ClearView is a web-based application which facilitates and simplifies management of business continuity management (BCM) processes within organisations encompassing Business Impact Analysis (BIA), Planning and Exercise Management. ClearView facilitates storage and maintenance of crisis management plans and procedures, the delegation BCM responsibility across the enterprise and monitoring of plan maintenance.
- Email driven user workflow engine
- User defined, template driven creation of BIAs and Plans
- Mobile app (iOS, Android & Windows)
- Simple importing of key organisational golden source datasets
- Customisable user profiles to control access to data/features
- Pre-built/custom reports requiring no user technical knowledge to run
- Send notifications to user groups, employees or Plan members
- Incident management and exercising capability
- Survey tool (Includes ISO22301 survey out of the box)
- Customisable Executive Dashboard - At-a-glance overview of BC program
- Supports Business Continuity Management (BCM) best practice
- Intuitive and simple to use for the occasional user
- Minimal requirement for central administration
- Empowerment of plan maintainers, managers and other stakeholders
- Embeds business continuity across the enterprise
- Email-based task management features save time
- Allows users access to plan information on the move
- No need to reprint/distribute when the plan is amended
- Plan development and maintenance quicker, more efficient and cost effective
- Latest version of plans always accessible online to authorised personnel
£7000 to £68000 per instance per year
- Education pricing available
- Free trial available
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Service constraints||No, the majority of planned maintenance is undertaken with no client impact.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
ClearView provide administrator support globally in all regions as required by clients. Technical support is provided from the UK by ClearView Service Delivery and Technical Resource staff.
Our main UK Service Delivery team can be contacted by telephone, e-mail and via our on-line ticketing system, Kronodesk. In the UK, support is provided during UK Business Hours, 8am - 6pm
Outside of normal business hours (Weekends) ClearView will provide 24x7 contact support for Severity One incidents"
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
All clients receive the same high level of support at no extra cost as it is included in the licence fee.
After the initial software implementation, which is carried out by a BC specialist, ongoing support is provided via our Client Service Delivery (CSD) staff.
Our CSD staff are trained to be familiar with all areas of ClearView functionality and they can advise on use, functionality, configuration and administration that in many cases will immediately resolve client queries.
In the event of an issue which the CSD staff are unable to resolve, it will be escalated to the Head of Service Delivery who will take responsibility for resolution of the issue, using second and third line resources from
Technology and Architecture, and Development Teams if required.
|Support available to third parties||No|
Onboarding and offboarding
ClearView offers comprehensive support throughout the implementation process, led by an experienced business continuity practitioner supported by our team of service delivery specialists.
Our standard implementation service provides training to client system administrators such that they will be able to configure and administer the system going forward. Standard implementation covers the core development of BIAs and Plan entities. These sessions are delivered using a train the trainer approach to enable administrators with the required knowledge to complete the work with remote support from the software specialists. Each training session will focus on specific elements of system configuration with intervals allowed for completion of setup work by administrators as part of the formal implementation path.
This provides the following benefits:
o Collaborative, short focused training sessions on system components with hands on activity;
o Integrated system set-up through the training sessions so that the training delivers real benefit and a system that is ready to be used;
o Knowledge retention is maximised by using the actual client system rather than a training system and through completing live setup;
o Key learning opportunity for administrators ensuring that they retain the skills required to update and manage the site.
|End-of-contract data extraction||At any time, including at the end of the contract, client administrators are able to extract their data easily using the reports already built into ClearView which will output the data as Excel files for ease of use offline, without the need for technical assistance from ClearView. In addition, users can print and save their BIAs and Plans in PDF format and administrators can output and save detailed reports in Excel format. ClearView can provide additional support for this process if other formats are required.|
|End-of-contract process||At the end of the contract, clients are able to extract all of their data including BIA and Plan content themselves via the client administrator interface and ClearView can provide assistance with this process if required. For security and data protection purposes, we would permanently delete/destroy client data no later than 10 days after the end date of the contract. If the client requests the last available back-up of the data, this can be provided at no additional charge unless a specific format is required for which there may be an additional charge, otherwise there are no other additional costs relating to the end of the contract.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||The desktop version is also viewable on mobile devices as it is delivered via a web browser. In addition the ClearView mobile app provides offline access to BC plans if there is a network outage.|
|What users can and can't do using the API||
ClearView APIs provides a method of interacting with the ClearView database using a RESTful web service. Requests are made using HTTPS and requests are used to request information from the database, store new data, and amend data currently stored in the database.
Requests to the API are categorised by the area (Employees, Resources, etc.) that is being accessed and the HTTPS method being used to send the request.
|API documentation formats|
|API sandbox or test environment||Yes|
|Description of customisation||
ClearView is designed to be simple and easy to use for end user who can complete their BIAs, Plans, Exercises and Risk Assessments using a questionnaire-style interface.
