Bramble Hub Informu - Information Asset Register System
The system profiles information assets, tagging them into a business classification scheme to inherit a default retention period. Physical records, electronic documents, data sets or IT equipment can be added as assets, with data relating to their ownership, location, use etc., including source, processing condition and sharing information for GDPR.
Features
- Maintain Business Classification Scheme
- Maintain retention policies, across multiple jurisdictions as required
- Tag retention policies to classification scheme for assets to inherit
- Establish user security permissions
- Create Master Assets as header records for information collections
- Create format-specific Sub Assets
- Physical record, electronic document, data set or IT equipment assets
- Manage field drop down lists
- Search and reporting with report data export
- Record data for GDPR Article 30 compliance
Benefits
- Support GDPR compliance
- Indentify and address information risks
- Plan Records Management processes and approaches
- Support ISO 27001 compliance
- Support application and maintenance of retention and disposal policies
- Support Business Continuity Planning
- Understand paper holdings, plan office sweeps, moves and changes
- Maintain application software inventory
- Support e-Discovery
- Support knowledge awareness and discovery
Pricing
£13,200.00 an instance a year
Service documents
Request an accessible format
Framework
G-Cloud 10
Service ID
8 3 5 0 1 5 5 5 2 4 6 6 6 2 1
Contact
Bramble Hub Limited
Neil Simpson
Telephone: +44 (0) 2077350030
Email: contact@bramblehub.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
- All scheduled maintenance will occur outside of standard office hours. Notification prior to software updates can be set to any number of days or weeks as required by the customer, except for critical updates. Software updates and maintenance can be deferred as required by the customer, except for critical updates and emergency maintenance.
- System requirements
-
- Up to date web browser access for users
- Microsoft SQL Server 2008 r2 or later
- Microsoft IIS 7.5 or later
- Microsoft .Net Framework 4.5.x
- Windows Server 2008 r2 or later
- Microsoft Report Viewer 2010
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Email support is provided. Acknowledgement and initial dignosis within 1 hour between the hours of 08:30 hrs and 17:30 hrs, Monday to Friday, excluding UK public holidays.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- Support is included within the annual software service fee. Engineering alerts for servers are provided on a 24/7 basis and will be reviewed during working hours on the next day. Application software support is provided between the hours of 08:30 hrs and 17:30 hrs, Monday to Friday, excluding UK public holidays. A named technical account manager will be nominated.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- A full range of services can be provided including requirements analysis and advice, configuration, training, support and maintenance. The system is provided with tool tips, user and administrator documentation, as well as useful guides to support configuration and asset audits etc.
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- Back-ups of the SQL data can be uploaded to an FTP server nominated by the client.
- End-of-contract process
- Back-ups of the SQL data can be uploaded to an FTP server nominated by the client. Once this has been completed and accepted, the data on the production server will be securely expunged and the server decommissioned.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 10
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- None
- Accessibility standards
- None or don’t know
- Description of accessibility
- Commands have icons, drop down lists have large buttons, interface and text is scalable
- Accessibility testing
- None
- API
- No
- Customisation available
- Yes
- Description of customisation
- Customer systems administrators may manage field drop down lists, business classifications and retention policies.
Scaling
- Independence of resources
- System performance and response times are heavily dependent on the client network environment, internet connection and number of concurrent users. We monitor our software performance closely and will deal with any unforeseen issues as a priority. Subject to this there is a 99.99% up-time guarantee, excluding scheduled maintenance.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Reports can be provided based upon a format agreed with the customer.
- Reporting types
- Regular reports
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- Never
- Protecting data at rest
- Physical access control, complying with another standard
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- There is the ability to export the Information Asset Register data to common formats such as PDF, Word, Excel.
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- MS Word
- MS Excel
- Data import formats
-
- CSV
- Other
- Other data import formats
- MS Excel Spreadsheet
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- System performance and response times are heavily dependent on the client network environment, internet connection and number of concurrent users. We monitor our software performance closely and will deal with any unforeseen issues as a priority. Subject to this there is a 99.99% up-time guarantee, excluding scheduled maintenance. Refunding is not offered.
- Approach to resilience
- The servers are distinct, fully managed units dedicated solely to the service we provide.
- Outage reporting
- Email alerts
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
- SSH Secure channel access, with locking to specific IP Addresses
- Access restriction testing frequency
- At least once a year
- Management access authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- We follow security and information governance best pratcices. Relevant ISO and Cloud security standards for the hosting location can be provided on request.
- Information security policies and processes
-
The data centres provide maximum security, with access strictly limited to cleared personnel and monitored by extensive CCTV and access control systems. A comprehensive range of physical security measures are in place to guarantee the safety of data:
* CCTV covering all areas of the data centres and corporate offices
* Highly experienced security guards on duty 24/7, 365 days a year
* Role-based access control swipe-card system across multiple secure areas to ensure absolutely no access by unauthorised personnel
In terms of the boxes themselves:
the servers are distinct units dedicated solely to the service we provide, and managed directly by us, ensuring that nothing else running on them can jeopardise their security. They are fire-walled to allow higher-level access only to a specific range of physical locations, and the software itself manages access over an SSL connection.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Formal change management for system changes and updates are not implemented by default, but can be discussed if required.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Independent penetration-testing can be arranged at the client’s request.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
The data centres provide maximum security:
*CCTV covering all areas of the data centres and corporate offices
*Highly experienced security guards on duty 24/7, 365 days a year
*Role-based access control swipe-card system across multiple secure areas to ensure absolutely no access by unauthorised personnel
The servers are distinct units dedicated solely to the service we provide, and managed directly by us, ensuring that nothing else running on them can jeopardise their security. They are firewalled to allow higher-level access only to a specific range of physical locations, and the software itself manages access over an SSL connection. - Incident management type
- Supplier-defined controls
- Incident management approach
-
Incidents identified internally will be handled and escalated according to standard procedures; incidents identified by customers may be reported by telephone or e-mail. Incidents will be categorised and managed according to their nature and the type of data affected:
The Breach Management Plan addresses:
1. Containment and recovery.
2. Assessment of ongoing risk.
3. Notification of breach.
4. Evaluation and response.
Full logs of incidents are recorded and retained. Reporting processes will be agreed with the customer.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- No
Pricing
- Price
- £13,200.00 an instance a year
- Discount for educational organisations
- No
- Free trial available
- No