Black Rainbow Ltd

Black Rainbow's Case, Investigations and Quality Management Software

Black Rainbow's Case, Investigations and Quality Management solution is fully integrated and collaborative across the lifecycle of all forensic sciences, including disclosure management from crime scene to evidential reporting. Tracking and managing incidents from inception to resolution. Highly configurable, with a powerful workflow building engine to reflect and automate processes.

Features

  • Integrated Case Quality Management System - rapid ISO 17025 compliance
  • Evidence submission, tracking and auditing
  • Flexible workflow builder to integrate and automate SOPs and processes
  • Integrate and automate forensic tools - maximise investments made
  • Cross case collaboration
  • Integrated Submission/ Request Portal
  • Fast and scaleable search via Elasticsearch
  • Flexible dashboard reporting and customisable user views
  • Fully auditable
  • Detailed notes capabilities, task and action management with notifications

Benefits

  • Improved risk management and full audit performance
  • Rapidly accelerates ISO 17025 compliance
  • Highly configurable by users and rapid deployment
  • Real-time dashboards for insight into case, operation and department performance
  • Full audit trail across all system activities
  • Control and consistency through workflows - repeatable and defensible
  • Single point of reference for QMS (Documentation, Asset, Validation, Competence)
  • Delivers cost saving through automation of forensic tools and processes
  • Covers all incident and investigation types, scalable and multi locations
  • Cross case collaboration, P.O.L.E. analytics and extensive search capabilities

Pricing

£800.00 a person a year

Service documents

Framework

G-Cloud 12

Service ID

1 9 9 6 3 7 9 2 1 7 9 7 5 4 3

Contact

Black Rainbow Ltd Morgan Sheehy
Telephone: +353879011111
Email: morgan.sheehy@blackrainbow.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
Out of standard hours support should be agreed in advance if required.
System requirements
Please contact vendor for system requirements documentation

User support

Email or online ticketing support
Email or online ticketing
Support response times
Support and maintenance agreement available upon request.

Response times vary by priority level:
P1: 4 hours
P2: 8 hours
P3: 12 hours

Changes to these standard SLA's can be agreed with individual customers if required.
User can manage status and priority of support tickets
No
Phone support
No
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Black Rainbow's standard support model is not tiered by customer status - but tiered by the priority of the issue. Support costs are included in our annual license cost and all customers are allocated a technical account manager as well as access to support@blackrainbow.com.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Black Rainbow provides online and on-site training which can be hosted on NIMBUS Learning Management System. User materials are also provided.
We work closely with customers from (pre) project mobilisation through to sign-off. Furthermore we conduct on-going customer specific knowledge sharing workshops during the life of all contracts (at no additional cost).
Service documentation
Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
Interactive media is also provided.
End-of-contract data extraction
Migration support and any other technical or project based support can be provided if required (at an additional cost).
End-of-contract process
Migration support and any other technical or project based support can be provided if required (at an additional cost).

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
N/A
Service interface
No
API
Yes
What users can and can't do using the API
There is an API available (not published). Customers may contact us for additional information.
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
System is highly configurable by customers and does not require any technical proficiency to do so. It was designed this way to limit the need for customers to revert with requests for system changes which also delivers significant cost savings to customers.

Scaling

Independence of resources
Customers are provided with isolated instances (single tenanted).
System is performance tested to account for significant user scaling.

Analytics

Service usage metrics
Yes
Metrics types
The system can provide usage metrics by user (duration of usage etc).
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
User can export their data simply via predefined formats.
Data export formats
  • CSV
  • Other
Other data export formats
  • MS-Word .DOC
  • XML
  • PDF
  • JSON
Data import formats
  • CSV
  • Other
Other data import formats
  • MS-Word .DOC
  • XML
  • PDF
  • JSON

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
N/ A we provide cloud based software.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
N/A - we provide cloud based software.

Availability and resilience

Guaranteed availability
99.9% as standard.
Recourse mechanisms agreed in line with SLA's.
Approach to resilience
Available upon request
Outage reporting
This is provided via dashboards and automated emails if required.

Identity and authentication

User authentication needed
Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels
Access is restricted through user role permissions and access controls. We also integrate with Customer AD / LDAP protocols.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials Certification

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Security Governance is aligned with ISO27001:2013 (Certification pending).
Information security policies and processes
Black Rainbow are Cyber Essentials certified.
Security Governance is aligned with ISO27001:2013 (Certification pending).
Training is conducted quarterly and procedures and processes updated accordingly.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Changes and delivery components are recorded and tracked via NIMBUS Security Control Matrix and Third Party Providers Security Control processes in compliance with industry accepted standards. These are audited and updated on a 6 monthly basis.
Black Rainbow adopts an agile software development methodology alongside testing methods and release management.
Further information available upon request.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Black Rainbow conduct both internal and external vulnerability testing on a scheduled and as needed basis. NIMBUS patches can be deployed within hours if required. Third party patches deployed as made available.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Black Rainbow utilise a selection of third party security tools to protect, monitor and manage potential compromises. NIMBUS patches can be deployed within hours if required. Third party patches deployed as made available.
All risks are identified and managed in line with Black Rainbow security policies and procedures, copies of which may be made available to customers upon request.
Incident management type
Supplier-defined controls
Incident management approach
All risks are identified and managed in line with Black Rainbow security policies and procedures, copies of which may be made available to customers upon request.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£800.00 a person a year
Discount for educational organisations
No
Free trial available
No

Service documents