Skip to main content

Help us improve the Digital Marketplace - send your feedback

Boomalert Ltd

Public sector incident management

BoomAlert automates incident communication. Build bespoke communication workflows, meet requirements for critical events. Alerting workflows automate coordinated processes based on responses, time triggers, count triggers and escalation paths. Critical Alerting, Incident Management, Business Continuity, IT Monitoring, Machine-2-Machine Alerting, Event Management.
ISO-27001, Cyber Essentials and Cyber Essentials Plus accredited.

Features

  • Timely, concise updates provided post-incident or upon call-in initiation
  • Range of channels: SMS, Email, voice, and mobile app access
  • Create multichannel blasts or stagger messaging at required intervals
  • Seamless integration enables event-triggered workflows via HTTPS, SMS, or Email.
  • Automate escalation across different messaging channels to non-responders
  • Escalate across contacts or groups to ensure acknowledgments are received
  • Set a response count for processes requiring quota fulfilment
  • Use fully interactive messaging to engage with responders
  • Issue updates during an incident containing real-time incident MI
  • Access incident dashboard to track live incident process

Benefits

  • Minimize incident impact with instant targeted communication responses
  • Cut costs, boost productivity by automating incident communication processes.
  • Enhance efficiency by automating real-time Management Information distribution
  • Meet SLAs, reduce incident resolution times to maintain compliance
  • Ensure duty of care compliance with end-to-end lone working solution
  • Prevent disruption with preemptive alerts for mobile staff
  • Provide up-to-the-minute status reports post-incident or call-in

Pricing

£0.04 a unit

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@boomcomms.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

1 5 8 1 2 6 1 8 4 0 6 7 3 8 5

Contact

Boomalert Ltd Andy Allen
Telephone: +44 207 224 5555
Email: sales@boomcomms.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Nil
System requirements
Must have access to the internet

User support

Email or online ticketing support
Email or online ticketing
Support response times
Boomcare Support

Support times: 9am-6pm, Mon-Fri
Support channel: Email, Telephone, webchat

System availability
Target availability: No commitments

Boomcare Premium

Support times: 24x7
Support channel: Email, Telephone, webchat

System availability
Target availability 99.50%

Issue response times
Severity level 1 - 1 hour
Severity level 2 - 1 hour
Severity level 3 - 1 hour
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AAA
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
WCAG 2.1 AAA
Web chat accessibility testing
Nil
Onsite support
Onsite support
Support levels
Standard (working hours) support is included.

Premium Support is at an additional cost as described in the pricing sheet, depending on the level on service.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Training and guidance is provided by Boomerang Account Managers assigned to the account. Training can be delivered on sight, over the phone or on-line. The interactive help topics, throughout the user interface assist with training also.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Users have the ability to download and extract their data (in csv format) at the end of the contract, or it can be requested from Boomalert, as a managed service.
End-of-contract process
Customers must fulfil the minimum contract period agreed. Service cancellation requests are to be submitted in writing and will be subject to the agreed cancellation period. The service will remain active up to the agreed cancellation date, thereafter, will be decommissioned. All subsequent requests to access the service will be blocked. The customer will be obliged to pay any outstanding monies for subscriptions or message transactions that have not already been invoiced. The service account (although not active) will be retained for a further period before being fully deleted from Boomerang’s systems (after which no account data will be retrievable). Data uploaded by the customer can be modified or deleted as required during the contract period or notice period. The deletion of data involves full hashing over.
Early termination of the contract will incur termination fees if the termination is not result of a material breach.
Any transactional message data processed during use of the services will be held for the standard retention period of 13 months from point of processing.
Where additional services have been purchased that are still within their contract period (e.g. dedicated or shared inbound short code services), the terms of those agreements remain in place.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
No
Service interface
No
User support accessibility
WCAG 2.1 AA or EN 301 549
API
Yes
What users can and can't do using the API
Boomerang offers an intuitive API builder, within the User Interface. Integrations can be saved, amended and stored in the UI library nd called upon when required.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
The user defined customisable settings are accessed through the system settings. The user interface can be 're-skinned' if required. Users with the required permissions can make changes to the customisable options

Scaling

Independence of resources
Capacity and performance have been considered during the original design and evolution of our services, to ensure they are able to meet expected demand and customer service levels. Our cloud based environment allows for rapid deployment of additional resources where required, without disruption to production services. Cloud instances have also been configured to use an auto-scale set of resource limits, within which additional resources are utilised as demand is increased.

