Bis-Web Limited

ClearView Continuity

ClearView is a web-based application which facilitates and simplifies management of business continuity management (BCM) processes within organisations encompassing Business Impact Analysis (BIA), Planning and Exercise Management. ClearView facilitates storage and maintenance of crisis management plans and procedures, the delegation BCM responsibility across the enterprise and monitoring of plan maintenance.

Features

  • Email driven user workflow engine
  • User defined, template driven creation of BIAs and Plans
  • Mobile app (iOS, Android & Windows)
  • Simple importing of key organisational golden source datasets
  • Customisable user profiles to control access to data/features
  • Pre-built/custom reports requiring no user technical knowledge to run
  • Send notifications to user groups, employees or Plan members
  • Incident management and exercising capability
  • Survey tool (Includes ISO22301 survey out of the box)
  • Customisable Executive Dashboard - At-a-glance overview of BC program

Benefits

  • Supports Business Continuity Management (BCM) best practice
  • Intuitive and simple to use for the occasional user
  • Minimal requirement for central administration
  • Empowerment of plan maintainers, managers and other stakeholders
  • Embeds business continuity across the enterprise
  • Email-based task management features save time
  • Allows users access to plan information on the move
  • No need to reprint/distribute when the plan is amended
  • Plan development and maintenance quicker, more efficient and cost effective
  • Latest version of plans always accessible online to authorised personnel

Pricing

£5000 per instance per year

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 10

518036402169429

Bis-Web Limited

Gemma Buckley

01869 354230

gemma.buckley@clearview-continuity.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints No, the majority of planned maintenance is undertaken with no client impact.
System requirements
  • User browser must Support TLS 1.2 encryption (https) of pages
  • User browser must have JavaScript Enabled.
  • Windows 7 or above
  • Mac OS X 10.6 or above

User support

User support
Email or online ticketing support Email or online ticketing
Support response times The Client has access to the Client Service Delivery staff at ClearView during Normal Business Hours, 8am – 6pm. GMT, and out of hours via a 24*7 out of hours contact number.

General questions are responded to within 1 business day, requests as a result of a partial lack of functionality or complete loss of service when using a test system are responded to within 4 business hours, requests where there is a complete or substantial loss of service are responded to within 1 business hour.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels All clients receive the same high level of support at no extra cost as it is included in the licence fee.
After the initial software implementation, which is carried out by a BC specialist, ongoing support is provided via our Client Service Delivery (CSD) staff.
Our CSD staff are trained to be familiar with all areas of ClearView functionality and they can advise on use, functionality, configuration and administration that in many cases will immediately resolve client queries.
In the event of an issue which the CSD staff are unable to resolve, it will be escalated to the Head of Service Delivery who will take responsibility for resolution of the issue, using second and third line resources from
Technology and Architecture, and Development Teams if required.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started ClearView offers comprehensive support throughout the implementation process, led by an experienced business continuity practitioner supported by our team of service delivery specialists.
Our standard implementation service provides training to client system administrators such that they will be able to configure and administer the system going forward. Standard implementation covers the core development of BIAs and Plan entities. These sessions are delivered using a train the trainer approach to enable administrators with the required knowledge to complete the work with remote support from the software specialists. Each training session will focus on specific elements of system configuration with intervals allowed for completion of setup work by administrators as part of the formal implementation path.
This provides the following benefits:
o Collaborative, short focused training sessions on system components with hands on activity;
o Integrated system set-up through the training sessions so that the training delivers real benefit and a system that is ready to be used;
o Knowledge retention is maximised by using the actual client system rather than a training system and through completing live setup;
o Key learning opportunity for administrators ensuring that they retain the skills required to update and manage the site.
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats On screen help text for system administrators
End-of-contract data extraction At any time, including at the end of the contract, client administrators are able to extract their data easily using the reports already built into ClearView which will output the data as Excel files for ease of use offline, without the need for technical assistance from ClearView. In addition, users can print and save their BIAs and Plans in PDF format and administrators can output and save detailed reports in Excel format. ClearView can provide additional support for this process if other formats are required.
End-of-contract process At the end of the contract, clients are able to extract all of their data including BIA and Plan content themselves via the client administrator interface and ClearView can provide assistance with this process if required. For security and data protection purposes, we would permanently delete/destroy client data no later than 10 days after the end date of the contract. If the client requests the last available back-up of the data, this can be provided at no additional charge unless a specific format is required for which there may be an additional charge, otherwise there are no other additional costs relating to the end of the contract.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The desktop version is also viewable on mobile devices as it is delivered via a web browser. In addition the ClearView mobile app provides offline access to BC plans if there is a network outage.
Accessibility standards None or don’t know
Description of accessibility N/A - Dependent on the features provided by the web browser used by the client.
Accessibility testing N/A
API Yes
What users can and can't do using the API ClearView APIs provides a method of interacting with the ClearView database using a RESTful web service. Requests are made using HTTPS and requests are used to request information from the database, store new data, and amend data currently stored in the database.
Requests to the API are categorised by the area (Employees, Resources, etc.) that is being accessed and the HTTPS method being used to send the request.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation ClearView is designed to be simple and easy to use for end user who can complete their BIAs, Plans, Exercises and Risk Assessments using a questionnaire-style interface.
Client administrators are able to customise the templates used to create the user questionnaires, choosing content, section names, adding user guidance and configuring the print output. They can also standardise the data using tickbox and dropdown lists which the user can select from. This provides consistent and powerful reporting and produce customised reports. In addition, Client Administrators can control the permissions for end-users to give them access to specific features of ClearView as required. All this is possible without needing technical skills, report building or coding knowledge.

