Everbridge Europe Limited

Everbridge Critical Event Management Suite

A unified critical communications suite of applications that enable organisations to manage the entire critical event life cycle. The suite can be used either as a single application for specific critical plans, critical event notification and incidents, or in combination to manage multiple or all parts of the process.

Features

  • Critical Event Platform and Multi Model Crisis Communications
  • Single unified platform, multiple communications applications, secure instant messaging
  • Quick & simple to implement, with user friendly interface
  • Open integration with existing systems & single sign on
  • Definitive role and administration rules for platform users
  • 24/7/365 Technical support and live operator
  • Store crisis plans on mobile and in the cloud
  • Secure critical mobile messaging, remote wipe, message expiry
  • Scalable, resilient & redundant infrastructure with 99.99% uptime
  • Integrated GIS mapping with unified contact data.

Benefits

  • Dramatically improve response time and stakeholder engagement during any incident
  • Target communications by organisation, department, role, location & skill set
  • Target mass notification to specific stakeholders, not devices
  • Automated communication process saves valuable time & eliminates errors
  • Auditable reporting and analytics for incident communications and events
  • You lead critical communications and updates, not social media
  • Increases organisational resilience and compliance in an emergency
  • Save cost and complexity of multiple integrations and data sources
  • Simple 'press to join' conference call capability
  • Your business continuity and disaster recovery plans go mobile

Pricing

£2.58 per user per year

Service documents

Framework

G-Cloud 11

Service ID

7 2 7 6 0 7 5 2 3 8 2 4 3 6 0

Contact

Everbridge Europe Limited

Phil Pate

0800 035 0081

digitalgov@everbridge.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
The Everbridge Suite is a full cloud SAAS platform and is not available on premise.
System requirements
  • Administrators need an internet enabled device
  • Users need an SMS, Email, Voice or Data capable device

User support

Email or online ticketing support
Email or online ticketing
Support response times
Using our 24/7 Support team, standard response is 4 hours. However questions are usually answered within 2 hours.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
The Everbridge Professional Services team can support customers onsite ranging from a day rate basis or up to a permanent technical account manager on site. Costs are included in the rate card.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
The standard onboarding is right-sized to support small to medium organizations on deploying all basic Mass Notification and Interactive Visibility functionality. A dedicated onboarding specialist is provided to guide you through the onboarding process and provide strategic advice, tailored to your organisation.

A standard onboarding will provide the following:
+ Orientation to your onboarding resources, including the Everbridge Client Portal, knowledgebase articles library, and Everbridge University.
+ Access to your functional account, configured with default templates and default notification paths. Everbridge provides a combination of remote and on-site onboarding services tailored to the customers requirements and needs which includes on-site training, on-line e-learning and user documentation, 30-minute hands-on demo of creating new users, the basic setup of contacts and the sending of a test notifications.
+ Best practices and onboarding guidance.
+ The onboarding specialist will ensure the client has demonstrated the ability to upload a sample of their contact data, send a notification and
interpret the results.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Microsoft Office Suite formats
  • CSV.
End-of-contract data extraction
Everbridge customers can download their contact data at any time during the contract period as a CSV file. Customers can also create reports to query the data which can be downloaded as CSV or PDF files.
End-of-contract process
Everbridge will end the user's access to the account, the account is deleted and purged from the Everbridge platform and all data is securely removed. All customer data can be returned to the customer before deletion upon request. This is included in the contract cost.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
All features of the Everbridge Suite are available in both the mobile and desktop service. However advanced administrator functions may be easier to access via the desktop version.
Service interface
No
API
Yes
What users can and can't do using the API
The Everbridge Restful API allows applications to interact with contact management, user access management, notification sending, incident sending and location tracking aspects of the Everbridge system.
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Users can customise the notification device terminology, can create static and dynamic grouping structures as well as customise the content of the recipient profile portal.

Scaling

Independence of resources
As part of the enablement of our commitment to 99.99% availability, Everbridge leverages an elastic infrastructure to accommodate high volume of calls using multiple redundant telephony providers and dynamic call routing algorithms to redirect calls to the least congested providers. Our unparalleled dedicated infrastructure, combined with our Elastic Infrastructure, provides unlimited global scale, speed, and resiliency without having to purchase dedicated lines or ports.

