CEMAR (Contract Event Management and Reporting) (2024)

Service scope

Software add-on or extension

Cloud deployment model
Hybrid cloud

Service constraints
Planned maintenance is broadcast to all Users during login and occurs outside of office hours. In-built support is available 24/7, including help articles and video tutorials, while our dedicated Help and Support team respond to calls and tickets raised via CEMAR's in-built support system during our office hours of 08:00 to 17:30.
System requirements
  • Internet Access
  • Internet Browser (Internet Explorer, Google Chrome, Firefox, Safari, etc)

User support

Email or online ticketing support
Email or online ticketing

Support response times
A team of expert Support Specialists are on-hand to support Users via a dedicated ticketing service, email and phone line. We aim to respond to all of support enquires within 1 hour during UK business hours, as well as maintain a customer satisfaction rating of over 98%.

User can manage status and priority of support tickets

Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549

Phone support

Phone support availability
9 to 5 (UK time), Monday to Friday

Web chat support
Yes, at an extra cost

Web chat support availability
9 to 5 (UK time), Monday to Friday

Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549

Web chat accessibility testing
Zendesk's Web Widget Accessibility Conformance Report is available on their website. (https://support.zendesk.com/hc/en-us/articles/4408838287514-Making-Zendesk-products-accessible)

Onsite support
Yes, at extra cost

Support levels
We provide a fully integrated online Help Centre with video tutorials, help articles and quick start guides. Users may submit support tickets through the Help Centre or speak in person to one of our dedicated Support Specialists based in Gloucester, UK. We aim to respond to all support tickets within 60 minutes during business hours (actual performance < 20 minutes), as well as maintaining a customer satisfaction rating of over 98% (actual performance > 99%). Our Support Specialists are underpinned by an expert Consulting team of Industry Experts, alongside our Delivery Team of Solution Specialists who host CPD Certified training programmes and support onboarding. Clients also benefit from a dedicated Account Manager who lead regular Business Review Meetings and partner with our Customers to define and help achieve their desired outcomes.

Support available to third parties

Onboarding and offboarding

Getting started
CEMAR is very intuitive to use and follows standard Windows conventions. As such we tend to train a small portion of Users, with most learning from colleagues or the materials provided online. We recommend a train the trainer approach whereby we provide expert CEMAR training for the core team and the system is then self-taught through the online support for the wider team. CEMAR’s classroom training is CPD certified and usually doubles as a very effective and collaborative “kick off” meeting. Practice contracts are used during training and remain for the duration of the service for teams to explore the features in safety. Together with the suite of online video tutorials and printable quick start guides makes CEMAR’s deployment fast, economical and efficient with as much or as little assistance from the team as you like. We also run a successful programme of webinar training.

Service documentation
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Video Tutorials
  • Help Articles
  • Quick Start Guides

End-of-contract data extraction
Superusers may backup and download the communications archive for a contract at any time via the client administration module, this comprises a structured zip folder by event type containing every PDF hard copy communication and associated attachments.

End-of-contract process
There are no additional costs, the Superusers may backup and download the communications archive for a contract at any time.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera

Application to install

Designed for use on mobile devices

Differences between the mobile and desktop service
CEMAR is compatible with tablets and smartphones. It can be accessed from a tablet device, and communications created, viewed, and sent. However, it is not responsive to screen size so functionality is limited on a smartphone.

Service interface

User support accessibility
None or don’t know


What users can and can't do using the API
We provide an open CEMAR API and management service (powered by MuleSoft), allowing clients to retrieve but also update information within CEMAR by a series of GET/PUT/POST/PATCH calls, covering all relevant data relating to contracts and events.

API documentation
API documentation formats
  • Open API (also known as Swagger)
  • PDF

API sandbox or test environment

Customisation available

Description of customisation
The system is fully configurable by Superusers, enabling clients to be completely autonomous in the management of the system. Through intuitive setup wizards Superusers can create new users, add or remove access across contracts and adjust the governance settings. In addition to this, the Superusers can also create and edit contracts, framework templates, reporting structures and much more via the Client Administration Module.


Independence of resources
CEMAR is hosted on a hybrid cloud platform combining both dedicated physical and virtual hosts. This affords flexibility and scalability allowing growth and demand requirements to be met dynamically. We perform regular performance testing and engage with specialist consultants to ensure that CEMAR is optimised at all times.


