Everbridge Europe Limited

Everbridge Critical Event Management Suite

A unified critical communications suite of applications that enable organisations to manage the entire critical event lifecycle. The suite can be used either as a single application for specific critical plans, critical event notification and incidents, or in combination to manage multiple or all parts of the process.

Features

  • Multi Model Crisis Communications with 30+ different contact paths
  • Single unified platform, multiple communications applications, lone worker
  • Quick & simple to implement, with user friendly interface
  • Open integration with existing systems & single sign on
  • Definitive role and administration rules for platform users
  • 24/7/365 Technical support and live operator
  • Store crisis plans on mobile and in the cloud
  • Secure critical mobile messaging, remote wipe, message expiry
  • Scalable, resilient & redundant infrastructure with 99.99% uptime
  • Integrated GIS mapping with unified contact data

Benefits

  • Dramatically improve response time and stakeholder engagement during any incident
  • Target communications by organisation, department, role, location & skill set
  • Target mass notification to specific stakeholders, not devices
  • Automated communication process saves valuable time & eliminates errors
  • Auditable reporting and analytics for incident communications and events
  • You lead critical communications and updates, not social media
  • Increases organisational resilience and compliance in an emergency
  • Save cost and complexity of multiple integrations and data sources
  • Simple 'press to join' conference call capability
  • Your business continuity and disaster recovery plans go mobile

Pricing

£2.58 per user per year

Service documents

G-Cloud 10

180172124930913

Everbridge Europe Limited

Phil Pate

0800 035 0081

philip.pate@everbridge.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints The Everbridge Suite is a full cloud SAAS platform and is not available on premise.
System requirements
  • Administrators need an internet enabled device
  • Users need an SMS, Email, Voice or Data capable device

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Standard response is 4 hours. However questions are usually answered within 2 hours.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 A
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels The Everbridge Professional Services team can support customers onsite ranging from a day rate basis or up to a permanent technical account manager on site. Costs are included in the rate card.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started The standard onboarding is right-sized to support small to medium organizations on deploying all basic Mass Notification and Interactive Visibility functionality. A dedicated onboarding specialist is provided to guide you through the onboarding process and provide strategic advice, tailored to your organisation.

A standard onboarding will provide the following:
+ Orientation to your onboarding resources, including the Everbridge Client Portal, knowledgebase articles library, and Everbridge
University.
+ Access to your functional account, configured with default templates and default notification paths. Everbridge provides a combination of remote and on-site onboarding services tailored to the customers requirements and needs which includes on-site training, on-line e-learning and user documentation, 30-minute hands-on demo of creating new users, the basic setup of contacts and the sending of a test notifications.
+ Best practices and onboarding guidance.
+ The onboarding specialist will ensure the client has demonstrated the ability to upload a sample of their contact data, send a notification and
interpret the results.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Microsoft Office Suite formats
  • CSV
End-of-contract data extraction Everbridge customers can download their contact data at any time during the contract period as a CSV file. Customers can also create reports to query the data which can be downloaded as CSV or PDF files.
End-of-contract process Everbridge will end the user's access to the account, the account is deleted and purged from the Everbridge platform and all data is securely removed. All customer data can be returned to the customer before deletion upon request. This is included in the contract cost.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service All features of the Everbridge Suite are available in both the mobile and desktop service. However advanced administrator functions may be easier to access via the desktop version.
Accessibility standards WCAG 2.0 A
Accessibility testing Everbridge has a dedicated team of user interface designers and Quality Assurance staff responsible for testing both the functionality and the usability of the Everbridge platform.
API Yes
What users can and can't do using the API The Everbridge Restful API allows applications to interact with contact management, user access management, notification sending, incident sending and location tracking aspects of the Everbridge system.
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Users can customise the notification device terminology, can create static and dynamic grouping structures as well as customise the content of the recipient profile portal.

Scaling

Scaling
Independence of resources As part of the enablement of our commitment to 99.99% availability, Everbridge leverages an elastic infrastructure to accommodate high volume of calls using multiple redundant telephony providers and dynamic call routing algorithms to redirect calls to the least congested providers. Our unparalleled dedicated infrastructure, combined with our Elastic Infrastructure, provides unlimited global scale, speed, and resiliency without having to purchase dedicated lines or ports.