Analytics

Service usage metrics
Yes
Metrics types
The Everbridge Suite has native analytics to provide reporting and dashboards relating to contacts, incidents, notifications, responses & utilisation.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Everbridge customers can download their contact data at any time during the contract period as a CSV file.
Data export formats
CSV
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
Everbridge’s security, data protection policies and controls are based on the Federal Information Security Management Act (FISMA) risk management framework defined within National Institute of Standards and Technology (NIST) special publication (SP) 800-37. On an annual basis, during a three month assessment period, an independent and accredited third-party security assessment firm verifies Everbridge’s compliance with over 800 security and data protection requirements and controls detailed in NIST SP 800-53 (Security and Privacy Controls for Federal Information Systems and Organizations). Verified compliance enables Everbridge to map our compliance with other security and data privacy frameworks including ISO 27001, HIPAA and HITECH.

Availability and resilience

Guaranteed availability
Availability SLA:
Everbridge’s commits to service availability of 99.99% or greater, measured on a calendar quarterly basis. Including scheduled maintenance windows.

Broadcast Performance Target:
During a 60 minute period, Everbridge shall make a minimum number of notification attempts to the 1st contact path for all Client broadcasts, using the standard configuration, per the list below. Notification attempts do not include third party network delivery.

500 character Contact Bridge Notification - 600,000 per hour;
30 seconds Voice Notification - 300,000 per hour;
500 characters SMS Notification - 600,000 per hour;
500 characters email - 600,000 per hour.
Approach to resilience
Everbridge’s system is designed to provide a true zero-point-of-failure system. To provide the unique architecture, Everbridge employs multiple data centre locations in each of our production implementations. Data is continuously replicated between each data centre location within a specific production implementation, and each data centre site can provide the full range of Everbridge services. If service is disrupted at either data centre, all traffic is dynamically rerouted to the remaining data centre so that Everbridge's systems remain constantly available to all of our clients.
Each data centre site is designed with full redundancy from top to bottom. Dual network uplinks feed dual routers, fully meshed with dual load balancers, which secure the front-end network with tight controls. Each tier of servers are clustered using a combination of highly customized, secure, high performing, and scalable database solutions, which allows for real-time load balancing and failover between nodes, and affords easy scalability to meet increasing demand.
Outage reporting
When impacted clients are notified of service degradation/outages, all client defined “main points of contact” will receive the email notification. These operations are conducted by Everbridge Technical Support staff.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Everbridge supports role based access to the platform. At all times, clients maintain full control over any user granted access to the client organisation (environment) in the Everbridge system, the rights that are assigned, and the ability to revoke access at any time. Everbridge allows for an unlimited number of user roles. Each user may have multiple roles as is appropriate
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
30/9/2015
CSA STAR certification level
Level 2: CSA STAR Attestation
What the CSA STAR doesn’t cover
We believe that all applicable parts of our service are covered within the CSA STAR accreditation.
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • CSA CCM version 3.0
  • Other
Other security governance standards
SOC 2,
SOC 3,
NIST 800-53 (This mirrors ISO 27001),
TLS 1.2,
AES 256-bit encryption.
Information security policies and processes
To make our system the most secure, we comply with FISMA security guidelines set forth by NIST (National Institute of Standards in Technology). NIST completed their own Emergency Notification vendor evaluation, where they found that Everbridge best suited their needs.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Everbridge maintains a formal system development lifecycle policy which includes application development, testing, security verification, and detailed change management procedures. These policies are in place to ensure secure development of application code and features, to test and verify all features developed, and to ensure smooth rollout to the Production environment without degrading our client’s access or use of the notification platform.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
All development undergoes peer review, integration testing, and acceptance testing, and the entire application and infrastructure is included in regular internal vulnerability scanning and assessment. Furthermore, any changes to any level of the Everbridge infrastructure must adhere to the well defined Everbridge change management process.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Everbridge enables active monitoring, intrusion detection, and logging of all events, on all components, within all tiers of the fully redundant, geographically dispersed SaaS infrastructure. The tools consist of both network based IDS devices scanning all network traffic, and host-based probes that are designed to detect any activity outside of normal application traffic and performance. If a monitor detects any unusual or suspicious activity, the monitoring tool generates an automated alert that is immediately investigated by our on-call support team.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Everbridge follows the Incident Response procedures outlined in NIST 800-61 and are included in NIST 800-53, which Everbridge leverages as our security framework. Everbridge’s compliance to NIST 800-53 is audited annually by a 3PAO as required. Please see http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf, IR-1 through IR-10 for more information.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£2.58 per user per year
Discount for educational organisations
No
Free trial available
No

Service documents

Return to top ↑