Black Rainbow Ltd

Black Rainbow's Case, Investigations and Quality Management Software

Black Rainbow's Case, Investigations and Quality Management solution is fully integrated and collaborative across the lifecycle of all forensic sciences, including disclosure management from crime scene to evidential reporting. Tracking and managing incidents from inception to resolution. Highly configurable, with a powerful workflow building engine to reflect and automate processes.

Features

• Integrated Case Quality Management System - rapid ISO 17025 compliance
• Evidence submission, tracking and auditing
• Flexible workflow builder to integrate and automate SOPs and processes
• Integrate and automate forensic tools - maximise investments made
• Cross case collaboration
• Integrated Submission/ Request Portal
• Fast and scaleable search via Elasticsearch
• Flexible dashboard reporting and customisable user views
• Fully auditable
• Detailed notes capabilities, task and action management with notifications

Benefits

• Improved risk management and full audit performance
• Rapidly accelerates ISO 17025 compliance
• Highly configurable by users and rapid deployment
• Real-time dashboards for insight into case, operation and department performance
• Full audit trail across all system activities
• Control and consistency through workflows - repeatable and defensible
• Single point of reference for QMS (Documentation, Asset, Validation, Competence)
• Delivers cost saving through automation of forensic tools and processes
• Covers all incident and investigation types, scalable and multi locations
• Cross case collaboration, P.O.L.E. analytics and extensive search capabilities

£800.00 a person a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Framework

G-Cloud 12

Service ID

199637921797543

Contact

Morgan Sheehy
+353879011111
morgan.sheehy@blackrainbow.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: Out of standard hours support should be agreed in advance if required.
• System requirements: Please contact vendor for system requirements documentation

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support and maintenance agreement available upon request.; ; Response times vary by priority level:; P1: 4 hours; P2: 8 hours; P3: 12 hours; ; Changes to these standard SLA's can be agreed with individual customers if required.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Black Rainbow's standard support model is not tiered by customer status - but tiered by the priority of the issue. Support costs are included in our annual license cost and all customers are allocated a technical account manager as well as access to support@blackrainbow.com.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Black Rainbow provides online and on-site training which can be hosted on NIMBUS Learning Management System. User materials are also provided.; We work closely with customers from (pre) project mobilisation through to sign-off. Furthermore we conduct on-going customer specific knowledge sharing workshops during the life of all contracts (at no additional cost).
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Interactive media is also provided.
• End-of-contract data extraction: Migration support and any other technical or project based support can be provided if required (at an additional cost).
• End-of-contract process: Migration support and any other technical or project based support can be provided if required (at an additional cost).

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: N/A
• Service interface: No
• API: Yes
• What users can and can't do using the API: There is an API available (not published). Customers may contact us for additional information.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: System is highly configurable by customers and does not require any technical proficiency to do so. It was designed this way to limit the need for customers to revert with requests for system changes which also delivers significant cost savings to customers.

Scaling

• Independence of resources: Customers are provided with isolated instances (single tenanted).; System is performance tested to account for significant user scaling.

Analytics

• Service usage metrics: Yes
• Metrics types: The system can provide usage metrics by user (duration of usage etc).
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2012
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: User can export their data simply via predefined formats.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • MS-Word .DOC
  • XML
  • PDF
  • JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • MS-Word .DOC
  • XML
  • PDF
  • JSON

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: N/ A we provide cloud based software.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: N/A - we provide cloud based software.

Availability and resilience

• Guaranteed availability: 99.9% as standard.; Recourse mechanisms agreed in line with SLA's.
• Approach to resilience: Available upon request
• Outage reporting: This is provided via dashboards and automated emails if required.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
• Access restrictions in management interfaces and support channels: Access is restricted through user role permissions and access controls. We also integrate with Customer AD / LDAP protocols.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials Certification

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Security Governance is aligned with ISO27001:2013 (Certification pending).
• Information security policies and processes: Black Rainbow are Cyber Essentials certified. ; Security Governance is aligned with ISO27001:2013 (Certification pending). ; Training is conducted quarterly and procedures and processes updated accordingly.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Changes and delivery components are recorded and tracked via NIMBUS Security Control Matrix and Third Party Providers Security Control processes in compliance with industry accepted standards. These are audited and updated on a 6 monthly basis.; Black Rainbow adopts an agile software development methodology alongside testing methods and release management. ; Further information available upon request.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Black Rainbow conduct both internal and external vulnerability testing on a scheduled and as needed basis. NIMBUS patches can be deployed within hours if required. Third party patches deployed as made available.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Black Rainbow utilise a selection of third party security tools to protect, monitor and manage potential compromises. NIMBUS patches can be deployed within hours if required. Third party patches deployed as made available. ; All risks are identified and managed in line with Black Rainbow security policies and procedures, copies of which may be made available to customers upon request.
• Incident management type: Supplier-defined controls
• Incident management approach: All risks are identified and managed in line with Black Rainbow security policies and procedures, copies of which may be made available to customers upon request.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £800.00 a person a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF