HIVE LOGIC LIMITED

Incident & Event Workflow

Business Intelligence and Risk Enterprise Management in Control Room and Event driven environments.
Safety, quality and risk management solution to manage incidents/events with event recording, workflow-management and reporting. Using predictive-intelligence and triggers to reduce severity of incidents/risks whilst supporting decision-making. Works with CCTV/ Cyber/ Physical-security/ and situational awareness events.

Features

  • Situational Awareness and Event (SAE) tool for Crisis Management
  • Supports: Health and Safety, Business Continuity, Building Facilities Management
  • Supports security mgt, geo-mapping, mass communications
  • Manages alerts and events in control room with workflow
  • Time/task reminders, reports, audit capability, information sharing
  • Optimised for easy use: text-search, interfaces and dashboard design
  • Multi platform and mobile dashboard support with role based access
  • Secure, with federated information sharing
  • Customisable, evidence-auditable, and automated workflow management
  • User defined customisable reports and dashboards

Benefits

  • Promotes user adoption, and support control room efficiency
  • Supports auditable and recorded effective communications
  • Clear, easy to follow, and concise security standards
  • Highly configurable to suit operational practises and procedures.
  • Simplicity of use reduces training and on-boarding overheads
  • Real time, risk-based, dashboards for executives, Gold commander or CEO
  • Automated reporting for audit and wider communications
  • Reduction in operational errors or evidence compromise
  • Integration with other operational systems: clinical, SOC, event, CCTV

Pricing

£1400 to £8800 per instance per month

  • Free trial available

Service documents

G-Cloud 10

152546148486717

HIVE LOGIC LIMITED

Simon Moore

07711049483

simon.moore@hivelogic.co.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints No
System requirements
  • Cloud applications to be secured
  • End-points, mobile, fixed, need to be pointed at the service

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times Within 1 working day, and response levels can be raised to cover weekends if required.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Yes, at an extra cost
Web chat support availability 9 to 5 (UK time), 7 days a week
Web chat support accessibility standard WCAG 2.0 AA or EN 301 549 9: Web
Web chat accessibility testing Vendor Defined capability
Onsite support Yes, at extra cost
Support levels NBD, 8x5, 24x7.

On site support not ever needed as service is on cloud. Limited complexity in configuring end-points to talk to the cloud.

A client engaged technical account manager can be provided, but required when multiple services are engaged to ensure interoperability and cost benefits. Once configured the service is stable and only needs client based support knowledge on major changes - this will be addressed through documentation.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Initial consultation on configuration of the Software included.
Additionally,
1. If the customer chooses to install with their own resources, we can provide HiveLOGIC support through HiveLOGIC consultancy services
2. Provide support for:
- SOC Services, including Monitoring and Reporting
- Rapid Response service to events and observations
3. Training Workshops
4. Direct, side-by-side support
5. Issue and problem resolution
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Only data held in service are security logs and configuration details. Both can be exported if necessary
End-of-contract process No additional services required, service simply stops and user redirects their end points to send traffic to other destinations.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Same service.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing N/A
API Yes
What users can and can't do using the API Users cannot use the API, API is for integration into other systems.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Fully customisable.

Scaling

Scaling
Independence of resources System is scaled on a cloud and resources are increased linearly with demand

Analytics

Analytics
Service usage metrics Yes
Metrics types Details are provided on traffic flows and hits on security rules
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold Global Aware

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Via the web based management console, and download of data.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • .docx
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks IPsec or TLS VPN gateway
Data protection within supplier network IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability 99.999% Up time
Approach to resilience Virtual basis, depends on host setup.
Data and machine state are backed up nightly
Outage reporting API, dashboard and email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels Role based access control.

Restrict to fixed IP
Access restriction testing frequency At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information You control when users can access audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 QMS
ISO/IEC 27001 accreditation date 31/10/2017
What the ISO/IEC 27001 doesn’t cover Nil
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We work as a network of SMEs supported by larger businesses where scale, and costs make this sensible. Design and service ownership always resides with the Hd of Operations within HiveLOGIC (HL). We then outsource the day to day manning of our service desk to Westcon/ Comstor owing to the economies of scale they can achieve.

HL assesses service levels, SLAs, policies and procedures provided by Westcon on a regular basis :6 monthly or less and on demand.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Other than patching and software levels, Any change is limited to configuration of the software controls. All such changes are assessed for security impact, as this a security based service

All configuration details are also recorded and changes are documented to enable auditing.
Vulnerability management type Undisclosed
Vulnerability management approach Threats to the system are constantly assessed by the vendor (ForcePoint) and changes made to the software base.

The infrastructure which hosts the cloud broker is constantly updated against threat intelligence and internal recommendations.
Protective monitoring type Supplier-defined controls
Protective monitoring approach The vendor provided cloud service, sold as a licence per end user is constantly monitored for breaches and attacks. As a security enforcement point it is assumed attack is inevitable and every measure is taken to continually tighten security and monitor for potential of breach.
Incident management type Supplier-defined controls
Incident management approach Incidents in the cloud service are actively driven out.

Incidents on client devices or against client applications are reported and acted upon as per policy. Any known attacks are instantly stopped. non-malicious, unauthorised accesses are blocked and then investigated as potential false positives.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £1400 to £8800 per instance per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Access to demo.

But limited in usability owing to lack of customisation

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Terms and conditions document View uploaded document
Return to top ↑