Analytics

Service usage metrics
Yes
Metrics types
"Live" analytics can be viewed on the User Interface's dashboard via the portal. Consolidated reports can be downloaded or sent via email automatically, in CSV format. Reports can be delivered via dashboard, email or API.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
In-house
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Data can be exported at any time by users or request that the data be exported by Boomalert staff, in csv format.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
IPsec or TLS VPN gateway
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Customers are entitled to Service Credits based on a failure to meet the monthly System Availability of 99.99%. Where Boomalert fails to meet this target in respect of any calendar month, subject to the paragraph below, Boomcare Premium customers will be entitled to claim a Service Credit of 10% of the monthly value of the service subscription paid in respect of the Service affected (being one twelfth of the total annual amount paid). Service Credits are not provided against any other annual or monthly charges (including but not limited to message credits) nor in respect of any other metrics or performance measurements. A Customer is not entitled to Service Credits if it is in breach of its agreement with Boomalert, including without limitation where the Customer is not up-to-date with its payments when the relevant Outage occurred or Service Credits are claimed
Approach to resilience
Network devices, including firewall and other boundary devices, are in place to monitor and control communications at the external boundary of the network and at key internal boundaries within the network. These boundary devices employ rule sets, access control lists (ACL), and configurations to enforce the flow of information to specific information system services. ACLs, or traffic flow policies, are used to manage the flow of traffic.
A wide variety of automated monitoring systems are utilised to provide a high level of service performance and availability. These monitoring tools are designed to detect unusual or unauthorized activities and conditions across network usage, port scanning activities, application usage, and unauthorised intrusion attempts. The tools have the ability to set custom performance metrics thresholds for unusual activity.
Outage reporting
Planned maintenance
Planned maintenance covers scheduled activities that are required to keep the services and infrastructure supporting them secure, error free and optimal. All planned maintenance scheduled where possible to minimise customer inconvenience and the maximum notice period possible is provided (a minimum of one week is mandatory). Notifications containing details of the maintenance schedule are issued to designated contacts before and on completion of the work.
Unplanned maintenance
Unplanned maintenance is undertaken to prevent service related issues or degradation of services that would otherwise affect customers’ use of the service.
Emergency maintenance
Emergency maintenance is carried out to address any issues affecting availability, provision or performance of the service.
Although Boomalert will provide as much information as possible during unplanned and emergency maintenance, it may not always be possible to provide prior notice, due to the nature and urgency of the work being carried out.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
The Access Control Policy sets out a comprehensive range of access controls to safeguard customer data. Internal access to company systems and networks holding or processing customer data, is granted on the basis of least privilege. Procedures are in place to ensure that access to systems is formally authorised. Every system user is identified by a unique Id and key activities carried out by a user and is logged with the date and time the activity was performed. Asset owners are assigned to company information assets which includes carrying out regular reviews of system access.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
British Assessment Bureau
ISO/IEC 27001 accreditation date
17 October 2019
What the ISO/IEC 27001 doesn’t cover
Nil
ISO 28000:2007 certification
Yes
Who accredited the ISO 28000:2007
British Assessment Bureau
ISO 28000:2007 accreditation date
17 October 2017
What the ISO 28000:2007 doesn’t cover
Nil
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
  • Cyber Essentials
  • Cyber Essentials Plus
  • ISO 27001:2017