Service usage metrics

Metrics types
PowerBI is fully integrated into the application for analytics and reporting. This provides users a global view of contracts for portfolio level reporting, with rich drill down capability, interactive visualisations, alongside lots of immersive dashboards and reports, which provide metrics on risk, quality, cost, time and communications & behaviours. This is summarised in a Contract Score metric which evaluates how effectively contracts are being managed, highlighting strong areas and those that need improvement to allow the successful delivery projects. This real-time 360 degree view enables users to benchmark and track team, supplier and contract performance.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019

Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations

Data storage and processing locations
United Kingdom

User control over data storage and processing locations

Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)

Penetration testing frequency
At least once a year

Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider

Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402

Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed

Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Exporting to Excel, Word, PDF and other formats is simple and convenient. All reports, registers and events can be downloaded by Users, both individually at a contract level or in aggregate across a project or portfolio of contracts.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • PDF
  • XLSX
  • Word
  • Image
Data import formats
  • CSV
  • ODF
  • Other

Other data import formats
All file formats apart from .EXE

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Operational 99.5% of the time except for planned downtime, assured by contractual commitment.

Approach to resilience
CEMAR is provided as Software as a Service (SaaS) on a secure hybrid cloud environment affording high availability with N+1 redundancy. CEMAR is hosted in geographically separate locations across the UK, our Primary Hosting site, our Backup site, and our Disaster Recovery site. Further information available on request.

Outage reporting
CEMAR shall post a message on the CEMAR System login page to warn Users, no later than one business day prior to any planned downtime.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Access restrictions in management interfaces and support channels
Only BPSS security cleared and authorised thinkproject UK personnel, authorised hosting provider support teams and authorised database administrators have access to client data.

Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information

How long user audit data is stored for
At least 12 months

Access to supplier activity audit information
Users contact the support team to get audit information

How long supplier audit data is stored for
At least 12 months

How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification

Who accredited the ISO/IEC 27001
TÜV Rheinland

ISO/IEC 27001 accreditation date

What the ISO/IEC 27001 doesn’t cover
Our Quality Management System, which is certified to ISO 9001:2015

ISO 28000:2007 certification

CSA STAR certification

PCI certification

Cyber essentials

Cyber essentials plus

Other security certifications
Any other security certifications
  • ISO 9001:2015 (Quality Management System)
  • ISO 22301:2019 (Business Continuity Management)

Security governance

Named board-level person responsible for service security

Security governance certified

Security governance standards
ISO/IEC 27001

Information security policies and processes
All security policies and processes are managed under our ISO 27001 certified Information Security Management System (ISMS) and ISO 22301 certified Business Continuity Management System (BCMS). Both are subject to Quarterly Management meetings of the Information Security Board to review the ISMS and BCMS.

Operational security

Configuration and change management standard
Supplier-defined controls

Configuration and change management approach
All development is in-house and carried out in accordance to our ISO27001 information security management system and ISO9001 certified quality management system. Azure DevOps is utilised across the in-house development team. CEMAR engages external security consultants to penetration test the CEMAR application to CHECK standard. Accredited to CESG / CREST and ISO 27001 standards, our security consultants are qualified to carry out penetration testing and IT Health Check services for HMG and private sector organisations. Penetration testing is carried out at least annually and at any major upgrade release.

Vulnerability management type
Supplier-defined controls

Vulnerability management approach
Cisco Adaptive Security Appliances (ASAs), FirePower subscription, Enterprise DDoS protection delivered through Arbor and Cloudflare DDoS, Web Application Firewall (WAF) and Content Delivery Network (CDN). Infrastructure is protected by Sophos Cloud Endpoint Security and Control. In addition to application and organisation testing & auditing we also carry vulnerability scans of CEMAR and the company networks. IOMART Group manage all infrastructure and deploy patches in accordance with our release schedule. Any application vulnerabilities would be managed under high priority through our Agile process. The above systems provide real time dashboards and notify by email alerts.

Protective monitoring type
Supplier-defined controls

Protective monitoring approach
In addition to our hosting provider and our monitoring alerts CEMAR is protected by Cloudflare DDoS and Web Application Firewall (WAF) which automatically manages any potential compromise.

Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402

Incident management approach
We have an Incident Management procedure within our ISO 27001 certified ISMS. Users can track and log events via 24/7 online support ticket service. Incident reports are available at request.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks

Connected networks
Public Services Network (PSN)

Social Value

Fighting climate change

Fighting climate change

As a purpose-driven company, Thinkproject is committed to and invested in our sustainability efforts focused on People, Planet and Prosperity – it is an integral part of our company strategy. Our work in sustainability is a continuous journey. For now, we focus on three areas: responsible business, environmental sustainability and diversity & inclusion.

The built environment, which corresponds to everything people live in and around such as housing, transport infrastructure, services networks or public spaces, requires vast amounts of resources. The aim of Thinkproject’s solutions will be to increase material efficiency and to reduce climate impacts of the built environment, particularly promoting circularity principles throughout the life cycle of buildings.

The use of recycled materials as well as digitalisation and digital content access promotes actionable data and proactive maintenance and repair processes which will influence carbon reduction significantly, reduce unnecessary document production, reduce unnecessary travel/fuel and therefore reduce carbon output and waste. In this way, Building Information Modelling (BIM) and digital, efficient Asset Management will play a key role in the design, construction and continuing operation of green buildings and infrastructure.  

Thinkproject’s ambition is to work with customers and stakeholders towards the delivery of actionable insights to support high quality buildings and infrastructure with near zero environmental impacts that mitigate climate, legislative and energy price escalation risks.   Sustainability across the asset lifecycle is a core part of our strategy.

Covid-19 recovery

Covid-19 recovery

During the recent stages of the pandemic Thinkproject executed a full risk assessed plan which we would be happy to share and provide advise to our customers.
As an inclusive organisation the following principles were observed with regular messaging:
*Establishment of full virtual working capability, leading to an employees choice of virtual or home working today
* Office closures where relevant, advisory for client office visits
* Full COVID measures and associated advice e.g. sanistiser stations, social distances arrangements and limitations to office attendance
* Regular messaging of government advice and associated employer advise
* Regular risk assessment of office and employee risk at managerial / operation level

With these in place Thinkproject has experienced a relatively minor impact from COVID19 and has continued t work effectively with its customers. Choices of virtual, office or home work still remain to promote flexibility and wellbeing amongst our staff and we continue to monitor government advice to minimise customer impact and to ensure we adhere to safe working practice for our employees.
Our continuing support for equality and economic equality based upon efforts to include, upskill, educate and mentor people returning to work, seeking greater opportunity extends to COVID recovery and we will work with customers as necessary to identify and support such opportunities to people and communities affected by COVID. During the recent years of the pandemic, Thinkproject have proven our capability to deploy, implement, deliver and support our solutions digitally and remotely ensuring minimal disruptions through the recent period of pandemic measures.

Tackling economic inequality

Tackling economic inequality

To help tackle economic equality Thinkproject can support in-work progression and skills development which may be valuable to later employment opportunity, entrepreneurship or to the growth of new organisations.

Thinkproject can discuss the provision of in-contract work placement for individuals to work alongside our own staff as a work placement during our delivery to our customers to enhance skills and experience leading to further employment and opportunity. These can be specifically targeted to disadvantaged individuals, in low skills areas or high growth sectors such as information technology.

We can discuss the potential provision of training and mentoring to address skills gaps and help with skills and experience that may leading to additional qualification for the attendee therefore helping to raise economic equality and skills within the contract locality.

Thinkproject would be happy to discuss these opportunities with our customers, discussing how we can work with customers to influence staff, suppliers, customers and communities through the delivery of contracts to support Policy Outcome, e.g. engagement, co-design/creation, training and education, partnering/collaborating, volunteering as recommended within The Social Value model.

Equal opportunity

Equal opportunity

Thinkproject promotes equal opportunity. In discussion with customers we can help employment, retraining and return to work through initiatives supported by our management and executive team providing voluntary work to present career and mentoring presentations, sharing our history, best practices and ideas to allow people to discover or understand a path to employment or re-education that they may feel is a block to them. It is possible that we could provide mentoring and work experience roles for identified individuals during our implementation / delivery to provide immediate work experience and direction where appropriate.

Thinkproject could also support in-work progression and skills development which may be valuable to later equal employment opportunity or educational attainment in the workplace by proving an in-contract work placement for individual to work alongside our own staff as a work placement during our delivery to our customers.

We are open to working with our customers to demonstrate our own equal opportunities practices and also work together with them to promote this as a social value outcome.



As a purpose-driven company, we are committed to and invested in our sustainability efforts which focused on People as well as Planet and Prosperity. Wellbeing is primarily focussed on people and as one of the UK Best Workplaces for Wellbeing 2022 Thinkproject will be happy to share the idea of our employee wellbeing initiatives that will be directly applicable to the workforce. We actively:

We support the health and wellbeing - including physical and mental health - in the workforce by provision of annual Headspace subscriptions, and organised by FALCO - our external HR organisation - we promote social activities for inclusion such as team-building themed social events.

Think project have dedicated policies communicated through mandatory educational training to promote wellbeing, health and safety at work and whilst working a home / an alternative office.

Thinkproject employees are also encouraged to seek wellbeing for themselves and others externally and as such are allocated 2 day per year to spending on social value focused initiatives. For example our staff could support community assistance via its employees to such initiatives such as but not limited to Help for the Homeless, Shelter, Food Banks/Canteens or Tree Planting activities.


