Rebel Software

Software as a Service

We provide multiple SaaS and PaaS services for secure Intranet Development, Extranets, Social Intranets, Travel Booking and Expense Management, Workplace Hazard Reporting and Management, health and Safety Reporting and Management, Property Management, Stock Management

Features

  • Access via Desktop, Phone or Tablet
  • Real time reporting
  • User Permissions
  • Machine Learning
  • Visual Reporting and Metrics

Benefits

  • Publish content from multiple devices
  • Collaborative Working
  • Quickly manage content on the move
  • Easy and Intuitive Interface
  • Personalised User Dashboard
  • Visual Reporting and Metrics
  • Administrator Dashboard

Pricing

£25 to £75.00 per person per month

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

4 7 0 2 2 9 7 3 1 7 2 0 1 0 6

Contact

Rebel Software

Gary Holman

07802981581

gary.holman@rebel.agency

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to We provide multiple SaaS and PaaS services for Intranet Development, Extranets, Social Intranets, Travel Booking and Expense Management, Workplace Hazard Reporting and Management, health and Safety Reporting and Management, Property Management, Stock Management
Cloud deployment model Private cloud
Service constraints We use a Microservices Architecture and any maintenance is undertaken with no disruption to services - Any major updates to the core the users will be notified in advance
System requirements SaaS and PaaS require browser based access

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Within 15 minutes to 4 hrs
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AAA
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), 7 days a week
Web chat support accessibility standard WCAG 2.1 AAA
Web chat accessibility testing We have done extensive Web chat testing with good feedback
Onsite support Onsite support
Support levels Basic - Billing support and read-only access to break/fix cases - Support Desk - Technical account manager or cloud support engineer. 4 hrs - 7hrs - FREE
Pro Development - In-depth investigation and response for developers - Support Desk and Telephone. Technical account manager or cloud support engineer. Response time 15 mins - 4 hrs - £62.50 Per Hour per user (Billed Monthly)
Pro Production - Fast, thorough response for live solution managers. Support Desk and Telephone. Technical account manager or cloud support engineer. Response time 15 mins - 1 hr - £75.00 per user (Billed Monthly)
Enterprise - Strategic guidance and 24/7 onsite and hands-on help for all cases and users - Individual Case Specific and Dependent on location -Technical account manager or cloud support engineer. Response time POA Please call to discuss
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Our software is designed to be extremely intuitive and easy to use - Users will require little or no training to use both our SaaS and PaaS solutions. However both online and onside training will be provided if necessary
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction All data is extracted via the a web download interface and the original database fully wiped upon contract end
End-of-contract process There are no 'hidden' additional costs at the end of the contract - Unless specified within a bespoke contract addition - Please call us for further information

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The layout user interface is different and optimised for tablet and mobile for easy use
Service interface No
API Yes
What users can and can't do using the API The whole platform is API based. Changes to the software are not made through the API unless specifically required by the client
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment Yes
Customisation available Yes
Description of customisation We offer an API first platform with no user interface where clients can use their own user interface to attach to our services via API's - All our services can be fully customised to match the clients requirements and expectations

Scaling

Scaling
Independence of resources We use AWS EC2 Instances to provide on demand processing and power to scale up in line with user performance and usage

Analytics

Analytics
Service usage metrics Yes
Metrics types Administrator User Metrics, System/Platform Infrastructure or application metrics all metrics are gathered via Elastisearch: Platform search, caching and visualised using Kibana: Analytics (works in conjunction with Elastisearch)
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest Physical access control, complying with CSA CCM v3.0
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Via the user interface CSV or Excel options - User Permissions apply for access
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability We have an 99.9% uptime guarantee and a Service Level Agreement - In the unlikely event that a catastrophic event happens subscription is suspended and users refunded
Approach to resilience We use AWS EC2 Instances in the AWS datacentre for our hosting requirements. We offer customers the ability to achieve highly resilient network connections between Amazon Virtual Private Cloud (Amazon VPC) and their on-premises infrastructure. This capability extends customer access to AWS resources in a reliable, scalable, and cost-effective way. Highly resilient, fault-tolerant network connections are key to a well-architected system. AWS recommends connecting from multiple data centres for physical location redundancy. When designing remote connections, we consider using redundant hardware and telecommunications providers. Additionally, it is a best practice to use dynamically routed, active/active connections for automatic load balancing and failover across redundant network connections. Provision sufficient network capacity to ensure that the failure of one network connection does not overwhelm and degrade redundant connections.
Outage reporting Via a public dashboard an API and email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication 2-factor authentication
Access restrictions in management interfaces and support channels Access to the platform can be made immediately through the Admin panel or via contact to us directly as long as you have the proper authorisation to do so
Access restriction testing frequency At least every 6 months
Management access authentication 2-factor authentication

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes To establish a general approach to information security To detect and forestall the compromise of information security such as misuse of data, networks, computer systems and applications. To protect the reputation of the company with respect to its ethical and legal responsibilities. To observe the rights of the customers; providing effective mechanisms for responding to complaints and queries concerning real or perceived non-compliances with the policy is one way to achieve this objective.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach We ensure that changes to the system have been properly tested and authorised. Changes are access so they do not unexpectedly alter security properties Vulnerability management – We identify and mitigate security issues in constituent components Protective monitoring – We ensure measures in place to detect attacks and unauthorised activity on the service Incident management – We respond to incidents and recover a secure, available service The status, location and configuration of service components (both hardware and software) are tracked throughout their lifetime. Changes to the service are assessed for potential security impact. Then managed and tracked through to completion.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach We employ: Regular penetration tests of infrastructure and any relevant web applications Security reviews of the design of the service An engineering approach that ensures security is a key consideration in developing the service
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach We implement regular audit events to support effective identification of suspicious activity All events are analysed to identify potential compromises or inappropriate use of your service We take prompt and appropriate action to address incidents
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Incident management processes are in place for the service and are actively deployed in response to security incidents along with a full report Pre-defined processes are in place for responding to common types of incident and attack Users report through a 24/7 defined process and contact route exists via telephone helpdesk and email for reporting of security incidents by consumers and external entities Security incidents of relevance will be reported to you immediately or in an acceptable timescales and formats

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £25 to £75.00 per person per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial This is a full trial with unlimited access to all services

Service documents

Return to top ↑