IRIS: Incident Command software for front-line first responders

Service scope

Software add-on or extension: Yes, but can also be used as a standalone service
What software services is the service an extension to: IRIS is used by First responders on the ground of an incident. To obtain the data, IRIS can connect via API with Control Room software, GIS databases, video streaming devices, geolocation systems, staff management software. If data is not available in other platforms, it can be created manually in IRIS.
Cloud deployment model: Private cloud

Hybrid cloud
Service constraints: IRIS Core is designed to be used in any sort of device with internet connectivity and a browser.

We are hardware agnostic. If needed we can recommend one of our partners as hardware and telecommunications providers.

As per data available, IRIS can easely be integrated with 3rd party platforms to share data. If no 3rd party platforms are available, data can be created and managed manually within IRIS, avoiding dependencies.

If no camera or geolocation devices are available, IRIS has a smartphone version allowing to generate video & tracking of assets included in the subscription.
System requirements: Internet Connection

Access to a Browser (preferably Chrome)

User support

Email or online ticketing support: Email or online ticketing
Support response times: We provide a 24h, 365 days support.
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: None or don’t know
Phone support: Yes
Phone support availability: 24 hours, 7 days a week
Web chat support: No
Onsite support: Yes, at extra cost
Support levels: Unblur provides a 3 Tier service support to its customers in order to ensure that all technical issues are resolved in a timely manner and are handled by experts.

Level 1 and Level 2 support is managed by our partner Oxon Tech, based in Oxfordshire, the United Kingdom. Level 3 support is provided directly by Unblur´s subject matter experts who are the actual designers and developers of Unblur´s products.

Our support desk is available 24/7 to handle any inquiries via dedicated phone lines as well as via email. Besides doing constant pre-emptive monitoring of all systems, our agents respond to any inquiries with short SLAs. They maintain ticket lifecycles and keep customers updated on the progress of their queries with the help of Zendesk.

All 3 levels of service support are provided as a basic part of our contracts without any additional costs for higher tier support.

Our Service levels are:
Level 1: Basic help desk resolution and service desk delivery, pre-emptive monitoring
Level 2: In-depth technical support, identifying and escalating potential 3rd party issues
Level 3: Expert product and service support
Support available to third parties: Yes

Onboarding and offboarding

Getting started: Unblur provides:
1. Training sessions: Unblur team trains on-site an initial group of users, including the Authority’ project owner who will be the designated point of contact. Training sessions consist of office sessions where features are explained and practical exercises are executed in a controlled environment. This is followed up with practical exercises in simulated training environments (e.g.during Authority's training sessions where they simulate incidents, the group of users will use IRIS Core as if they would be in the field). Timescale: 5 days.

2. Handling of training documentation, including on-boarding videos and material for future new users.During the training sessions, Unblur team will work closely with the Authority’s team to document everything and adapt Unblur’s standard documentation to the Authority’s context.

3. Same version of the operational IRIS Core can be duplicated to have a training version of the platform. This platform would be identical to the operational one, but will not interfere with on-going operations and the data generated will not be mixed with real operational data.
Service documentation: Yes
Documentation formats: PDF

Other
Other documentation formats: Online platform (notion, kahoot)
End-of-contract data extraction: Data can be extracted in 2 ways once the contract is over:

a) Manually, users can download all relevant data from the post-incident interface in IRIS.

b) Unblur product team can run the data extraction as part of the handover to the customer or new supplier. This is only done under request & approval from the customer. Also, new suppliers receiving this data directly from Unblur need to comply with the data privacy policies of the customer before running the export.

These procedures can be included in the service contract, to ensure our customer mitigates any risk.
End-of-contract process: Once the contract between Unblur and the Authority has finished the services provided by Unblur end and the Authority has de right to export all the organization's data that has been inputted in IRIS Core for their benefit.

Using the service

Web browser interface: Yes
Supported browsers: Chrome
Application to install: Yes
Compatible operating systems: Android

IOS
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: IRIS Core does not require any app installation since it is a web service. Access to IRIS Core is through a browser.

IRIS Tactics app is an extension that empowers IRIS Core with more enriched data from the field and can be downloaded via Google Play or the Apple App Store.

