crises control ltd

Crises Control Critical Incident Notification & Management

Crises Control is a cloud hosted emergency mass notification application combined with a functional business continuity and business disruption incident management platform. It offers multi-channel communications, delivered through and supported by a mobile application. A sophisticated task manager module allows tasks to be allocated and tracked during an incident.

Features

  • Multi-channel communication to your mobile device
  • E-mail, SMS, telephone and push notifications
  • One-touch emergency SOS button
  • Telephone conference call bridge function
  • Secure cloud storage for your incident SOPs
  • Delivery of incident SOPs to mobile devices
  • Sophisticated task manager module
  • Automatic generation of audit trail
  • Automatic generation of response performance reporting
  • 24/7 helpdesk support

Benefits

  • Get notified instantly worldwide on any device
  • Receive incident alerts with supporting SOP
  • Track and trace your team with GPS location finder
  • Identify gaps in your organisation’s responsiveness
  • Engage, train and develop your response team
  • Improve speed of your incident response
  • Secure, always-on cloud hosting
  • GDPR compliant data hosting and transmission
  • Access automated performance reporting dashboard
  • Access automated audit trail dashboard for post-incident review

Pricing

£1.60 per user per month

Service documents

G-Cloud 10

591614733362339

crises control ltd

Florine Ballay - G-Cloud Solution Manager

+44 (0)20-8584 1348

florine.ballay@crises-control.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Community cloud
Service constraints No.
System requirements
  • IE8 (or equivalent) browser accessed via a desktop/laptop
  • Android, iOS or Windows Phone mobile device for App
  • Internet/ Network connectivity from the End-User’s device

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Severity
1 A fault exists that results in a total loss of service or functionality affecting a whole site (sites), or whole system or services
15 minutes to respond
4 working hours to resolve

2 A fault exists which results in partial loss of service or functionality affecting multiple users
1 working hour to respond
8 working hours to resolve

3 A fault exists which results in loss of service or functionality for a single user
1 working hour to respond
24 working hours to resolve
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Our online/telephone premium support service is available to all G-cloud customers and is included within the price of the subscription package.

Onsite support is available, charged at a daily rate of £850 plus travel costs.

Premium support does include a named customer account manager.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started All users are provided FOC with a training manual and video tutorials. G-cloud customers are also provided with an onsite or online training package for administrators and keyholders.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Data is held for 12 months after a contract has ended and is then destroyed.
End-of-contract process There is no cost for closing down the contract or offboarding, providing the appropriate notice is given.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The service has very much been designed to work on mobile.However, the administration function, the task manager module and the perfomance reporting module all work within the browser only. Even the browser is fully optimised to work on mobile devices.
Accessibility standards None or don’t know
Description of accessibility No details available
Accessibility testing None
API Yes
What users can and can't do using the API Administrators can use our API to onboard/offboard users to/from the platform.
API documentation No
API sandbox or test environment Yes
Customisation available No

Scaling

Scaling
Independence of resources • Multiple secure UK data centres separated by more than 100km and connected by high-bandwidth, low-latency dedicated connectivity
• Platform hosting workloads exclusively for the UK public sector, creating a known and trusted community of neighbours
Our demand management approach is as follows:

We have well-defined services including a comprehensive service catalogue covering infrastructure, functionality, service levels, and unit costs.

Accurate cost allocation allows us to clearly identify consumption to manage and improve demand.

We use supply-and-demand metrics for the service catalogue and offer practical business rules for when additional internal services are required.

