HSE Software built around
PROCESS AND PROOF

1.  Vendor Credentials

How long has the vendor been operating?
Critical safety infrastructure shouldn't depend on a company that may not exist in five years.

Do they have industry experience ?
Have they worked in environments where their software is used?

Where are they based ?
Jurisdiction matters for regulatory compliance and support availability.

2.  Security

What certifications do they hold?
ISO27001 is the gold standard for Information Security Management but Cyber Essentials Plus is the minimum credible baseline for a UK vendor handling operational data.

Is single sign-on supported ?
SSO reduces credential risk and simplifies access management across your organisation.

Under which jurisdiction is data stored?
Local regulation and sector-specific data requirements may restrict where operational data can legally reside.

3.  Auditability

Are changes logged with timestamp and user details?
A complete, unambiguous record is the first thing an investigator or auditor will ask for.

Is the audit trail tamper-evident?
Logs that can be altered after the fact provide no meaningful assurance.

Can logs be exported for regulatory purposes?
You need to be able to produce records independently of the vendor if required.

4.  Configurability

Can your team configure the system without developer involvement?
If every workflow change requires a support ticket and a day rate, the system will quickly fall out of step with your operations.

How are updates managed?
Software updates shouldn't break your configured workflows or require reconfiguration from scratch.

5.  Integration

Does it connect with your existing CMMS or ERP?
Maximo, SAP and similar systems are common in the industries Pisys serves. Integration should not be an afterthought.

Is there a published API?
An open API gives you flexibility to connect the system to other tools without dependency on the vendor.

6.  Implementation

What does a typical deployment timeline look like?
Understand what's included and what depends on your own resource before committing.

Is data migration from existing systems supported?
Moving from paper or a legacy system should not mean starting your records from zero.

What does onboarding include?
Training for administrators and end users should be part of the implementation, not an optional extra.

7.  Support

What are the SLAs for critical issues?
Response times need to reflect operational requirements.

Is there a dedicated contact or a ticket queue?
Knowing who to call when something goes wrong matters more than the number of features in the brochure.

8.  Commercial

Is pricing per user, per site or per module?
The model matters as much as the headline figure — understand what happens to cost as your usage grows.

Are there minimum contract lengths?
Multi-year commitments are standard but should come with clear provisions for what happens if the vendor changes hands or exits the market.

What happens to your data if you cancel?
Data portability and export rights should be written into the contract before you sign.

9.  Scalability

Is the system single or multi-tenancy?
A single-tenancy reduces the risk of other customers accidentally gaining access to your data

How does pricing change as you scale?
Volume discounts and multi-site pricing should be clear from the outset, not negotiated site by site.