IRIS Tactics is optimized for smartphone and tablet usage. The app enables sector commanders to visualise incident information in real-time, share insights (e.g. annotations, forms, pictures) in addition to stream video & geolocation.
Service interface: Yes
User support accessibility: None or don’t know
Description of service interface: IRIS Core interface is divided in three main parts:
1. A interactive map (GIS) that can be populated with real-time data (geo-located resources) and static data like pre-planned information (photo and document attachments, historical data, building plans, and water hydrants...).
2. Multiple video feeds. Users can visualize video streamings in real-time coming from any kind of hardware (bodyworn cameras, CCTV, drones, smartphone cameras....).
3. Incident Command dashboards: a series of forms and dashboards displaying incident information (e.g. command structure, evacuation forms, risk assessment, decision & message logs, timeline of the incident, JESIP, NOG Scenarios etc.)
Accessibility standards: None or don’t know
Description of accessibility: IRIS Core is accessible through a browser with an internet connection from any screen either from a tablet, smartphone, pc (rugged digital tools included) and any other technology device with a screen, browser, and internet.
Users can access it from different locations and at any time (before, during, or after the incident) to work on the required tasks depending on their role and access to the platform.
Accessibility testing: Both IRIS Core and IRIS Tactics have been tested with users.
Unblur operates in line with Agile working principles and methodology. This allows Unblur’s product team to constantly work with incident commanders to improve our technology and implement new features. This includes the implementation of accessibility principles to ensure all users can easily use our technology in their complex work environment.

The product team also proactively brings new ideas and prototypes to test before developing and launching new updates. This process is flexible and adapted to the requirements and availability of the Fire Service. This results in a tool that evolves together with the users’ needs. The more the users interact with it, the more it will adapt to their needs.
This methodology, and our experience applying it within the context of incident response in fire services, allows us to adapt our technology constantly without undertaking costly customization projects. While guaranteeing value for money for the Authority, this also ensures that the tool never becomes obsolete. It also reduces friction or resistance to adoption by end users, since they are actively contributing to the development of the tool.
API: Yes
What users can and can't do using the API: It is a standard REST API that allows http encrypted connections with TLS 1.1 and 1.2.
It is though to be used for third party software providers to integrate with IRIS to post or get data, but can be used by any user with permission.
You only need the specific credentials and the capability of sending http packets to use it.
API documentation: Yes
API documentation formats: Open API (also known as Swagger)

HTML
API sandbox or test environment: Yes
Customisation available: Yes
Description of customisation: The more the users interact with it and share feedback, the more it will be customized to look like what users need.

- IRIS dashboard view can be customized quickly at any moment to visualize the modules needed. The number of simultaneous video feeds can be customized to display 1, 2, 4, 6, and up to 12 feeds. Number of video feeds is unlimited and only constraint by the connectivity availability. This allows commanders to have a holistic view by displaying mapping and video feeds. Or for specialised team members to just visualise video feeds, mapping, organization chart, timeline of logs or others. IRIS can integrate other information sources like Geographical Risk Plans, water sources and other available geographical databases.

- Symbology of annotations, users (name, skills, status) and permissions levels, pre-planned information and icons representing assets can be customised as well.

Scaling

Independence of resources: Each of our clients has a separate instance of he applications which allows us to scale the service based on the number of users the specific client is purchasing. And we can guarantee the service can stand one full functional connection of each of these users simultaneosly.

Analytics

Service usage metrics: Yes
Metrics types: IRIS Core keeps all metrics of its usage operational and technical wise.
IRIS Core users can check metrics regarding space like distance and route of all the resources that have been deployed (both commanders, technology like drones and vehicles) before, during and after the incident.
IRIS Core also provides metrics regarding the time of an incident that has taken place with the actions through out the course of it.
IRIS Core records and gives the Authority the capacity to re-play all incidents for learning and audit purposes.
Reporting types: Real-time dashboards

Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: Yes
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least once a year
Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402

Encryption of all physical media
Data sanitisation process: Yes
Data sanitisation type: Deleted data can’t be directly accessed
Equipment disposal approach: A third-party destruction service

Data importing and exporting

Data export approach: IRIS Core users have the option of exporting their data and certain reports in PDF format in a way that is easy and accessible.

New versions to be launched in 2022 will include dedicated interfaces for authorized users to export all sorts of data manually.
Data export formats: Other
Other data export formats: PDF
Data import formats: Other
Other data import formats: KML

