Noggin IT

Noggin OCA

Noggin OCA is a secure, online software system and total solution for risk management, incident management and crisis communications. It provides all the information and tools you need in one place, in your format, saving you time, helping you make informed decisions quickly, and enabling increased response time and efficiency.


  • Record, organise, analyse and distribute information about incidents
  • Manage risks with centralised risk and control libraries
  • Enforce and automate processes, workflows, actions, escalations, notifications or plans
  • Dynamically manage assignment and dispatch of teams, assets and resources
  • Mapping to analyse geo-coded system data and overlay external feeds
  • Analytics to filter and report on all system data
  • Manage all organisational contacts, people, resources and assets
  • 2 way communications (sms, email, fax, voice and conferences)
  • Monitor and publish to multiple social media feeds
  • Mobile access with mobile applications or optimised browser interface


  • Capable of managing all hazards across wide range of industries
  • It's configurability allows it to solve many different business problems
  • Only software of its type globally to be certified EAL2+
  • Utilise multiple hosting options, on premise or our data centres
  • All the tools you need in one place
  • Configurable to match your business processes and data structures
  • No technical assistance required to self administer the system
  • Intuitive interface that is easy to learn and use
  • Visual workflow builder to plan, automatically enact and track processes
  • Range of integration options to leverage data and share information


£990 to £16000 per licence per month

  • Free trial available

Service documents


G-Cloud 11

Service ID

8 5 1 5 7 7 3 3 3 3 3 1 0 9 2


Noggin IT

Colm Greene

+44 20 7173 0390

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
System requirements
  • Latest three versions of Chrome, Firefox, Internet Explorer or Safari
  • Recommended internet access providing <20ms ping time to the server
  • IPhone, iPad and Android for mobile application

User support

Email or online ticketing support
Email or online ticketing
Support response times
Priority Acknowledgement Response
1 15 mins ** 45 minutes
2 2 hours
3 1 business day
4 2 business days

** Via automated email alert (where a P1 has been reported on the phone, this will be captured as a Support Request against the Client’s name during the phone conversation, resulting in an email acknowledgement to the customer).
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
Noggin can offer level 1 or level 2-3 support (escalation after an initial triage for problem investigation, change request fulfilment or provision of additional information/advice). Most customers provide level 1 support pertaining to their system setup, procedures, data and policies, and then refer to Noggin for any application-specific enquiries/issues.
Support available to third parties

Onboarding and offboarding

Getting started
Noggin offers a full range of professional services to support the implementation of its software products, including business and requirements analysis, project management, solution architecture and design, system configuration, software customisation, system integration, test planning and execution, change management and communications, and a variety of training options.
Service documentation
Documentation formats
End-of-contract data extraction
At the termination of services Noggin will provide assistance to the client to transfer the data and information in the system to an alternative system, and/or provide all client data in a logical and accessible format for re-use, archiving or import into an alternative system.
End-of-contract process
Noggin will conduct a post-service review and hand-over workshop with the client or any new service providers. This workshop will cover:
• Reasons for termination or non-renewal
• Feedback and performance appraisal of services
• Transition requirement s- data, knowledge, documentation
• Transfer of relevant system knowledge or processes to the client or a new provider

We will then complete a decommissioning process which will involve termination of Noggin’s access to all client systems or data, and archiving and decommissioning of any relevant systems.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The user interface is optimised for a smaller screen within the mobile device, and thus is presented differently. There are some advanced and system administration and configuration features that are not available in the mobile interface, such as designing dashboards or workflows, or configuring forms.
In addition to having the end user functionality available, with the app you can also monitor alerts, track the location of your contacts using GPS, submit geo-coded photos, video or audio to Noggin OCA, use GPS and device location to create spatial data, view edit and add records ‘offline’, and synchronise key records to devices.
Service interface
What users can and can't do using the API
Noggins OCA’s RESTful API can be used for general functionality, to create, edit or view data, or initiate other functions such as workflows, communications etc.
API documentation
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
Noggin offers rich configuration capabilities, available to client system administrators through the standard user interface. Customisations and enhancements required under a client implementation project are scoped, specified and commissioned into the normal development cycles.


Independence of resources
Noggin uses a production system monitoring tool called ‘Zabbix’ which monitors resource consumptions for all deployments. For certain deployments auto scaling can be enabled which will ensure availability of resources for spike in demand and guaranteed availability of resources.


Service usage metrics
Metrics types
Reporting types
Regular reports


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
There are a range of data export tools available:
• Contacts, groups, incidents and assets have dedicated CSV/Excel export tools
• The contents of any data table across the system can be exported to CSV at any time
• Results of Analytics queries in OCA can be exported to MS Excel
• Incidents, Reports, Logs and Requests can be exported to PDF
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
Data import formats
  • CSV
  • Other
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Noggin can offer system availability of 99.9% and a 24 x 7 x 365 help desk as standard.
Approach to resilience
Noggin OCA is configured in an active/standby arrangement across two data centres in two different locations, with data replicated in close to real-time. Both nodes are on entirely separate infrastructure with internal connectivity and hardware redundancy features. Neither node relies upon each other for operation delivering a true no-single-point-of-failure solution.
Outage reporting
In the event that the active system experiences a fault, our monitoring system will detect this and alert a technician 24x7, who can activate a failover mechanism to transfer from one node to another.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Users access the system using a username and password, and clients can control password policy and strength settings for each type of user. If required, 2-factor authentication via SMS can also be enabled for each type of user.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
EY CertifyPoint
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
CSA STAR accreditation date
CSA STAR certification level
Level 3: CSA STAR Certification
What the CSA STAR doesn’t cover
PCI certification
Other security certifications
Any other security certifications
EAL2+ under the Common Criteria for Information Technology Security Evaluation

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
EAL2+ under the Common Criteria for Information Technology Security Evaluation by the Defence Signals Directorate (DSD).
Information security policies and processes
Noggin follows a comprehensive security and technology policy which is mandatory for all employees. This includes definitions, classifications, procedures and guidelines around the Acceptable use of IT resources, Privacy & Information Security.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Noggin uses a three step approach which includes Subversion & Bitbucket for product source code, 'Snapshot on write' for OCA configuration files and backup of database logs for system settings stored in the database. For change management, we support the client with specific documentation and running train the trainer workshops.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
The OCA system is built using the latest protection measures to protect from infection by unauthorised/undesirable software programs, such as viruses, worms, and Trojan horses, and others. The system is made as secure as possible from malicious interference by
• Frequent patching of critical systems
• Hardening of servers
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Noggin uses a production system monitoring tool called ‘Zabbix’ which alerts technicians to any faults or errors in the system, escalating based on severity. Zabbix is used for monitoring all aspects of the solutions including network, infrastructure, database, webserver and others. All problems and service incidents or requests are logged and tracked in our Issue Tracker system. Incidents may be detected internally via our service monitoring system, or reported by a customer or user via email, telephone (24 x 7) or directly in Issue Tracker.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
All requests/incidents are logged in Noggin’s Support Portal. Once logged the incident is assessed to determine the severity and investigate the root cause. Once identified a solution is designed and relevant customers affected are notified of the progress and timeframe for resolution. The solution then follows normal change control procedures.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£990 to £16000 per licence per month
Discount for educational organisations
Free trial available
Description of free trial
Access to the system for a predefined period of time with set objectives and outcomes defined.

Service documents

Return to top ↑