Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Hybrid cloud
- Service constraints
- Planned maintenance is broadcast to all Users during login and occurs outside of office hours. In-built support is available 24/7, including help articles and video tutorials, while our dedicated Help and Support team respond to calls and tickets raised via CEMAR's in-built support system during our office hours of 08:00 to 17:30.
- System requirements
-
- Internet Access
- Internet Browser (Internet Explorer, Google Chrome, Firefox, Safari, etc)
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- A team of expert Support Specialists are on-hand to support Users via a dedicated ticketing service, email and phone line. We aim to respond to all of support enquires within 1 hour during UK business hours, as well as maintain a customer satisfaction rating of over 98%.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Yes, at an extra cost
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web chat accessibility testing
- Zendesk's Web Widget Accessibility Conformance Report is available on their website. (https://support.zendesk.com/hc/en-us/articles/4408838287514-Making-Zendesk-products-accessible)
- Onsite support
- Yes, at extra cost
- Support levels
- We provide a fully integrated online Help Centre with video tutorials, help articles and quick start guides. Users may submit support tickets through the Help Centre or speak in person to one of our dedicated Support Specialists based in Gloucester, UK. We aim to respond to all support tickets within 60 minutes during business hours (actual performance < 20 minutes), as well as maintaining a customer satisfaction rating of over 98% (actual performance > 99%). Our Support Specialists are underpinned by an expert Consulting team of Industry Experts, alongside our Delivery Team of Solution Specialists who host CPD Certified training programmes and support onboarding. Clients also benefit from a dedicated Account Manager who lead regular Business Review Meetings and partner with our Customers to define and help achieve their desired outcomes.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- CEMAR is very intuitive to use and follows standard Windows conventions. As such we tend to train a small portion of Users, with most learning from colleagues or the materials provided online. We recommend a train the trainer approach whereby we provide expert CEMAR training for the core team and the system is then self-taught through the online support for the wider team. CEMAR’s classroom training is CPD certified and usually doubles as a very effective and collaborative “kick off” meeting. Practice contracts are used during training and remain for the duration of the service for teams to explore the features in safety. Together with the suite of online video tutorials and printable quick start guides makes CEMAR’s deployment fast, economical and efficient with as much or as little assistance from the team as you like. We also run a successful programme of webinar training.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- Other
- Other documentation formats
-
- Video Tutorials
- Help Articles
- Quick Start Guides
- End-of-contract data extraction
- Superusers may backup and download the communications archive for a contract at any time via the client administration module, this comprises a structured zip folder by event type containing every PDF hard copy communication and associated attachments.
- End-of-contract process
- There are no additional costs, the Superusers may backup and download the communications archive for a contract at any time.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- CEMAR is compatible with tablets and smartphones. It can be accessed from a tablet device, and communications created, viewed, and sent. However, it is not responsive to screen size so functionality is limited on a smartphone.
- Service interface
- No
- User support accessibility
- None or don’t know
- API
- Yes
- What users can and can't do using the API
- We provide an open CEMAR API and management service (powered by MuleSoft), allowing clients to retrieve but also update information within CEMAR by a series of GET/PUT/POST/PATCH calls, covering all relevant data relating to contracts and events.
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- The system is fully configurable by Superusers, enabling clients to be completely autonomous in the management of the system. Through intuitive setup wizards Superusers can create new users, add or remove access across contracts and adjust the governance settings. In addition to this, the Superusers can also create and edit contracts, framework templates, reporting structures and much more via the Client Administration Module.
Scaling
- Independence of resources
- CEMAR is hosted on a hybrid cloud platform combining both dedicated physical and virtual hosts. This affords flexibility and scalability allowing growth and demand requirements to be met dynamically. We perform regular performance testing and engage with specialist consultants to ensure that CEMAR is optimised at all times.
Analytics
- Service usage metrics
- Yes
- Metrics types
- PowerBI is fully integrated into the application for analytics and reporting. This provides users a global view of contracts for portfolio level reporting, with rich drill down capability, interactive visualisations, alongside lots of immersive dashboards and reports, which provide metrics on risk, quality, cost, time and communications & behaviours. This is summarised in a Contract Score metric which evaluates how effectively contracts are being managed, highlighting strong areas and those that need improvement to allow the successful delivery projects. This real-time 360 degree view enables users to benchmark and track team, supplier and contract performance.