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability: Unblur's team will be working together with the designated contact person at the Authority to ensure that the platform operates at the service level agreements required. Unblur ensures a complete availability if required by Authority. Terms and conditions are set at the beginning of the service with the Authority. Technical Support: Unblur will assign one person for technical support and maintenance. This person will be in charge of ensuring that the platform works 24/7 to answer any queries and to execute and notify maintenance and update activities. Feedback & improvement: Unblur will assign one User Experience Manager to gather insights and feedback to improve IRIS and adapt it to the Authority’s needs. This person will also share periodically product roadmap and strategy for updates with Authority point of contact. Reporting and general inquiries: Unblur will be in charge of reporting periodically to the Authority on the platform performance. Integrations and APIs: Unblur product team will be available via the feedback channel to develop and integrate new platforms and data sources within the scope of the project (e.g. a new resource management platform with data about crews and vehicles, new tracking devices for indoor location, etc.)
Approach to resilience: Our platforms runs on third party cloud providers with a high level of resilience, the data is stored securitely and automatic backups are done and stored in different locations. Even in the worst cases a full migration to other providers won't take more than two hours.
Outage reporting: The running version of the service is displaied on main dashboards of it. We actually update the service on our own preventing the users to have an outdated version.

Identity and authentication

User authentication needed: Yes
User authentication: Username or password
Access restrictions in management interfaces and support channels: IRIS Core allows the creation of different types of users with different types of permissions based on the role within the organization.

The Admin-level permission allows to fully configure the platform, and access all functionalities. Guest users can only visualize certain interfaces, and cannot access configuration. IRIS has 3 other levels, which can be customized to access different features and interfaces. Configuration can only be done by an admin user.
Access restriction testing frequency: At least every 6 months
Management access authentication: Username or password

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users have access to real-time audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: LGAI Technological Center, S.A. (Applus+)
ISO/IEC 27001 accreditation date: 28/01/2022
What the ISO/IEC 27001 doesn’t cover: The non-product-related departments of the company (Marketing, Sales, and Administration).

Despite not being included in the certification, these departments follow the same procedures & policies as the certified departments.
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: Unblur has a Security Committee which includes company board members and technical experts.

This committee works under the ISO procedures, meeting periodically to follow up on security objectives, company security training, project implementation, and KPIs.

The committee has also the capacity of quickly gathering for crisis response and critical communications both internally and externally.

Operational security

Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach: Unblur’s system configuration follows specific hardening guides compliant with ISO27001 standard and ENS (Spain National Security Scheme).

Any change on services configuration or software updates goes through Unblur’s change management process, which consists on the creation of a ticket per change, approval of the corresponding technical manager and implemented in three separate phases/environments, which are: Development, Pre-production and Production.

Each ticket is securely stored and contains the person making the request, the date of request, the person implementing it, the date of implementation, the details of the task executed and the priority.
Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach: Unblur has different tools to detect vulnerabilities, Microsoft’s solution monitoring servers, and a specific tool for checking the application source code.

Whenever a vulnerability is detected, an alert is sent to our IT department.

Vulnerabilities are managed using the same ticketing system described before. Prioritization is based on a combination of impact and exploitability.

Tickets contain the person who detected the vulnerability, the date of detection, the person solving it, the date of implementation, the detail of the tasks executed and the priority of the ticket.t less than 24h to provide a solution.
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: Unblur's centralized monitoring solution periodically informs via the official internal communication system of the status of the services and also generates automatic notifications for the unusual states. In case of any alert being received, its nature is analyzed, then prioritized and the team responsible for it proceeds accordingly following Unblur’s incident management process.
Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach: Incidents can be detected by three different sources, monitoring tools in place, Unblur employees, or even from external sources (public news, NCSC early warnings, advanced users, etc).

Once an incident is detected, the process followed to mitigate it is very similar to vulnerability management, where each incident is classified by risk in the ticketing system, and the actions carried out are properly documented and stored. This process has these different phases: detection, containment, remediation and recovery, root cause search, learning from incidents, and disciplinary measures when needed.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: Yes
Connected networks: Other
Other public sector networks: Compatible with ESN Connect

Social Value

Fighting climate change
Wellbeing

Fighting climate change

UnBlur's incident command and situational awareness software enables seamless remote access, minimising unnecessary resource deployment and travel while facilitating real-time coordination and information sharing. By optimising operational effectiveness, it mitigates the expansion of incidents, safeguarding the environment from potential detrimental effects.

Wellbeing

Unblurs incident management and situational awareness software prioritises wellbeing through real-time tracking, dynamic information sharing, hazard awareness, and risk assessment management. By enabling optimal operational response, Unblur safeguards communities, delivers better outcomes, and enhances safety and wellbeing systems for operational first responders, in line with the nation's commitment to promoting overall societal welfare

Pricing

Price: £200 to £1,000 a user a year
Discount for educational organisations: Yes
Free trial available: No

IRIS: Incident Command software for front-line first responders

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

IRIS: Incident Command software for front-line first responders

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents