Bramble Hub Limited

Bramble Hub Informu - Information Asset Register System

The system profiles information assets, tagging them into a business classification scheme to inherit a default retention period. Physical records, electronic documents, data sets or IT equipment can be added as assets, with data relating to their ownership, location, use etc., including source, processing condition and sharing information for GDPR.

Features

  • Maintain Business Classification Scheme
  • Maintain retention policies, across multiple jurisdictions as required
  • Tag retention policies to classification scheme for assets to inherit
  • Establish user security permissions
  • Create Master Assets as header records for information collections
  • Create format-specific Sub Assets
  • Physical record, electronic document, data set or IT equipment assets
  • Manage field drop down lists
  • Search and reporting with report data export
  • Record data for GDPR Article 30 compliance

Benefits

  • Support GDPR compliance
  • Indentify and address information risks
  • Plan Records Management processes and approaches
  • Support ISO 27001 compliance
  • Support application and maintenance of retention and disposal policies
  • Support Business Continuity Planning
  • Understand paper holdings, plan office sweeps, moves and changes
  • Maintain application software inventory
  • Support e-Discovery
  • Support knowledge awareness and discovery

Pricing

£13200.00 per instance per year

Service documents

G-Cloud 10

835015552466621

Bramble Hub Limited

Roland Cunningham

+44 (0) 2077350030

contact@bramblehub.co.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints All scheduled maintenance will occur outside of standard office hours. Notification prior to software updates can be set to any number of days or weeks as required by the customer, except for critical updates. Software updates and maintenance can be deferred as required by the customer, except for critical updates and emergency maintenance.
System requirements
  • Up to date web browser access for users
  • Microsoft SQL Server 2008 r2 or later
  • Microsoft IIS 7.5 or later
  • Microsoft .Net Framework 4.5.x
  • Windows Server 2008 r2 or later
  • Microsoft Report Viewer 2010

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Email support is provided. Acknowledgement and initial dignosis within 1 hour between the hours of 08:30 hrs and 17:30 hrs, Monday to Friday, excluding UK public holidays.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Support is included within the annual software service fee. Engineering alerts for servers are provided on a 24/7 basis and will be reviewed during working hours on the next day. Application software support is provided between the hours of 08:30 hrs and 17:30 hrs, Monday to Friday, excluding UK public holidays. A named technical account manager will be nominated.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started A full range of services can be provided including requirements analysis and advice, configuration, training, support and maintenance. The system is provided with tool tips, user and administrator documentation, as well as useful guides to support configuration and asset audits etc.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Back-ups of the SQL data can be uploaded to an FTP server nominated by the client.
End-of-contract process Back-ups of the SQL data can be uploaded to an FTP server nominated by the client. Once this has been completed and accepted, the data on the production server will be securely expunged and the server decommissioned.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None
Accessibility standards None or don’t know
Description of accessibility Commands have icons, drop down lists have large buttons, interface and text is scalable
Accessibility testing None
API No
Customisation available Yes
Description of customisation Customer systems administrators may manage field drop down lists, business classifications and retention policies.

Scaling

Scaling
Independence of resources System performance and response times are heavily dependent on the client network environment, internet connection and number of concurrent users. We monitor our software performance closely and will deal with any unforeseen issues as a priority. Subject to this there is a 99.99% up-time guarantee, excluding scheduled maintenance.

Analytics

Analytics
Service usage metrics Yes
Metrics types Reports can be provided based upon a format agreed with the customer.
Reporting types Regular reports

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency Never
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach There is the ability to export the Information Asset Register data to common formats such as PDF, Word, Excel.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • MS Word
  • MS Excel
Data import formats
  • CSV
  • Other
Other data import formats MS Excel Spreadsheet

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability System performance and response times are heavily dependent on the client network environment, internet connection and number of concurrent users. We monitor our software performance closely and will deal with any unforeseen issues as a priority. Subject to this there is a 99.99% up-time guarantee, excluding scheduled maintenance. Refunding is not offered.
Approach to resilience The servers are distinct, fully managed units dedicated solely to the service we provide.
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels SSH Secure channel access, with locking to specific IP Addresses
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We follow security and information governance best pratcices. Relevant ISO and Cloud security standards for the hosting location can be provided on request.
Information security policies and processes The data centres provide maximum security, with access strictly limited to cleared personnel and monitored by extensive CCTV and access control systems. A comprehensive range of physical security measures are in place to guarantee the safety of data:
* CCTV covering all areas of the data centres and corporate offices
* Highly experienced security guards on duty 24/7, 365 days a year
* Role-based access control swipe-card system across multiple secure areas to ensure absolutely no access by unauthorised personnel
In terms of the boxes themselves:
the servers are distinct units dedicated solely to the service we provide, and managed directly by us, ensuring that nothing else running on them can jeopardise their security. They are fire-walled to allow higher-level access only to a specific range of physical locations, and the software itself manages access over an SSL connection.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Formal change management for system changes and updates are not implemented by default, but can be discussed if required.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Independent penetration-testing can be arranged at the client’s request.
Protective monitoring type Supplier-defined controls
Protective monitoring approach The data centres provide maximum security:
*CCTV covering all areas of the data centres and corporate offices
*Highly experienced security guards on duty 24/7, 365 days a year
*Role-based access control swipe-card system across multiple secure areas to ensure absolutely no access by unauthorised personnel
The servers are distinct units dedicated solely to the service we provide, and managed directly by us, ensuring that nothing else running on them can jeopardise their security. They are firewalled to allow higher-level access only to a specific range of physical locations, and the software itself manages access over an SSL connection.
Incident management type Supplier-defined controls
Incident management approach Incidents identified internally will be handled and escalated according to standard procedures; incidents identified by customers may be reported by telephone or e-mail. Incidents will be categorised and managed according to their nature and the type of data affected:
The Breach Management Plan addresses:
1. Containment and recovery.
2. Assessment of ongoing risk.
3. Notification of breach.
4. Evaluation and response.
Full logs of incidents are recorded and retained. Reporting processes will be agreed with the customer.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £13200.00 per instance per year
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