Client administrators are able to customise the templates used to create the user questionnaires, choosing content, section names, adding user guidance and configuring the print output. They can also standardise the data using tickbox and dropdown lists which the user can select from. This provides consistent and powerful reporting and produce customised reports. In addition, Client Administrators can control the permissions for end-users to give them access to specific features of ClearView as required. All this is possible without needing technical skills, report building or coding knowledge.
|Independence of resources||ClearView is hosted and operated on a shared hosting infrastructure environment that provides service to multiple clients. We size our environment for resilience in addition to capacity planning based on minimal utilisation, rather than load sizing each client. Across our hosted environments we have many thousands of active users that far exceed the user community of a single client.|
|Service usage metrics||Yes|
|Metrics types||Client Administrators are able to monitor and track service usage themselves. Using the executive dashboard, Administrators can use a simple wizard-style interface to create a number of graphs which provide an at-a-glance, real-time, overview of the BC program. These can be used to report to upper management. Client Administrators can also track BC program compliance using the default dashboard which can be filtered by area. Many of the built in reports can also be scheduled to provide regular reports or run on request by the user including audit and user access reports.|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||
There is a wealth of reporting available to users as part of our standard licence, including the capability of creating their own custom reports. The suite of over 50 pre-built reports includes gap analysis, and RAG indicators to show warnings, as well as strategic and planning reports such as What If? And Critical date analysis reporting.
Data can be exported at the click of a button as an Excel file for offline analysis or as a pdf.
|Data export formats||Other|
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||
Availability and resilience
ClearView is provided on a high availability environment that allows us to offer the following service guarantees:
o 99.99% network uptime and connectivity through a zero-downtime network;
o 99.99% application availability allowing for scheduled downtime and agreed client maintenance.
|Approach to resilience||
Our servers are located across multiple RackSpace datacenters and are configured for redundancy and resilience:
• Data is stored on a SAN whose components are highly redundant;
• Databases are serviced by our database cluster;
• Websites are serviced by a load balanced pair of web servers;
• Servers are protected from malware by Sophos Endpoint Security and Control;
• Security patches are applied monthly after they have been tested;
• RackSpace is certified to ISO 27001;
• We have implemented a third database and web server at a separate RackSpace data centre for even more resilience; data replicated via a secure Virtual Private Network tunnel;
• The Managed External DNS Service through UltraDNS offers us fast, seamless, fail-safe Internet connections with never-fail address resolution that always keeps networks online and available. This is achieved through a number of technological innovations. This allows us to failover to our backup servers should there be any technical or operational failure or a catastrophic event.
In the event of a catastrophic failure we can switch over to the second data centre within three hours.
|Outage reporting||As ClearView is a high availability application, availability is proactively monitored 24x7 by ClearView technical staff. This includes monitoring software which provides automated alerts via email.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||All access to the underlying infrastructure is via two-factor VPN, and limited to users who require access to undertake their role.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||QAS International|
|ISO/IEC 27001 accreditation date||06/09/2010|
|What the ISO/IEC 27001 doesn’t cover||
All areas of the business are covered and the scope is provided below. All ISO27002 controls apply.
“The operation of an ISO27001:2013 Information Security Management System to cover all Bis-Web Ltd.’s Bicester Office, Reception Area (Bicester), Server Room (Bicester), Server Room (Heyford), hosting services provided by RackSpace, KeepItSafe, hosting services provided by Interactive and Remote Workers, covering business activities relating to the provision of operation, maintenance and management of Internet and Web services and systems. In accordance with the latest Statement of Applicability”
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||ISO27001:2013|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
ClearView has a suite of detailed security policies in line with our ISO 27001 accreditation.
In addition, ClearView has an Information Security Forum which consists of the Chief Executive, Chief Operating Officer, Head of Administration and Special Projects, Head of Technology and Architecture and The Information Security Manager.
Managers ensure that all documented security procedures and work instructions within their area of responsibility are carried out correctly to achieve compliance with security policies and standards.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Components of the service are tracked within our asset register which is reviewed every three months. When components near end of life a migration plan is created to move to new components prior to the end of life date.
All changes to software and components are tracked via a ticketing system with appropriate sign-offs by different teams. This includes security and risk assessments, confidentiality, integrity, availability, alignment to product roadmap and rollback plans.
Customers are communicated to via predefined channels prior to any changes which could impact the availability of the solution.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
To assess potential threats to our services, we run Monthly vulnerability scan using Alert Logic Threat Manager to identify security vulnerabilities and software configuration issues in all our environments.
Patches are deployed as follows, depending on their category:
• High: within 7 days (normally within 24 hours)
• Moderate: within 30 days
• Low: At our discretion
• Informational: At our discretion
Information on potential threats is obtained from: Microsoft, Homeland Security “National Cyber Awareness System”, ManageEngine Desktop Central and Rapid7.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Our monitoring process aligns with ISO27001.
We have an Alert Logic IDS which is monitored 24/7/365 to identify potential compromises. All events and firewall logs are sent to our syslog server and reviewed periodically.
If the Alert Logic IDS sees a security threat in our network traffic an auto shun script is run against the firewall blocking the offending IP address
If suspicious activity is found within logs, a more detailed investigation is undertaken to find the root cause which may involve specialist forensic investigation. An incident is raised within our incident management tool, and appropriate actions taken.
|Incident management type||Supplier-defined controls|
|Incident management approach||
ClearView has a fully documented process for incident management ensuring that a consistent methodology is followed when an incident occurs which impact the services we provide, such that full service is restored as quickly as possible.
Users can report incidents through Kronodesk (ticketing system) or by telephone or email through our Service Delivery team. Incidents can also be automatically detected via our monitoring tools and escalated.
During an incident, reports are provided to clients at a frequency that is consistent with the deadline assigned to resolution of the incident, but typically every 30 minutes via email or SMS.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£7000 to £68000 per instance per year|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||A fully functioning demonstration version of the software is available after a mutual NDA has been signed. We are happy to input a client example plan and BIA into this at no charge. The demonstration site is available for as long as required within reason.|