Civica CFRMIS Hosted Solution
CFRMIS (Community Fire Risk Management Information System) allows Fire & Rescue Services’ to manage prevention and protection activities within a single interface whether it be Community Fire Safety, Technical Fire Safety, Operational Intelligence, Fire Investigation or Vulnerable People.
- CFS including HFSC and Safe & Well visits
- TFS including FSA and Short Audits
- OPS Intelligence including PORIS and SSRS's
- Vulnerable Persons - Full subject management
- API allowing full corporate integration
- CFRMIS mobile allowing full mobile working
- Customisable reporting with integration to corporate reporting systems
- Geographically displayed data via embedded GIS
- User definable dashboards
- 256-bit document encryption
- Improves accessibility, efficiency and return on investment
- CFRMIS’s Welcome Screens presents a unique view of the jobs
- Jobs can be categorised for quick access
- Can be supplemented with MS SQL Reporting Services
- Create corporate dashboards allowing quicker access to vital data
- All in one environment, automated enforcement management
- Saves time and ensures consistency of information
- Eliminates paper based data gathering, improving data quality
- Improves risk identification and reduces the risk of incident
- Reduces likelihood of failed prosecution attempt
£2666 per user per month
- Free trial available
- Pricing document
- Skills Framework for the Information Age rate card
- Service definition document
- Terms and conditions
- Modern Slavery statement
Civica UK Limited
Civica UK Limited
020 7760 2800
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Response times differ based on Civica SLA.|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Civica provides a support Service Desk during Service Hours, this includes all maintenance windows, the release process and any Priority 1 incidents.
Civica's Service Desk is available during support hours to log incidents. Civica's Support Portal is available 24 x7. All incidents logged by the Service Desk are referred to the support teams who provide support during the following:
• 09:00am to 17.00pm Monday-Friday: Civica's Service Desk available to log incidents. Civica's Support Portal is available 24 x7. Incidents logged by the Service Desk are referred to the support teams who provide support.
Support hours extensions after normal hours can be provided (please contact us for more details.
Civica's technical support team assist in the resolution of problems when necessary.
|Support available to third parties||Yes|
Onboarding and offboarding
The types of training which can be provided, based on the training needs of the target audience, are typically as follows;
- Project Team training
- System Administration training
- User training
- Go Live ‘floor walking’
- Speciality Courses
- Train the Trainer
Civica training courses are designed to deliver a good understanding of the functionality or skillset required work effectively with the solution.
The specific methods to be used are be agreed at the outset of the project, these may include:
- Classroom training
- Use of customised training environment, configuration and data set
- Some eLearning materials distributed using external media or via the internet
- Shorter, remote training courses
There are prerequisites to our training courses to be aware of and these will be discussed on the outset of a project. Please, note the following exclusions apply unless otherwise agree;
- Fault resolution with existing Civica solutions
- Configuration or forms development activities
- Testing support
|End-of-contract data extraction||There is no specific data extraction process at the end of contract, however Civica would look to provide the data within a format that can be accessible to the data owner. If any further services are required eg data cleansing or data manipulation these would be chartable at the day rate of the sold contract.|
Three months from the end date of the contract Civica will enter into discussions with the client to determine whether the contract will be extended. If the client decides to enter into a further contract term then a new contract will be issued.
If the client decides not to extend beyond the contract end date, within seven days following the contract end date the Licensee shall (at the option of the Licensor) return or destroy all copies, forms and parts of the program and documentation which are covered by this License and shall certify to the Licensor in writing that this has been done.
Once notice has been received that the customer will not extend beyond the contract end date then, Civica will email the customer confirming the notice has been received and a member of our technical department will contact you to arrange removal of the system from your servers.
Any assistance the client may require to migrate existing data off the system on termination of this contract will be chargeable.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||No|
|What users can and can't do using the API||
The “CFRMIS External Integration” is similar to an API which allows a fire service to create their own web-pages in their corporate intranet/extranet/standalone web-browser to interact with CFRMIS to create new jobs/edit existing records.
The integration provides two fundamental aspects:
1. The ability to query the data in CFRMIS and return the results in a generic manner.
2. The ability to save data to the CFRMIS database which may/may not include the sending of emails/other notifications.
Civica provides a method to the CFRMIS database allowing a query to be enacted against it. The results are returned in XML format for interpretation by the calling application.
Civica provides a universal and generic way of sending data to the CFRMIS website. The CFRMIS website processes the data sent according to a very specific set of business rules in conjunction with any specific customer requirements, i.e. sending of emails/notifications.
