This G-Cloud 10 service is no longer available to buy.

The G-Cloud 10 framework expired on Tuesday 2 July 2019. Any existing contracts with Bramble Hub Limited are still valid.
Bramble Hub Limited

Bramble Hub Informu - Information Asset Register System

The system profiles information assets, tagging them into a business classification scheme to inherit a default retention period. Physical records, electronic documents, data sets or IT equipment can be added as assets, with data relating to their ownership, location, use etc., including source, processing condition and sharing information for GDPR.

Features

  • Maintain Business Classification Scheme
  • Maintain retention policies, across multiple jurisdictions as required
  • Tag retention policies to classification scheme for assets to inherit
  • Establish user security permissions
  • Create Master Assets as header records for information collections
  • Create format-specific Sub Assets
  • Physical record, electronic document, data set or IT equipment assets
  • Manage field drop down lists
  • Search and reporting with report data export
  • Record data for GDPR Article 30 compliance

Benefits

  • Support GDPR compliance
  • Indentify and address information risks
  • Plan Records Management processes and approaches
  • Support ISO 27001 compliance
  • Support application and maintenance of retention and disposal policies
  • Support Business Continuity Planning
  • Understand paper holdings, plan office sweeps, moves and changes
  • Maintain application software inventory
  • Support e-Discovery
  • Support knowledge awareness and discovery

Pricing

£13,200.00 an instance a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@bramblehub.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 10

Service ID

8 3 5 0 1 5 5 5 2 4 6 6 6 2 1

Contact

Bramble Hub Limited Neil Simpson
Telephone: +44 (0) 2077350030
Email: contact@bramblehub.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
All scheduled maintenance will occur outside of standard office hours. Notification prior to software updates can be set to any number of days or weeks as required by the customer, except for critical updates. Software updates and maintenance can be deferred as required by the customer, except for critical updates and emergency maintenance.
System requirements
  • Up to date web browser access for users
  • Microsoft SQL Server 2008 r2 or later
  • Microsoft IIS 7.5 or later
  • Microsoft .Net Framework 4.5.x
  • Windows Server 2008 r2 or later
  • Microsoft Report Viewer 2010

User support

Email or online ticketing support
Email or online ticketing
Support response times
Email support is provided. Acknowledgement and initial dignosis within 1 hour between the hours of 08:30 hrs and 17:30 hrs, Monday to Friday, excluding UK public holidays.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Support is included within the annual software service fee. Engineering alerts for servers are provided on a 24/7 basis and will be reviewed during working hours on the next day. Application software support is provided between the hours of 08:30 hrs and 17:30 hrs, Monday to Friday, excluding UK public holidays. A named technical account manager will be nominated.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
A full range of services can be provided including requirements analysis and advice, configuration, training, support and maintenance. The system is provided with tool tips, user and administrator documentation, as well as useful guides to support configuration and asset audits etc.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Back-ups of the SQL data can be uploaded to an FTP server nominated by the client.
End-of-contract process
Back-ups of the SQL data can be uploaded to an FTP server nominated by the client. Once this has been completed and accepted, the data on the production server will be securely expunged and the server decommissioned.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
None
Accessibility standards
None or don’t know
Description of accessibility
Commands have icons, drop down lists have large buttons, interface and text is scalable
Accessibility testing
None
API
No
Customisation available
Yes
Description of customisation
Customer systems administrators may manage field drop down lists, business classifications and retention policies.

Scaling

Independence of resources
System performance and response times are heavily dependent on the client network environment, internet connection and number of concurrent users. We monitor our software performance closely and will deal with any unforeseen issues as a priority. Subject to this there is a 99.99% up-time guarantee, excluding scheduled maintenance.

Analytics

Service usage metrics
Yes
Metrics types
Reports can be provided based upon a format agreed with the customer.
Reporting types
Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
Never
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
There is the ability to export the Information Asset Register data to common formats such as PDF, Word, Excel.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • MS Word
  • MS Excel
Data import formats
  • CSV
  • Other
Other data import formats
MS Excel Spreadsheet

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
System performance and response times are heavily dependent on the client network environment, internet connection and number of concurrent users. We monitor our software performance closely and will deal with any unforeseen issues as a priority. Subject to this there is a 99.99% up-time guarantee, excluding scheduled maintenance. Refunding is not offered.
Approach to resilience
The servers are distinct, fully managed units dedicated solely to the service we provide.
Outage reporting
Email alerts

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
SSH Secure channel access, with locking to specific IP Addresses
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
We follow security and information governance best pratcices. Relevant ISO and Cloud security standards for the hosting location can be provided on request.
Information security policies and processes
The data centres provide maximum security, with access strictly limited to cleared personnel and monitored by extensive CCTV and access control systems. A comprehensive range of physical security measures are in place to guarantee the safety of data:
* CCTV covering all areas of the data centres and corporate offices
* Highly experienced security guards on duty 24/7, 365 days a year
* Role-based access control swipe-card system across multiple secure areas to ensure absolutely no access by unauthorised personnel
In terms of the boxes themselves:
the servers are distinct units dedicated solely to the service we provide, and managed directly by us, ensuring that nothing else running on them can jeopardise their security. They are fire-walled to allow higher-level access only to a specific range of physical locations, and the software itself manages access over an SSL connection.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Formal change management for system changes and updates are not implemented by default, but can be discussed if required.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Independent penetration-testing can be arranged at the client’s request.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
The data centres provide maximum security:
*CCTV covering all areas of the data centres and corporate offices
*Highly experienced security guards on duty 24/7, 365 days a year
*Role-based access control swipe-card system across multiple secure areas to ensure absolutely no access by unauthorised personnel
The servers are distinct units dedicated solely to the service we provide, and managed directly by us, ensuring that nothing else running on them can jeopardise their security. They are firewalled to allow higher-level access only to a specific range of physical locations, and the software itself manages access over an SSL connection.
Incident management type
Supplier-defined controls
Incident management approach
Incidents identified internally will be handled and escalated according to standard procedures; incidents identified by customers may be reported by telephone or e-mail. Incidents will be categorised and managed according to their nature and the type of data affected:
The Breach Management Plan addresses:
1. Containment and recovery.
2. Assessment of ongoing risk.
3. Notification of breach.
4. Evaluation and response.
Full logs of incidents are recorded and retained. Reporting processes will be agreed with the customer.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£13,200.00 an instance a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@bramblehub.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.