crises control ltd

Crises Control Mass Notification Platform

Our mass notification platform keeps organisational lines of communication open by making it easy to send critical event mass notifications, allowing for immediate, individual responses with an automatic audit trail. The mass notification platform is invaluable for providing immediate critical communications to users, safeguarding individuals, the environment and the organisation.

Features

  • Multi-channel two-way mass communications globally
  • One-touch emergency SOS button, and conference call-bridge
  • Secure and reliable group communication tool without group size limits
  • Enterprise grade security and administration functionality
  • Real-time dashboards and map-based incident visualizations
  • Quick start action plan solution with Incident Plan Builder
  • Create, allocate and monitor task completion of Incident Task Manager
  • Auditable log-tracking for post-crisis review and compliance reporting
  • Integrate external monitoring systems to alert your people faster
  • Academy for self-learning videos, walkthroughs and knowledge assessment

Benefits

  • Alert stakeholders to incidents in their proximity on any device
  • Automate mass communications, collaborate, disseminate and orchestrate incident resolution
  • Protect key personnel with track and trace, GPS map locator
  • Achieve situational awareness, and centralise and co-ordinate response efforts
  • Quickly resolve issues and get back on track ASAP
  • Secure plan storage and distribution in actionable and digestible format
  • Reduce 'Alert' to 'Response' time to under a minute
  • Enterprise grade security and GDPR compliant data hosting and transmission
  • Gain common operational picture on incidents in real-time
  • Full auditability for post-event analysis and continuous improvement

Pricing

£1.00 a user a year

Service documents

Framework

G-Cloud 12

Service ID

2 1 9 6 1 1 8 4 4 4 4 5 9 9 4

Contact

crises control ltd

Shalen Sehgal - Managing Director

+44 (0)20-8584 1356

shalen@crises-control.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Crises Control is a fully functional standalone communications and alerting service, but it can also be integrated with a number of other software services. These include business continuity management software, IT service desk ticketing software and numerous monitoring software applications.
Cloud deployment model
Community cloud
Service constraints
No.
System requirements
  • Any web browser
  • Android, iOS or Windows Phone mobile device for App
  • Internet or Telecoms Network connectivity from the End-User’s device

User support

Email or online ticketing support
Email or online ticketing
Support response times
Severity Level 1. A fault exists that results in a total loss of service or functionality affecting a whole site (sites), or whole system or services.
15 minutes to respond, 4 working hours to resolve.

Severity Level 2. A fault exists which results in partial loss of service or functionality affecting multiple users.
1 working hour to respond, 8 working hours to resolve.

Severity Level 3. A fault exists which results in loss of service or functionality for a single user.
1 working hour to respond, 24 working hours to resolve.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Our online/telephone premium support service is available to all G-cloud customers and is included within the price of the subscription package.

Premium support includes a named customer account manager.

Onsite support is available, charged at a daily rate of £850 plus travel costs.
Support available to third parties
No

Onboarding and offboarding

Getting started
All users are provided FOC with a training manual and video tutorials. G-cloud customers are also provided with an onsite or online training package.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Users can delete their own data manually using the administrative functions on the platform at any time. Any data which remains after the subscription has ended is held for 12 months after a contract has ended and is then automatically destroyed.
End-of-contract process
There is no cost for closing down the contract or offboarding, providing the appropriate notice is given.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The service has been designed to work on mobile devices. The administration function, the task manager module and the performance reporting module all work best on the browser. However, the browser display for these functions is fully optimized to work on mobile display screens.
Service interface
Yes
Description of service interface
It is easy to integrate Crises Control with other established applications such as Service Desk software, Active Directory, CRM and HR databases, Security Monitoring systems and many more. We offer our customers flexibility and choices for integrations with trigger imports via email, SFT and SM. These can launch an Incident or send mass notification Pings. Import bulk users in CSV or excel file format. Scheduled or on -demand user data imports and exports. Single-sign on integration. Open APIs (for developers and accredited partners).
Accessibility standards
None or don’t know
Description of accessibility
.
Accessibility testing
.
API
Yes
What users can and can't do using the API
It is easy to integrate Crises Control with other established applications such as Service Desk software, Active Directory, CRM and HR databases, Security Monitoring systems and many more. We offer our customers flexibility and choices for integrations with trigger imports via email, SFT and SM. These can launch an Incident or send mass notification Pings. Import bulk users in CSV or excel file format. Scheduled or on -demand user data imports and exports. Single-sign on integration. Open APIs (for developers and accredited partners).
API documentation
No
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Many aspects of the service can be customised by the user, including user authority and access levels, password requirements, dashboard performance reporting, module subscription and selection of communications channels. We can also consider bespoke customisation requests for G-Cloud users by our developers at a system level.