£316 a licence a month

Discount for educational organisations

Free trial available

Service documents

  • Pricing document


  • Skills Framework for the Information Age rate card


  • Service definition document


  • Terms and conditions


  • Modern Slavery statement


Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info.tpuk@thinkproject.com. Tell them what format you need. It will help if you say what assistive technology you use.

CEMAR (Contract Event Management and Reporting) (2024)


What is CEMAR contract management? ›

CEMAR is a dedicated contract management solution for NEC, FIDIC and other contract types. Created from a first-hand need to manage administrative demands, it has been developed by industry experts and practitioners and is acknowledged by name in all NEC4 contracts.

What are the advantages of CEMAR? ›

Reduces commercial risk through improved contract compliance. Autonomy through Superuser model (for-all-parties) with extensive help and support. Reminders, countdowns and alerts keep teams aware of outstanding actions. Extensive events log, communications archive and governance audit trail.

What is contract management reporting? ›

At a glance, it reveals overall contract statuses, upcoming renewals, and potential risks or opportunities – critical data for informed decision-making. Contract reporting also helps identify potential risks such as compliance issues, missed deadlines, or unfavorable terms.

What is the acronym CEMAR? ›

CEMAR. Contract Event Management and Reporting (software)

How do you explain contract management? ›

Contract management is the process of managing legally-binding agreements from initiation through to execution. Contract management activities include creation and negotiation, contract execution, contract compliance monitoring and renewal or close out.

Who should be responsible for contract management? ›

Regardless of organization type, one consistency is that contract managers are the primary individuals responsible for the creation and management of all contracts those organizations use. To successfully oversee contracts from drafting all the way to execution, contract managers need to be skilled in numerous areas.

What are the 6 contract management process? ›

TL;DR. The stages of contract management can be broken down into pre-signature (creation, negotiation/collaboration, and review/approval) and post-signature (administration/execution, renewal/termination, and reporting/tracking).

What is the duty of contract management? ›

Contract Manager Roles and Responsibilities

They're the main touchpoint for all parties involved, weaving their way through companies, departments, and employees. Their end goal? Ensuring timely execution, perfect compliance, and safe storage of all contracts across the enterprise.

Who created Cemar? ›

The company was founded in Gloucestershire in 2005. Ben Walker was part of a team constructing a major bypass around Gloucester. He felt a solution was needed for all the time being sacrificed on contract administration and created a prototype with the help of his father Andy and brother Dan.

What is CE in Cemar? ›

CE – Compensation Event. CE-CNTFD – Compensation Event (Contractor notified until 61.4 agreement) CE-SNTFD – Compensation Event (Subcontractor notified until 61.4 agreement)

What is QTE in construction? ›

About Quality Testing and Engineering

(QTE) was founded by Michael A. Widman in April of 2000 to provide a wide variety of construction material testing, geoteclmical engineering, and other development services.

What is civil contract management? ›

Contract management is the process of managing a project on behalf of the Employer. They can also be mandated to administer the contract. This could involve monitoring and managing the contract, but also cover other legally enforceable agreements, as signed by the parties, during its execution phase.

What is the difference between contract management and CLM? ›

CMS provides basic contract management tools, while CLM offers a more comprehensive suite of tools that cover the entire contract lifecycle. With CLM software being more automated, businesses can save time and reduce the need for manual intervention, resulting in faster contract-related processes.

Who created CEMAR? ›

The company was founded in Gloucestershire in 2005. Ben Walker was part of a team constructing a major bypass around Gloucester. He felt a solution was needed for all the time being sacrificed on contract administration and created a prototype with the help of his father Andy and brother Dan.

What is a CMR contract? ›

Construction Management At-Risk

If you engage a construction manager at-risk (CMR), the CMR agrees to coordinate, oversee and deliver your facility for a guaranteed maximum price. In this legal relationship, the CMR advises the client from the time of project inception, and acts as the general contractor.

Top Articles
Latest Posts
Article information

Author: Pres. Carey Rath

Last Updated:

Views: 6424

Rating: 4 / 5 (61 voted)

Reviews: 92% of readers found this page helpful

Author information

Name: Pres. Carey Rath

Birthday: 1997-03-06

Address: 14955 Ledner Trail, East Rodrickfort, NE 85127-8369

Phone: +18682428114917

Job: National Technology Representative

Hobby: Sand art, Drama, Web surfing, Cycling, Brazilian jiu-jitsu, Leather crafting, Creative writing

Introduction: My name is Pres. Carey Rath, I am a faithful, funny, vast, joyous, lively, brave, glamorous person who loves writing and wants to share my knowledge and understanding with you.