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
- Physical access control, complying with SSAE-16 / ISAE 3402
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Exporting to Excel, Word, PDF and other formats is simple and convenient. All reports, registers and events can be downloaded by Users, both individually at a contract level or in aggregate across a project or portfolio of contracts.
- Data export formats
-
- CSV
- ODF
- Other
- Other data export formats
-
- XLSX
- Word
- Image
- Data import formats
-
- CSV
- ODF
- Other
- Other data import formats
- All file formats apart from .EXE
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- Operational 99.5% of the time except for planned downtime, assured by contractual commitment.
- Approach to resilience
- CEMAR is provided as Software as a Service (SaaS) on a secure hybrid cloud environment affording high availability with N+1 redundancy. CEMAR is hosted in geographically separate locations across the UK, our Primary Hosting site, our Backup site, and our Disaster Recovery site. Further information available on request.
- Outage reporting
- CEMAR shall post a message on the CEMAR System login page to warn Users, no later than one business day prior to any planned downtime.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
- Only BPSS security cleared and authorised thinkproject UK personnel, authorised hosting provider support teams and authorised database administrators have access to client data.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- TÜV Rheinland
- ISO/IEC 27001 accreditation date
- 14/03/2018
- What the ISO/IEC 27001 doesn’t cover
- Our Quality Management System, which is certified to ISO 9001:2015
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
-
- ISO 9001:2015 (Quality Management System)
- ISO 22301:2019 (Business Continuity Management)
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- All security policies and processes are managed under our ISO 27001 certified Information Security Management System (ISMS) and ISO 22301 certified Business Continuity Management System (BCMS). Both are subject to Quarterly Management meetings of the Information Security Board to review the ISMS and BCMS.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- All development is in-house and carried out in accordance to our ISO27001 information security management system and ISO9001 certified quality management system. Azure DevOps is utilised across the in-house development team. CEMAR engages external security consultants to penetration test the CEMAR application to CHECK standard. Accredited to CESG / CREST and ISO 27001 standards, our security consultants are qualified to carry out penetration testing and IT Health Check services for HMG and private sector organisations. Penetration testing is carried out at least annually and at any major upgrade release.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Cisco Adaptive Security Appliances (ASAs), FirePower subscription, Enterprise DDoS protection delivered through Arbor and Cloudflare DDoS, Web Application Firewall (WAF) and Content Delivery Network (CDN). Infrastructure is protected by Sophos Cloud Endpoint Security and Control. In addition to application and organisation testing & auditing we also carry vulnerability scans of CEMAR and the company networks. IOMART Group manage all infrastructure and deploy patches in accordance with our release schedule. Any application vulnerabilities would be managed under high priority through our Agile process. The above systems provide real time dashboards and notify by email alerts.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- In addition to our hosting provider and our monitoring alerts CEMAR is protected by Cloudflare DDoS and Web Application Firewall (WAF) which automatically manages any potential compromise.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- We have an Incident Management procedure within our ISO 27001 certified ISMS. Users can track and log events via 24/7 online support ticket service. Incident reports are available at request.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
- Public Services Network (PSN)
Social Value
- Fighting climate change
-
Fighting climate change
As a purpose-driven company, Thinkproject is committed to and invested in our sustainability efforts focused on People, Planet and Prosperity – it is an integral part of our company strategy. Our work in sustainability is a continuous journey. For now, we focus on three areas: responsible business, environmental sustainability and diversity & inclusion.
The built environment, which corresponds to everything people live in and around such as housing, transport infrastructure, services networks or public spaces, requires vast amounts of resources. The aim of Thinkproject’s solutions will be to increase material efficiency and to reduce climate impacts of the built environment, particularly promoting circularity principles throughout the life cycle of buildings.
The use of recycled materials as well as digitalisation and digital content access promotes actionable data and proactive maintenance and repair processes which will influence carbon reduction significantly, reduce unnecessary document production, reduce unnecessary travel/fuel and therefore reduce carbon output and waste. In this way, Building Information Modelling (BIM) and digital, efficient Asset Management will play a key role in the design, construction and continuing operation of green buildings and infrastructure.
Thinkproject’s ambition is to work with customers and stakeholders towards the delivery of actionable insights to support high quality buildings and infrastructure with near zero environmental impacts that mitigate climate, legislative and energy price escalation risks. Sustainability across the asset lifecycle is a core part of our strategy.