Scaling

Independence of resources
Data is stored in multiple secure UK data centres separated by more than 100km and connected by high-bandwidth, low-latency dedicated connectivity. Then patform hosts workloads exclusively for the UK public sector, creating a known and trusted community of neighbours. Our demand management approach is as follows: We have well-defined services including a comprehensive service catalogue covering infrastructure, functionality, service levels, and unit costs: Accurate cost allocation allows us to clearly identify consumption to manage and improve demand: We use supply-and-demand metrics for the service catalogue and offer practical business rules for when additional internal services are required.

Analytics

Service usage metrics
Yes
Metrics types
Metrics are automatically provided to administrators on data and telecomms usage and associated costs. Dashboard data is also made available on numbers of Incidents launched, Pings sent and a wide range of user performance and response statistics.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
We offer a range of options for data export, to suit the customer needs.
Data export formats
  • CSV
  • Other
Other data export formats
  • Excel
  • PDF
Data import formats
  • CSV
  • Other
Other data import formats
Excel

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Service Availability targets are the planned percentage of time for which the Service is in operation, excluding any planned maintenance downtime. Crises Control’s Service hosting platform is assured by Service Credits at 99.9% Availability.
Approach to resilience
Our service is deployed across a number of sites, regions and zones. Each zone is designed to eliminate single points of failure (such as power, network and hardware).
Outage reporting
All outages will be reported via email alerts. Outages are identified as Planned maintenance, Emergency maintenance, and platform issues. In addition, the designated customer account manager will proactively contact customers as appropriate.

Identity and authentication

User authentication needed
Yes
User authentication
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels
There are three levels of users, each with access rights restricted to their operational/security role. Only administrators can access the entire platform and management interfaces.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
LRQA
ISO/IEC 27001 accreditation date
19/03/19
What the ISO/IEC 27001 doesn’t cover
Every part of our service is covered by the certification.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Crises Control, as a data controller and data processor is fully compliant with the provisions of UK law on data security, which are set out in the Data Protection Act 1998 as well as the EU General Data Protection Regulation.

Crises Control has in place technical and organisational measures in relation to the processing of protected data to ensure that it meets the requirements of the DPA and GDPR and protects the rights of data subjects. It also ensures a level of security in respect of protected data processed by it so as to prevent accidental or unlawful destruction, loss, alteration or unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Crises Control (through Transputec) has achieved full accreditation of the ISO 27001 standard from LRQA (Lloyds Register).

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
If additional functionality or other changes are required, Crises Control will investigate and where necessary submit a Change Request (CR) to the Crises Control Board for approval. The CR will include details of any configuration management impact or security implications. It will also, where necessary, include an analysis of the proposed changes to ensure that time, cost and quality objectives remain intact to ensure that the components of the service are tracked. Once the Board approves or denies the CR the appropriate documentation will be updated and/or action authorised.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
1. Our vulnerability management process has five phases:
- Preparation
- Vulnerability scan
- Define remediating actions
- Implement remediating actions
- Rescan.

Roles
a) The Security Officer designed and enforces the vulnerability management process.
b) The Vulnerability Engineer schedules the various vulnerability scans.
c) The Asset Owner decides whether the identified vulnerabilities are mitigated or are accepted.
d) IT System Engineers implement any remediating actions as a result of detected vulnerabilities.

2. We can deploy patches on the same day.

3. We use annual penetration test, ISO audits and ThreatSpike dynamic continual scans and similar tools to identify threats.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
1. We use ThreatSpike to dynamically collect, record and continuously analyses our network traffic in order to detect harmful activity. ThreatSpike learns about our network and acts like a detective, continuously linking together information and key events in order to build a detailed narrative and timeline of security incidents as they occur.
When an incident occurs, the output is a clear, precise report on what the issue is and how to address it.
2. We activate our Vulnerability Management process when a potential compromise is detected.
3. We respond within hours of an incident being detected.
Incident management type
Supplier-defined controls
Incident management approach
1. Our incident management processes are fully ITIL compliant„ . We use the ITIL certified Richmond incident management software to log, record, track, report and communicate about incidents to the point of resolution. We also have a Wiki of pre-defined processes for common events.

2. Users can report incidents by phone, email or in person. Every call is logged and tracked in Richmond.

3.We generate incident reports from Richmond which go through a quality management process before release. These are reviewed for lessons learned by the services management team.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • Public Services Network (PSN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Health and Social Care Network (HSCN)

Pricing

Price
£1.00 a user a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
A free 30 day trial option is available on our commercial platform with credit card details. This option is not hosted on our government community cloud platform, so may not be considered suitable for Official Sensitive Data. It does provide for a live assessment of the functionality of the service.
Link to free trial
https://portal.crises-control.com/registercompany

Service documents

Return to top ↑