Noggin IT

Noggin OCA

Noggin OCA is a secure, online software system and total solution for risk management, incident management and crisis communications. It provides all the information and tools you need in one place, in your format, saving you time, helping you make informed decisions quickly, and enabling increased response time and efficiency.


  • Record, organise, analyse and distribute information about incidents
  • Manage risks with centralised risk and control libraries
  • Enforce and automate processes, workflows, actions, escalations, notifications or plans
  • Dynamically manage assignment and dispatch of teams, assets and resources
  • Mapping to analyse geo-coded system data and overlay external feeds
  • Analytics to filter and report on all system data
  • Manage all organisational contacts, people, resources and assets
  • 2 way communications (sms, email, fax, voice and conferences)
  • Monitor and publish to multiple social media feeds
  • Mobile access with mobile applications or optimised browser interface


  • Capable of managing all hazards across wide range of industries
  • It's configurability allows it to solve many different business problems
  • Only software of its type globally to be certified EAL2+
  • Utilise multiple hosting options, on premise or our data centres
  • All the tools you need in one place
  • Configurable to match your business processes and data structures
  • No technical assistance required to self administer the system
  • Intuitive interface that is easy to learn and use
  • Visual workflow builder to plan, automatically enact and track processes
  • Range of integration options to leverage data and share information


£990 to £16000 per licence per month

  • Free trial available

Service documents


G-Cloud 11

Service ID

8 5 1 5 7 7 3 3 3 3 3 1 0 9 2


Noggin IT

Colm Greene

+44 20 3500 1431

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints N/A
System requirements
  • Latest three versions of Chrome, Firefox, Internet Explorer or Safari
  • Recommended internet access providing <20ms ping time to the server
  • IPhone, iPad and Android for mobile application

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Priority Acknowledgement Response
1 15 mins ** 45 minutes
2 2 hours
3 1 business day
4 2 business days

** Via automated email alert (where a P1 has been reported on the phone, this will be captured as a Support Request against the Client’s name during the phone conversation, resulting in an email acknowledgement to the customer).
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Noggin can offer level 1 or level 2-3 support (escalation after an initial triage for problem investigation, change request fulfilment or provision of additional information/advice). Most customers provide level 1 support pertaining to their system setup, procedures, data and policies, and then refer to Noggin for any application-specific enquiries/issues.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Noggin offers a full range of professional services to support the implementation of its software products, including business and requirements analysis, project management, solution architecture and design, system configuration, software customisation, system integration, test planning and execution, change management and communications, and a variety of training options.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction At the termination of services Noggin will provide assistance to the client to transfer the data and information in the system to an alternative system, and/or provide all client data in a logical and accessible format for re-use, archiving or import into an alternative system.
End-of-contract process Noggin will conduct a post-service review and hand-over workshop with the client or any new service providers. This workshop will cover:
• Reasons for termination or non-renewal
• Feedback and performance appraisal of services
• Transition requirement s- data, knowledge, documentation
• Transfer of relevant system knowledge or processes to the client or a new provider

We will then complete a decommissioning process which will involve termination of Noggin’s access to all client systems or data, and archiving and decommissioning of any relevant systems.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The user interface is optimised for a smaller screen within the mobile device, and thus is presented differently. There are some advanced and system administration and configuration features that are not available in the mobile interface, such as designing dashboards or workflows, or configuring forms.
In addition to having the end user functionality available, with the app you can also monitor alerts, track the location of your contacts using GPS, submit geo-coded photos, video or audio to Noggin OCA, use GPS and device location to create spatial data, view edit and add records ‘offline’, and synchronise key records to devices.
Service interface No
What users can and can't do using the API Noggins OCA’s RESTful API can be used for general functionality, to create, edit or view data, or initiate other functions such as workflows, communications etc.
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Noggin offers rich configuration capabilities, available to client system administrators through the standard user interface. Customisations and enhancements required under a client implementation project are scoped, specified and commissioned into the normal development cycles.


Independence of resources Noggin uses a production system monitoring tool called ‘Zabbix’ which monitors resource consumptions for all deployments. For certain deployments auto scaling can be enabled which will ensure availability of resources for spike in demand and guaranteed availability of resources.


Service usage metrics Yes
Metrics types Uptime
Reporting types Regular reports


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach There are a range of data export tools available:
• Contacts, groups, incidents and assets have dedicated CSV/Excel export tools
• The contents of any data table across the system can be exported to CSV at any time
• Results of Analytics queries in OCA can be exported to MS Excel
• Incidents, Reports, Logs and Requests can be exported to PDF
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats PDF
Data import formats
  • CSV
  • Other
Other data import formats Excel

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Noggin can offer system availability of 99.9% and a 24 x 7 x 365 help desk as standard.
Approach to resilience Noggin OCA is configured in an active/standby arrangement across two data centres in two different locations, with data replicated in close to real-time. Both nodes are on entirely separate infrastructure with internal connectivity and hardware redundancy features. Neither node relies upon each other for operation delivering a true no-single-point-of-failure solution.
Outage reporting In the event that the active system experiences a fault, our monitoring system will detect this and alert a technician 24x7, who can activate a failover mechanism to transfer from one node to another.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Users access the system using a username and password, and clients can control password policy and strength settings for each type of user. If required, 2-factor authentication via SMS can also be enabled for each type of user.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 EY CertifyPoint
ISO/IEC 27001 accreditation date 11/12/2013
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date 11/12/2013
CSA STAR certification level Level 3: CSA STAR Certification
What the CSA STAR doesn’t cover
PCI certification No
Other security certifications Yes
Any other security certifications EAL2+ under the Common Criteria for Information Technology Security Evaluation

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards EAL2+ under the Common Criteria for Information Technology Security Evaluation by the Defence Signals Directorate (DSD).
Information security policies and processes Noggin follows a comprehensive security and technology policy which is mandatory for all employees. This includes definitions, classifications, procedures and guidelines around the Acceptable use of IT resources, Privacy & Information Security.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Noggin uses a three step approach which includes Subversion & Bitbucket for product source code, 'Snapshot on write' for OCA configuration files and backup of database logs for system settings stored in the database. For change management, we support the client with specific documentation and running train the trainer workshops.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach The OCA system is built using the latest protection measures to protect from infection by unauthorised/undesirable software programs, such as viruses, worms, and Trojan horses, and others. The system is made as secure as possible from malicious interference by
• Frequent patching of critical systems
• Hardening of servers
Protective monitoring type Supplier-defined controls
Protective monitoring approach Noggin uses a production system monitoring tool called ‘Zabbix’ which alerts technicians to any faults or errors in the system, escalating based on severity. Zabbix is used for monitoring all aspects of the solutions including network, infrastructure, database, webserver and others. All problems and service incidents or requests are logged and tracked in our Issue Tracker system. Incidents may be detected internally via our service monitoring system, or reported by a customer or user via email, telephone (24 x 7) or directly in Issue Tracker.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach All requests/incidents are logged in Noggin’s Support Portal. Once logged the incident is assessed to determine the severity and investigate the root cause. Once identified a solution is designed and relevant customers affected are notified of the progress and timeframe for resolution. The solution then follows normal change control procedures.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £990 to £16000 per licence per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Access to the system for a predefined period of time with set objectives and outcomes defined.

Service documents

Return to top ↑