Analytics

Analytics
Service usage metrics Yes
Metrics types The Everbridge Suite has native analytics to provide reporting and dashboards relating to contacts, incidents, notifications, responses & utilisation.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Everbridge customers can download their contact data at any time during the contract period as a CSV file.
Data export formats
  • CSV
  • Other
Other data export formats PDF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network Everbridge’s security, data protection policies and controls are based on the Federal Information Security Management Act (FISMA) risk management framework defined within National Institute of Standards and Technology (NIST) special publication (SP) 800-37. On an annual basis, during a three month assessment period, an independent and accredited third-party security assessment firm verifies Everbridge’s compliance with over 800 security and data protection requirements and controls detailed in NIST SP 800-53 (Security and Privacy Controls for Federal Information Systems and Organizations). Verified compliance enables Everbridge to map our compliance with other security and data privacy frameworks including ISO 27001, HIPAA and HITECH.

Availability and resilience

Availability and resilience
Guaranteed availability Availibility SLA:
Everbridge’s commits to service availability of 99.99% or greater, measured on a calendar quarterly basis. Including scheduled maintenance windows.

Broadcast Performance Target:
During a 60 minute period, Everbridge shall make a minimum number of notification attempts to the 1st contact path for all Client broadcasts, using the standard configuration, per the list below. Notification attempts do not include third party network delivery.

500 character Contact Bridge Notification - 600,000 per hour;
30 seconds Voice Notification - 300,000 per hour;
500 characters SMS Notification - 600,000 per hour;
500 characters email - 600,000 per hour.
Approach to resilience Everbridge’s system is designed to provide a true zero-point-of-failure system. To provide the unique architecture, Everbridge employs multiple data center locations in each of our production implementations. Data is continuously replicated between each data center location within a specific production implementation, and each data center site can provide the full range of Everbridge services. If service is disrupted at either data center, all traffic is dynamically rerouted to the remaining data center so that Everbridge's systems remain constantly available to all of our clients.
Each data center site is designed with full redundancy from top to bottom. Dual network uplinks feed dual routers, fully meshed with dual load balancers, which secure the front-end network with tight controls. Each tier of servers are clustered using a combination of highly customized, secure, high performing, and scalable database solutions, which allows for real-time load balancing and failover between nodes, and affords easy scalability to meet increasing demand.
Outage reporting When impacted clients are notified of service degradation/outages, all client defined “main points of contact” will receive the email notification. These operations are conducted by Everbridge Technical Support staff.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Everbridge supports role based access to the platform. At all times, clients maintain full control over any user granted access to the client organisation (environment) in the Everbridge system, the rights that are assigned, and the ability to revoke access at any time. Everbridge allows for an unlimited number of user roles. Each user may have multiple roles as is appropriate.
Access restriction testing frequency At least once a year
Management access authentication 2-factor authentication

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date 30/09/2015
CSA STAR certification level Level 2: CSA STAR Attestation
What the CSA STAR doesn’t cover We believe that all applicable parts of our service are covered within the CSA STAR accreditation.
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • CSA CCM version 3.0
  • Other
Other security governance standards SOC 2,
SOC 3,
NIST 800-53 (This mirrors ISO 27001),
TLS 1.2,
AES 256-bit encryption.
Information security policies and processes To make our system the most secure, we comply with FISMA security guidelines set forth by NIST (National Institute of Standards in Technology). NIST completed their own Emergency Notification vendor evaluation, where they found that Everbridge best suited their needs.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Everbridge maintains a formal system development lifecycle policy which includes application development, testing, security verification, and detailed change management procedures. These policies are in place to ensure secure development of application code and features, to test and verify all features developed, and to ensure smooth rollout to the Production environment without degrading our client’s access or use of the notification platform.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach All development undergoes peer review, integration testing, and acceptance testing, and the entire application and infrastructure is included in regular internal vulnerability scanning and assessment. Furthermore, any changes to any level of the Everbridge infrastructure must adhere to the well defined Everbridge change management process.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Everbridge enables active monitoring, intrusion detection, and logging of all events, on all components, within all tiers of the fully redundant, geographically dispersed SaaS infrastructure. The tools consist of both network based IDS devices scanning all network traffic, and host-based probes that are designed to detect any activity outside of normal application traffic and performance. If a monitor detects any unusual or suspicious activity, the monitoring tool generates an automated alert that is immediately investigated by our on-call support team.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Everbridge follows the Incident Response procedures outlined in NIST 800-61 and are included in NIST 800-53, which Everbridge leverages as our security framework. Everbridge’s compliance to NIST 800-53 is audited annually by a 3PAO as required. Please see http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf, IR-1 through IR-10 for more information.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £2.58 per user per year
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