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Boomalert currently complies with requirements, policies and controls, including Cyber Essentials, NCSC Cloud Security Principles and operates to security level IL3 . It is ISO 27001:2017 accredited. The following tools, policies and frameworks have been implemented: an information security management system (ISMS), risk assessment and management following ISO 27002 code of practice, regular staff awareness training, including an HR security lifecycle that covers recruitment, induction, in life management and exit, governance of the ISMS through performance evaluation, other policies and controls in line with ISO 27002 to address risks and requirements in the areas of: asset management, access control, cryptography, physical and environmental security, operations security, communications security, system acquisition, development and maintenance, supplier selection and management, including a robust segmented approach to supplier work, information security, incident management (including EU GDPR compliance). information security for business continuity planning and disaster recovery.
Additionally, Boomalert's approach to information assurance includes processes and tools for managing aspects of EU GDPR such as: Subject Access Requests (SAR) and notifying ICO and individuals affected data incidents. The organisation has invested in capability for undertaking privacy impact assessments (PIA) and working in line with both EU GDPR and ISO 27001:2017 for information security in projects.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Changes to any system components, configurations, software and system code are regulated and controlled via a structured change management process to minimise the impact of any changes upon service users. Changes are recorded and evaluated according to their priority, risk and their impact upon availability of services and changes must be formally approved prior to implementation.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Network devices, including firewall and other boundary devices, are in place to monitor and control communications at the external boundary of the network and at key internal boundaries within the network. These boundary devices employ rule sets, access control lists (ACL), and configurations to enforce the flow of information to specific information system services. ACLs, or traffic flow policies, are used to manage the flow of traffic.
Automated monitoring systems are utilised to provide a high level of service performance and availability. These monitoring tools are designed to detect unusual or unauthorised activities and unauthorised intrusion attempts.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Network devices, including firewall and other boundary devices, are in place to monitor and control communications at the external boundary of the network and at key internal boundaries within the network. These boundary devices employ rule sets, access control lists (ACL), and configurations to enforce the flow of information to specific information system services. ACLs, or traffic flow policies, are used to manage the flow of traffic.
Automated monitoring systems are utilised to provide a high level of service performance and availability. These monitoring tools are designed to detect unusual or unauthorised activities and unauthorised intrusion attempts.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Boomalert maintains a strategy for reacting to, and recovering from, adverse situations which is in line with senior management’s level of acceptable risk; Maintaining a programme of activity which ensures the company has the ability to react appropriately to, and recover from, adverse situations in line with the business continuity objective; Maintaining appropriate response plans underpinned by a clear escalation process; Maintaining a level of resilience to operational failure in line with the risk faced, the level of negative impact which could result from failure and senior management’s level of acceptable risk.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

Boomerang has a published Carbon Reduction Plan aimed at achieving net zero emissions in alignment with PPN 06/21 guidelines. Additionally, Boomerang adheres to an ESG (Environmental, Social, and Governance) policy to uphold best practices concerning environmental concerns. This includes operating in a paperless environment to minimise waste and using data centres powered by renewable energy.

Covid-19 recovery

In order to support sustainable COVID-19 recovery efforts, Boomerang has adjusted its operational policies to include hybrid working arrangements, promoting social distancing. Boomerang is dedicated to the recruitment and retraining of individuals who have faced redundancies due to COVID-19, accounting for 50% of its hires in the last 12 months. Furthermore, Boomerang has provided its messaging services to organizations with specific COVID-alerting features.

Tackling economic inequality

Boomerang adheres to a Diversity and Equality policy to ensure the hiring of personnel from diverse economic backgrounds. The company continuously supports the development of its employees by implementing Personal Development Plans, aiding staff in achieving their objectives with regular reviews. This aids with Boomerang's goals on continuous innovation. Boomerang conducts due diligence with its supply chain collaborators, upholding consistent standards across suppliers. This includes stringent cybersecurity measures.

Equal opportunity

Apart from Boomerang's Equality and Diversity policy, we also enforce a Modern Slavery policy and a Code of Conduct to ensure fairness from hiring through employment. Staff members adhere to Personal Development Plans (PDPs) for continuous development and progression. We extend this commitment across our supply chain through rigorous due diligence of our suppliers.

Wellbeing

Boomerang prioritises the well-being of its personnel, guided by policies such as the Code of Conduct and Health and Safety Policy, among others. The Diversity and Equality policy, along with the ESG framework, underscore the company's dedication to the well-being of its staff and its role within the broader community.

Pricing

Price
£0.04 a unit
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
A trial service is provided, containing full access to service functionality. Trials are provided free of charge, include some free message credit and are active for a period of 14 days. Trial accounts are created directly from the Boomalert website, requested via the website or requested by contacting Boomalert directly.
Link to free trial
Www.boomalert.com

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@boomcomms.com. Tell them what format you need. It will help if you say what assistive technology you use.