Analytics

Analytics
Service usage metrics Yes
Metrics types Metrics provided on data and telecomms usage, and also on Incidents launched, Pings sent and user responses
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Reseller providing extra support
Organisation whose services are being resold Crises Control Limited

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Physical access control, complying with CSA CCM v3.0
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach We offer a range of options for data export, to suit the customer needs.
Data export formats
  • CSV
  • Other
Other data export formats
  • Excel
  • PDF
Data import formats
  • CSV
  • Other
Other data import formats Excel

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Service Availability targets are the planned percentage of time for which the Service is in operation, excluding any planned maintenance downtime. Transputec’s Service hosting platform is assured by Service Credits at 99.9% Availability.
Approach to resilience Our service is deployed across a number of sites, regions and zones. Each zone is designed to eliminate single points of failure (such as power, network and hardware). Customers are encouraged to ensure their solution spans multiple sites, regions or zones to ensure service continuity should a failure occur.
Outage reporting All outages will be reported via email alerts. Outages are identified as Planned maintenance, Emergency maintenance, and platform issues. In addition, the designated customer account manager will proactively contact customers as appropriate.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels There are three levels of users, each with access rights restricted to their operational/security role. Only administrators can access the entire platform and management interfaces.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 LRQA
ISO/IEC 27001 accreditation date 17/05/18
What the ISO/IEC 27001 doesn’t cover Every part of our service is covered by the certification.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Transputec, as a data controller and data processor is fully compliant with the provisions of UK law on data security, which are set out in the Data Protection Act 1998. We will also be compliant with the EU General Data Protection Regulation, when it comes into force in May 2018.

Transputec has in place technical and organisational measures in relation to the processing of protected data to ensure that it meets the requirements of the DPA and protects the rights of data subjects. It also ensures a level of security in respect of protected data processed by it so as to prevent accidental or unlawful destruction, loss, alteration or unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Transputec has achieved full accreditation of the ISO 27001 standard from LRQA (Lloyds Register).

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach If additional functionality or other changes are required, Transputec will investigate and where necessary submit a Change Request (CR) to the Crises Control Board for approval. The CR will include details of any configuration management impact or security implications. It will also, where necessary, include an analysis of the proposed changes to ensure that time, cost and quality objectives remain intact to ensure that the components of the service are tracked. Once the Board approves or denies the Change Request the appropriate documentation will be updated and/or action authorised.
Vulnerability management type Supplier-defined controls
Vulnerability management approach 1. Our vulnerability management process has five phases:
- Preparation
- Vulnerability scan
- Define remediating actions
- Implement remediating actions
- Rescan.

Roles
a) The Security Officer designed and enforces the vulnerability management process.
b) The Vulnerability Engineer schedules the various vulnerability scans.
c) The Asset Owner decides whether the identified vulnerabilities are mitigated or are accepted.
d) IT System Engineers implement any remediating actions as a result of detected vulnerabilities.

2. We can deploy patches on the same day.

3. We use annual penetration test, ISO audits and ThreatSpike dynamic continual scans and similar tools to identify threats.
Protective monitoring type Supplier-defined controls
Protective monitoring approach 1. We use ThreatSpike to dynamically collect, record and continuously analyses our network traffic in order to detect harmful activity. ThreatSpike learns about our network and acts like a detective, continuously linking together information and key events in order to build a detailed narrative and timeline of security incidents as they occur.
When an incident occurs, the output is a clear, precise report on what the issue is and how to address it.
2. We activate our Vulnerability Management process when a potential compromise is detected.
3. We respond within hours of an incident being detected.
Incident management type Supplier-defined controls
Incident management approach 1. Our incident management processes are fully ITIL compliant„ . We use the ITIL certified Richmond incident management software to log, record, track, report and communicate about incidents to the point of resolution. We also have a Wiki of pre-defined processes for common events.

2. Users can report incidents by phone, email or in person. Every call is logged and tracked in Richmond.

3.We generate incident reports from Richmond which go through a quality management process before release. These are reviewed for lessons learned by the services management team.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • Public Services Network (PSN)
  • New NHS Network (N3)
  • Joint Academic Network (JANET)

Pricing

Pricing
Price £1.60 per user per month
Discount for educational organisations No
Free trial available Yes
Description of free trial A free 30 day trial option is available on our commercial platform with credit card details. This option is not hosted on our government community cloud platform, so may not be considered suitable for offical sensitive data. It does provide for a live assessment of the functionality of the service.
Link to free trial https://portal.crises-control.com/registercompany

Documents

Documents
Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