowledge and easy to use information systems that helps companies identify, track, and eliminate risk at work.

Still, year on year an unacceptably high number of people work in unsafe and unhealthy work environments. Placing needless costs on the employees, the businesses, and the environment.

We must ask ourselves why? Why with all the information and guidelines available do we continue to have workplace incidents?

To break this paradox, EcoOnline are passionate about developing user-friendly digital software that improves the flow of information and streamlines all documentation needed to reduce risks due to factors in the workplace.

At EcoOnline we use innovative technology to help our clients build a deeper understanding of their operational and EHS risks. By designing EHS software with ease of use at its core, we lower the barrier so that anyone can report incidents, near misses or other important events – wherever they are.

We use data captures and connect these to drill down into the root cause of the incidents, risks, or emissions. Through easy to use and understand dashboards everyone can take a role in spotting trends, corrective actions and contribute to protect employees, contractors, customers, and the public.

Pricing

Price
£240 to £2,000 a user a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
We offer a free workshop where EcoOnline will come in and sit down with the prospect and work through a training program with them. Following this workshop a demo system will be made available for a short trial period.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at marketing.feed@ecoonline.com. Tell them what format you need. It will help if you say what assistive technology you use.