Civica expects its customers to create their own web-based or other user interface. This user interface can consume the API to enact requests to the CFRMIS website, in exactly the same manner as the CFRMIS web application itself.
The API receives HTTP Post requests which accepts a URL and an accompanying JSON object.
|API documentation formats||
|API sandbox or test environment||No|
|Description of customisation||
Customers can customise the user interface by hiding fields or re-labelling fields but cannot make any changes to the CFRMIS SQL Database.
Customisation can be carried out by competent users either via editing the XML files or using the Graphical User Interface Editor. Where a customer would prefer the work can be carried out by Civica. Customisation by Civica will occur additional costs.
|Independence of resources||The CFRMIS Hosted Solution is configured based on the concurrent usage information supplied by the customer. This data is then used to size the server requirements.|
|Service usage metrics||Yes|
Where CFRMIS is hosted Civica can provide usage metrics at an additional cost.
Service metrics can be configured based on the customers requirements at an additional cost
|Reporting types||Reports on request|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||European Economic Area (EEA)|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Encryption of all physical media|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||CFRMIS allows the exporting of data via CSV, XLS and XML and can be exported from any query screen or Code Table. CFRMIS can import data either through spreadsheets based on code tables, via Bulk Data Import screen where data has been consumed from a Third Party agency or via the Data Import Screen.|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||CFRMIS's Bulk Data Import allows users to import from Excel/CSV.|
|Data protection between buyer and supplier networks||Other|
|Other protection between networks||CFRMIS will be configured to meet the customers Code of Connection.|
|Data protection within supplier network||Other|
|Other protection within supplier network||CFRMIS will be configured to meet the customers Code of Connection.|
Availability and resilience
|Guaranteed availability||CFRMIS is build on the Microsoft Azure cloud platform that is backed by guratneed availabilty levels of 99.99%. This provides geo-redundant data centres to ensure a high level of resiliance.|
|Approach to resilience||The Azure datacentres are built to industry leading standards and provide built in resiliance within their design.|
|Outage reporting||CFRMIS is buld on the Microsoft Azure platform which has a public dashboard for outages of their systems. Civica will manage any software outages where appropriate. Any schedule maintenance will be performed outside of the normal contracted hours.|
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||By default CFRMIS uses SQL Authentication but this can be expanded to meet the customers requirements.|
|Access restrictions in management interfaces and support channels||CFRMIS uses User Groups to restrict access to data once a user has logged into the system. Additional restrictions can be placed on the system to restrict access to individual IP Address or an IP Range.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||ISO QAR|
|ISO/IEC 27001 accreditation date||06/12/2017|
|What the ISO/IEC 27001 doesn’t cover||Nothing.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||In order to provide a wide range of services to public and private sector organisations, Civica maintains an active information security programme. This programme requires regular internal and external audit inspection of both physical and logical data protection structures. The policies and procedures are aligned to ISO 27001 and Cyber Essentials Plus certifications.|
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||All hosted assets metadata is stored in a Configuration Management Database. This database is access controlled to authorised staff only. The CMDB provides information essential to the secure hosting of client critical services. Civica's Change Management process ensures that all changes are considered and planned, and appropriate, and that there is a clear audit trail of all changes.|
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||Civica implement and review against best practices to secure against known threats and vulnerabilities, focussing on the OWASP top 10 vulnerabilities. We perform static code based analysis of potential threats, using Veracode, as well as dynamic analysis using tools such as OWASP Zap. Civica performs 3rd party PEN testing on all major releases.|
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||Civica take a proactive approach to information security through a process of continual monitoring and review. As part of a documented risk assessment methodology to identify and manage information security risks a dedicated security team update the risk register monthly. CFRMIS is built on top of the Microsoft Azure platform which leads the world in cyber security and allows granualry monitoring of all the solutions from machine access. Civica uses MS Azure WAF to protect and monitor against know vulnerbility exploits.|
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||Civica have developed an Incident Management process (PRM07) under ISO 20000 standards which details both the Incident and Service Request Management processes. The Civica Service Desk manages end user Service Requests, Incidents and Requests for Change (RFCs) which can be logged by e-mail, telephone and web portal. Monthly customer reports will detail incident information.|
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||Yes|
|Connected networks||Public Services Network (PSN)|
|Price||£2666 per user per month|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||Civica can arrange access to their CFRMIS Beta Site.|