Bis-Web Limited

ClearView Continuity

ClearView is a web-based application which facilitates and simplifies management of business continuity management (BCM) processes within organisations encompassing Business Impact Analysis (BIA), Planning and Exercise Management. ClearView facilitates storage and maintenance of crisis management plans and procedures, the delegation BCM responsibility across the enterprise and monitoring of plan maintenance.


  • Email driven user workflow engine
  • User defined, template driven creation of BIAs and Plans
  • Mobile app (iOS, Android & Windows)
  • Simple importing of key organisational golden source datasets
  • Customisable user profiles to control access to data/features
  • Pre-built/custom reports requiring no user technical knowledge to run
  • Send notifications to user groups, employees or Plan members
  • Incident management and exercising capability
  • Survey tool (Includes ISO22301 survey out of the box)
  • Customisable Executive Dashboard - At-a-glance overview of BC program


  • Supports Business Continuity Management (BCM) best practice
  • Intuitive and simple to use for the occasional user
  • Minimal requirement for central administration
  • Empowerment of plan maintainers, managers and other stakeholders
  • Embeds business continuity across the enterprise
  • Email-based task management features save time
  • Allows users access to plan information on the move
  • No need to reprint/distribute when the plan is amended
  • Plan development and maintenance quicker, more efficient and cost effective
  • Latest version of plans always accessible online to authorised personnel


£7000 to £68000 per instance per year

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 11

Service ID

7 2 6 8 7 5 3 8 5 4 9 9 5 5 5


Bis-Web Limited

Gemma Buckley

01869 354230

Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
No, the majority of planned maintenance is undertaken with no client impact.
System requirements
  • User browser must Support TLS 1.2 encryption (https) of pages
  • User browser must have JavaScript Enabled.
  • Windows 7 or above
  • Mac OS X 10.6 or above

User support

Email or online ticketing support
Email or online ticketing
Support response times
ClearView provide administrator support globally in all regions as required by clients. Technical support is provided from the UK by ClearView Service Delivery and Technical Resource staff.

Our main UK Service Delivery team can be contacted by telephone, e-mail and via our on-line ticketing system, Kronodesk. In the UK, support is provided during UK Business Hours, 8am - 6pm

Outside of normal business hours (Weekends) ClearView will provide 24x7 contact support for Severity One incidents"
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
All clients receive the same high level of support at no extra cost as it is included in the licence fee.

After the initial software implementation, which is carried out by a BC specialist, ongoing support is provided via our Client Service Delivery (CSD) staff.

Our CSD staff are trained to be familiar with all areas of ClearView functionality and they can advise on use, functionality, configuration and administration that in many cases will immediately resolve client queries.
In the event of an issue which the CSD staff are unable to resolve, it will be escalated to the Head of Service Delivery who will take responsibility for resolution of the issue, using second and third line resources from
Technology and Architecture, and Development Teams if required.
Support available to third parties

Onboarding and offboarding

Getting started
ClearView offers comprehensive support throughout the implementation process, led by an experienced business continuity practitioner supported by our team of service delivery specialists.
Our standard implementation service provides training to client system administrators such that they will be able to configure and administer the system going forward. Standard implementation covers the core development of BIAs and Plan entities. These sessions are delivered using a train the trainer approach to enable administrators with the required knowledge to complete the work with remote support from the software specialists. Each training session will focus on specific elements of system configuration with intervals allowed for completion of setup work by administrators as part of the formal implementation path.
This provides the following benefits:
o Collaborative, short focused training sessions on system components with hands on activity;
o Integrated system set-up through the training sessions so that the training delivers real benefit and a system that is ready to be used;
o Knowledge retention is maximised by using the actual client system rather than a training system and through completing live setup;
o Key learning opportunity for administrators ensuring that they retain the skills required to update and manage the site.
Service documentation
Documentation formats
End-of-contract data extraction
At any time, including at the end of the contract, client administrators are able to extract their data easily using the reports already built into ClearView which will output the data as Excel files for ease of use offline, without the need for technical assistance from ClearView. In addition, users can print and save their BIAs and Plans in PDF format and administrators can output and save detailed reports in Excel format. ClearView can provide additional support for this process if other formats are required.
End-of-contract process
At the end of the contract, clients are able to extract all of their data including BIA and Plan content themselves via the client administrator interface and ClearView can provide assistance with this process if required. For security and data protection purposes, we would permanently delete/destroy client data no later than 10 days after the end date of the contract. If the client requests the last available back-up of the data, this can be provided at no additional charge unless a specific format is required for which there may be an additional charge, otherwise there are no other additional costs relating to the end of the contract.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The desktop version is also viewable on mobile devices as it is delivered via a web browser. In addition the ClearView mobile app provides offline access to BC plans if there is a network outage.
Service interface
What users can and can't do using the API
ClearView APIs provides a method of interacting with the ClearView database using a RESTful web service. Requests are made using HTTPS and requests are used to request information from the database, store new data, and amend data currently stored in the database.
Requests to the API are categorised by the area (Employees, Resources, etc.) that is being accessed and the HTTPS method being used to send the request.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
ClearView is designed to be simple and easy to use for end user who can complete their BIAs, Plans, Exercises and Risk Assessments using a questionnaire-style interface.

Client administrators are able to customise the templates used to create the user questionnaires, choosing content, section names, adding user guidance and configuring the print output. They can also standardise the data using tickbox and dropdown lists which the user can select from. This provides consistent and powerful reporting and produce customised reports. In addition, Client Administrators can control the permissions for end-users to give them access to specific features of ClearView as required. All this is possible without needing technical skills, report building or coding knowledge.