Scaling

Scaling
Independence of resources ClearView is hosted and operated on a shared hosting infrastructure environment that provides service to multiple clients. We size our environment for resilience in addition to capacity planning based on minimal utilisation, rather than load sizing each client. Across our hosted environments we have many thousands of active users that far exceed the user community of a single client.

Analytics

Analytics
Service usage metrics Yes
Metrics types Client Administrators are able to monitor and track service usage themselves. Using the executive dashboard, Administrators can use a simple wizard-style interface to create a number of graphs which provide an at-a-glance, real-time, overview of the BC program. These can be used to report to upper management. Client Administrators can also track BC program compliance using the default dashboard which can be filtered by area. Many of the built in reports can also be scheduled to provide regular reports or run on request by the user including audit and user access reports.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach There is a wealth of reporting available to users as part of our standard licence, including the capability of creating their own custom reports. The suite of over 50 pre-built reports includes gap analysis, and RAG indicators to show warnings, as well as strategic and planning reports such as What If? And Critical date analysis reporting.

Data can be exported at the click of a button as an Excel file for offline analysis or as a pdf.
Data export formats Other
Other data export formats
  • Excel
  • PDF
  • Zip File
Data import formats
  • CSV
  • Other
Other data import formats
  • Excel
  • Zip File

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability ClearView is provided on a high availability environment that allows us to offer the following service guarantees:

o 99.99% network uptime and connectivity through a zero-downtime network;
o 99.99% application availability allowing for scheduled downtime and agreed client maintenance.
Approach to resilience Our servers are located across multiple RackSpace datacenters and are configured for redundancy and resilience:
• Data is stored on a SAN whose components are highly redundant;
• Databases are serviced by our database cluster;
• Websites are serviced by a load balanced pair of web servers;
• Servers are protected from malware by Sophos Endpoint Security and Control;
• Security patches are applied monthly after they have been tested;
• RackSpace is certified to ISO 27001;
• We have implemented a third database and web server at a separate RackSpace data centre for even more resilience; data replicated via a secure Virtual Private Network tunnel;
• The Managed External DNS Service through UltraDNS offers us fast, seamless, fail-safe Internet connections with never-fail address resolution that always keeps networks online and available. This is achieved through a number of technological innovations. This allows us to failover to our backup servers should there be any technical or operational failure or a catastrophic event.
In the event of a catastrophic failure we can switch over to the second data centre within three hours.
Outage reporting As ClearView is a high availability application, availability is proactively monitored 24x7 by ClearView technical staff. This includes monitoring software which provides automated alerts via email.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels All access to the underlying infrastructure is via two-factor VPN, and limited to users who require access to undertake their role.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 QAS International
ISO/IEC 27001 accreditation date 06/09/2010
What the ISO/IEC 27001 doesn’t cover All areas of the business are covered and the scope is provided below. All ISO27002 controls apply.

“The operation of an ISO27001:2013 Information Security Management System to cover all Bis-Web Ltd.’s Bicester Office, Reception Area (Bicester), Server Room (Bicester), Server Room (Heyford), hosting services provided by RackSpace, KeepItSafe, hosting services provided by Interactive and Remote Workers, covering business activities relating to the provision of operation, maintenance and management of Internet and Web services and systems. In accordance with the latest Statement of Applicability”
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications ISO27001:2013

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes ClearView has a suite of detailed security policies in line with our ISO 27001 accreditation.
In addition, ClearView has an Information Security Forum which consists of the Chief Executive, Chief Operating Officer, Head of Administration and Special Projects, Head of Technology and Architecture and The Information Security Manager.
Managers ensure that all documented security procedures and work instructions within their area of responsibility are carried out correctly to achieve compliance with security policies and standards.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Components of the service are tracked within our asset register which is reviewed every three months. When components near end of life a migration plan is created to move to new components prior to the end of life date.

All changes to software and components are tracked via a ticketing system with appropriate sign-offs by different teams. This includes security and risk assessments, confidentiality, integrity, availability, alignment to product roadmap and rollback plans.

Customers are communicated to via predefined channels prior to any changes which could impact the availability of the solution.
Vulnerability management type Supplier-defined controls
Vulnerability management approach To assess potential threats to our services, we run Monthly vulnerability scan using Alert Logic Threat Manager to identify security vulnerabilities and software configuration issues in all our environments.

Patches are deployed as follows, depending on their category:
• High: within 7 days (normally within 24 hours)
• Moderate: within 30 days
• Low: At our discretion
• Informational: At our discretion

Information on potential threats is obtained from: Microsoft, Homeland Security “National Cyber Awareness System”, ManageEngine Desktop Central and Rapid7.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Our monitoring process aligns with ISO27001.

We have an Alert Logic IDS which is monitored 24/7/365 to identify potential compromises. All events and firewall logs are sent to our syslog server and reviewed periodically.

If the Alert Logic IDS sees a security threat in our network traffic an auto shun script is run against the firewall blocking the offending IP address
If suspicious activity is found within logs, a more detailed investigation is undertaken to find the root cause which may involve specialist forensic investigation. An incident is raised within our incident management tool, and appropriate actions taken.
Incident management type Supplier-defined controls
Incident management approach ClearView has a fully documented process for incident management ensuring that a consistent methodology is followed when an incident occurs which impact the services we provide, such that full service is restored as quickly as possible.

Users can report incidents through Kronodesk (ticketing system) or by telephone or email through our Service Delivery team. Incidents can also be automatically detected via our monitoring tools and escalated.

During an incident, reports are provided to clients at a frequency that is consistent with the deadline assigned to resolution of the incident, but typically every 30 minutes via email or SMS.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £5000 per instance per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial A fully functioning demonstration version of the software is available after a mutual NDA has been signed. We are happy to input a client example plan and BIA into this at no charge. The demonstration site is available for as long as required within reason.

Documents

Documents
Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