- Covid-19 recovery
-
Covid-19 recovery
During the recent stages of the pandemic Thinkproject executed a full risk assessed plan which we would be happy to share and provide advise to our customers.
As an inclusive organisation the following principles were observed with regular messaging:
*Establishment of full virtual working capability, leading to an employees choice of virtual or home working today
* Office closures where relevant, advisory for client office visits
* Full COVID measures and associated advice e.g. sanistiser stations, social distances arrangements and limitations to office attendance
* Regular messaging of government advice and associated employer advise
* Regular risk assessment of office and employee risk at managerial / operation levelWith these in place Thinkproject has experienced a relatively minor impact from COVID19 and has continued t work effectively with its customers. Choices of virtual, office or home work still remain to promote flexibility and wellbeing amongst our staff and we continue to monitor government advice to minimise customer impact and to ensure we adhere to safe working practice for our employees.
Our continuing support for equality and economic equality based upon efforts to include, upskill, educate and mentor people returning to work, seeking greater opportunity extends to COVID recovery and we will work with customers as necessary to identify and support such opportunities to people and communities affected by COVID. During the recent years of the pandemic, Thinkproject have proven our capability to deploy, implement, deliver and support our solutions digitally and remotely ensuring minimal disruptions through the recent period of pandemic measures. - Tackling economic inequality
-
Tackling economic inequality
To help tackle economic equality Thinkproject can support in-work progression and skills development which may be valuable to later employment opportunity, entrepreneurship or to the growth of new organisations.
Thinkproject can discuss the provision of in-contract work placement for individuals to work alongside our own staff as a work placement during our delivery to our customers to enhance skills and experience leading to further employment and opportunity. These can be specifically targeted to disadvantaged individuals, in low skills areas or high growth sectors such as information technology.
We can discuss the potential provision of training and mentoring to address skills gaps and help with skills and experience that may leading to additional qualification for the attendee therefore helping to raise economic equality and skills within the contract locality.
Thinkproject would be happy to discuss these opportunities with our customers, discussing how we can work with customers to influence staff, suppliers, customers and communities through the delivery of contracts to support Policy Outcome, e.g. engagement, co-design/creation, training and education, partnering/collaborating, volunteering as recommended within The Social Value model.
- Equal opportunity
-
Equal opportunity
Thinkproject promotes equal opportunity. In discussion with customers we can help employment, retraining and return to work through initiatives supported by our management and executive team providing voluntary work to present career and mentoring presentations, sharing our history, best practices and ideas to allow people to discover or understand a path to employment or re-education that they may feel is a block to them. It is possible that we could provide mentoring and work experience roles for identified individuals during our implementation / delivery to provide immediate work experience and direction where appropriate.
Thinkproject could also support in-work progression and skills development which may be valuable to later equal employment opportunity or educational attainment in the workplace by proving an in-contract work placement for individual to work alongside our own staff as a work placement during our delivery to our customers.
We are open to working with our customers to demonstrate our own equal opportunities practices and also work together with them to promote this as a social value outcome.
- Wellbeing
-
Wellbeing
As a purpose-driven company, we are committed to and invested in our sustainability efforts which focused on People as well as Planet and Prosperity. Wellbeing is primarily focussed on people and as one of the UK Best Workplaces for Wellbeing 2022 Thinkproject will be happy to share the idea of our employee wellbeing initiatives that will be directly applicable to the workforce. We actively:
We support the health and wellbeing - including physical and mental health - in the workforce by provision of annual Headspace subscriptions, and organised by FALCO - our external HR organisation - we promote social activities for inclusion such as team-building themed social events.
Think project have dedicated policies communicated through mandatory educational training to promote wellbeing, health and safety at work and whilst working a home / an alternative office.
Thinkproject employees are also encouraged to seek wellbeing for themselves and others externally and as such are allocated 2 day per year to spending on social value focused initiatives. For example our staff could support community assistance via its employees to such initiatives such as but not limited to Help for the Homeless, Shelter, Food Banks/Canteens or Tree Planting activities.
Pricing
- Price
- £316 a licence a month
- Discount for educational organisations
- Yes
- Free trial available
- No
Service documents
-
Pricing document
PDF
-
Skills Framework for the Information Age rate card
PDF
-
Service definition document
PDF
-
Terms and conditions
PDF
-
Modern Slavery statement
PDF
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info.tpuk@thinkproject.com. Tell them what format you need. It will help if you say what assistive technology you use.