Independence of resources
ClearView is hosted and operated on a shared hosting infrastructure environment that provides service to multiple clients. We size our environment for resilience in addition to capacity planning based on minimal utilisation, rather than load sizing each client. Across our hosted environments we have many thousands of active users that far exceed the user community of a single client.


Service usage metrics
Metrics types
Client Administrators are able to monitor and track service usage themselves. Using the executive dashboard, Administrators can use a simple wizard-style interface to create a number of graphs which provide an at-a-glance, real-time, overview of the BC program. These can be used to report to upper management. Client Administrators can also track BC program compliance using the default dashboard which can be filtered by area. Many of the built in reports can also be scheduled to provide regular reports or run on request by the user including audit and user access reports.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
There is a wealth of reporting available to users as part of our standard licence, including the capability of creating their own custom reports. The suite of over 50 pre-built reports includes gap analysis, and RAG indicators to show warnings, as well as strategic and planning reports such as What If? And Critical date analysis reporting.

Data can be exported at the click of a button as an Excel file for offline analysis or as a pdf.
Data export formats
Other data export formats
  • Excel
  • PDF
  • Zip File
Data import formats
  • CSV
  • Other
Other data import formats
  • Excel
  • Zip File

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
ClearView is provided on a high availability environment that allows us to offer the following service guarantees:

o 99.99% network uptime and connectivity through a zero-downtime network;
o 99.99% application availability allowing for scheduled downtime and agreed client maintenance.
Approach to resilience
Our servers are located across multiple RackSpace datacenters and are configured for redundancy and resilience:
• Data is stored on a SAN whose components are highly redundant;
• Databases are serviced by our database cluster;
• Websites are serviced by a load balanced pair of web servers;
• Servers are protected from malware by Sophos Endpoint Security and Control;
• Security patches are applied monthly after they have been tested;
• RackSpace is certified to ISO 27001;
• We have implemented a third database and web server at a separate RackSpace data centre for even more resilience; data replicated via a secure Virtual Private Network tunnel;
• The Managed External DNS Service through UltraDNS offers us fast, seamless, fail-safe Internet connections with never-fail address resolution that always keeps networks online and available. This is achieved through a number of technological innovations. This allows us to failover to our backup servers should there be any technical or operational failure or a catastrophic event.
In the event of a catastrophic failure we can switch over to the second data centre within three hours.
Outage reporting
As ClearView is a high availability application, availability is proactively monitored 24x7 by ClearView technical staff. This includes monitoring software which provides automated alerts via email.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
All access to the underlying infrastructure is via two-factor VPN, and limited to users who require access to undertake their role.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
QAS International
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
All areas of the business are covered and the scope is provided below. All ISO27002 controls apply.

“The operation of an ISO27001:2013 Information Security Management System to cover all Bis-Web Ltd.’s Bicester Office, Reception Area (Bicester), Server Room (Bicester), Server Room (Heyford), hosting services provided by RackSpace, KeepItSafe, hosting services provided by Interactive and Remote Workers, covering business activities relating to the provision of operation, maintenance and management of Internet and Web services and systems. In accordance with the latest Statement of Applicability”
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
ClearView has a suite of detailed security policies in line with our ISO 27001 accreditation.
In addition, ClearView has an Information Security Forum which consists of the Chief Executive, Chief Operating Officer, Head of Administration and Special Projects, Head of Technology and Architecture and The Information Security Manager.
Managers ensure that all documented security procedures and work instructions within their area of responsibility are carried out correctly to achieve compliance with security policies and standards.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Components of the service are tracked within our asset register which is reviewed every three months. When components near end of life a migration plan is created to move to new components prior to the end of life date.

All changes to software and components are tracked via a ticketing system with appropriate sign-offs by different teams. This includes security and risk assessments, confidentiality, integrity, availability, alignment to product roadmap and rollback plans.

Customers are communicated to via predefined channels prior to any changes which could impact the availability of the solution.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
To assess potential threats to our services, we run Monthly vulnerability scan using Alert Logic Threat Manager to identify security vulnerabilities and software configuration issues in all our environments.

Patches are deployed as follows, depending on their category:
• High: within 7 days (normally within 24 hours)
• Moderate: within 30 days
• Low: At our discretion
• Informational: At our discretion

Information on potential threats is obtained from: Microsoft, Homeland Security “National Cyber Awareness System”, ManageEngine Desktop Central and Rapid7.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Our monitoring process aligns with ISO27001.

We have an Alert Logic IDS which is monitored 24/7/365 to identify potential compromises. All events and firewall logs are sent to our syslog server and reviewed periodically.

If the Alert Logic IDS sees a security threat in our network traffic an auto shun script is run against the firewall blocking the offending IP address
If suspicious activity is found within logs, a more detailed investigation is undertaken to find the root cause which may involve specialist forensic investigation. An incident is raised within our incident management tool, and appropriate actions taken.
Incident management type
Supplier-defined controls
Incident management approach
ClearView has a fully documented process for incident management ensuring that a consistent methodology is followed when an incident occurs which impact the services we provide, such that full service is restored as quickly as possible.

Users can report incidents through Kronodesk (ticketing system) or by telephone or email through our Service Delivery team. Incidents can also be automatically detected via our monitoring tools and escalated.

During an incident, reports are provided to clients at a frequency that is consistent with the deadline assigned to resolution of the incident, but typically every 30 minutes via email or SMS.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£7000 to £68000 per instance per year
Discount for educational organisations
Free trial available
Description of free trial
A fully functioning demonstration version of the software is available after a mutual NDA has been signed. We are happy to input a client example plan and BIA into this at no charge. The demonstration site is available for as long as required within reason.

Service documents

Return to top ↑