Public sector incident management
BoomAlert automates incident communication. Build bespoke communication workflows, meet requirements for critical events. Alerting workflows automate coordinated processes based on responses, time triggers, count triggers and escalation paths. Critical Alerting, Incident Management, Business Continuity, IT Monitoring, Machine-2-Machine Alerting, Event Management.
ISO-27001, Cyber Essentials and Cyber Essentials Plus accredited.
Features
- Timely, concise updates provided post-incident or upon call-in initiation
- Range of channels: SMS, Email, voice, and mobile app access
- Create multichannel blasts or stagger messaging at required intervals
- Seamless integration enables event-triggered workflows via HTTPS, SMS, or Email.
- Automate escalation across different messaging channels to non-responders
- Escalate across contacts or groups to ensure acknowledgments are received
- Set a response count for processes requiring quota fulfilment
- Use fully interactive messaging to engage with responders
- Issue updates during an incident containing real-time incident MI
- Access incident dashboard to track live incident process
Benefits
- Minimize incident impact with instant targeted communication responses
- Cut costs, boost productivity by automating incident communication processes.
- Enhance efficiency by automating real-time Management Information distribution
- Meet SLAs, reduce incident resolution times to maintain compliance
- Ensure duty of care compliance with end-to-end lone working solution
- Prevent disruption with preemptive alerts for mobile staff
- Provide up-to-the-minute status reports post-incident or call-in
Pricing
£0.04 a unit
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
1 5 8 1 2 6 1 8 4 0 6 7 3 8 5
Contact
Boomalert Ltd
Andy Allen
Telephone: +44 207 224 5555
Email: sales@boomcomms.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- Nil
- System requirements
- Must have access to the internet
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Boomcare Support
Support times: 9am-6pm, Mon-Fri
Support channel: Email, Telephone, webchat
System availability
Target availability: No commitments
Boomcare Premium
Support times: 24x7
Support channel: Email, Telephone, webchat
System availability
Target availability 99.50%
Issue response times
Severity level 1 - 1 hour
Severity level 2 - 1 hour
Severity level 3 - 1 hour - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AAA
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Web chat
- Web chat support availability
- 24 hours, 7 days a week
- Web chat support accessibility standard
- WCAG 2.1 AAA
- Web chat accessibility testing
- Nil
- Onsite support
- Onsite support
- Support levels
-
Standard (working hours) support is included.
Premium Support is at an additional cost as described in the pricing sheet, depending on the level on service. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Training and guidance is provided by Boomerang Account Managers assigned to the account. Training can be delivered on sight, over the phone or on-line. The interactive help topics, throughout the user interface assist with training also.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Users have the ability to download and extract their data (in csv format) at the end of the contract, or it can be requested from Boomalert, as a managed service.
- End-of-contract process
-
Customers must fulfil the minimum contract period agreed. Service cancellation requests are to be submitted in writing and will be subject to the agreed cancellation period. The service will remain active up to the agreed cancellation date, thereafter, will be decommissioned. All subsequent requests to access the service will be blocked. The customer will be obliged to pay any outstanding monies for subscriptions or message transactions that have not already been invoiced. The service account (although not active) will be retained for a further period before being fully deleted from Boomerang’s systems (after which no account data will be retrievable). Data uploaded by the customer can be modified or deleted as required during the contract period or notice period. The deletion of data involves full hashing over.
Early termination of the contract will incur termination fees if the termination is not result of a material breach.
Any transactional message data processed during use of the services will be held for the standard retention period of 13 months from point of processing.
Where additional services have been purchased that are still within their contract period (e.g. dedicated or shared inbound short code services), the terms of those agreements remain in place.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- No
- Service interface
- No
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- API
- Yes
- What users can and can't do using the API
- Boomerang offers an intuitive API builder, within the User Interface. Integrations can be saved, amended and stored in the UI library nd called upon when required.
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- API sandbox or test environment
- No
- Customisation available
- Yes
- Description of customisation
- The user defined customisable settings are accessed through the system settings. The user interface can be 're-skinned' if required. Users with the required permissions can make changes to the customisable options
Scaling
- Independence of resources
- Capacity and performance have been considered during the original design and evolution of our services, to ensure they are able to meet expected demand and customer service levels. Our cloud based environment allows for rapid deployment of additional resources where required, without disruption to production services. Cloud instances have also been configured to use an auto-scale set of resource limits, within which additional resources are utilised as demand is increased.
Analytics
- Service usage metrics
- Yes
- Metrics types
- "Live" analytics can be viewed on the User Interface's dashboard via the portal. Consolidated reports can be downloaded or sent via email automatically, in CSV format. Reports can be delivered via dashboard, email or API.
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- In-house
- Protecting data at rest
- Physical access control, complying with CSA CCM v3.0
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
- Data can be exported at any time by users or request that the data be exported by Boomalert staff, in csv format.
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- IPsec or TLS VPN gateway
- Data protection within supplier network
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- Customers are entitled to Service Credits based on a failure to meet the monthly System Availability of 99.99%. Where Boomalert fails to meet this target in respect of any calendar month, subject to the paragraph below, Boomcare Premium customers will be entitled to claim a Service Credit of 10% of the monthly value of the service subscription paid in respect of the Service affected (being one twelfth of the total annual amount paid). Service Credits are not provided against any other annual or monthly charges (including but not limited to message credits) nor in respect of any other metrics or performance measurements. A Customer is not entitled to Service Credits if it is in breach of its agreement with Boomalert, including without limitation where the Customer is not up-to-date with its payments when the relevant Outage occurred or Service Credits are claimed
- Approach to resilience
-
Network devices, including firewall and other boundary devices, are in place to monitor and control communications at the external boundary of the network and at key internal boundaries within the network. These boundary devices employ rule sets, access control lists (ACL), and configurations to enforce the flow of information to specific information system services. ACLs, or traffic flow policies, are used to manage the flow of traffic.
A wide variety of automated monitoring systems are utilised to provide a high level of service performance and availability. These monitoring tools are designed to detect unusual or unauthorized activities and conditions across network usage, port scanning activities, application usage, and unauthorised intrusion attempts. The tools have the ability to set custom performance metrics thresholds for unusual activity. - Outage reporting
-
Planned maintenance
Planned maintenance covers scheduled activities that are required to keep the services and infrastructure supporting them secure, error free and optimal. All planned maintenance scheduled where possible to minimise customer inconvenience and the maximum notice period possible is provided (a minimum of one week is mandatory). Notifications containing details of the maintenance schedule are issued to designated contacts before and on completion of the work.
Unplanned maintenance
Unplanned maintenance is undertaken to prevent service related issues or degradation of services that would otherwise affect customers’ use of the service.
Emergency maintenance
Emergency maintenance is carried out to address any issues affecting availability, provision or performance of the service.
Although Boomalert will provide as much information as possible during unplanned and emergency maintenance, it may not always be possible to provide prior notice, due to the nature and urgency of the work being carried out.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Username or password
- Access restrictions in management interfaces and support channels
- The Access Control Policy sets out a comprehensive range of access controls to safeguard customer data. Internal access to company systems and networks holding or processing customer data, is granted on the basis of least privilege. Procedures are in place to ensure that access to systems is formally authorised. Every system user is identified by a unique Id and key activities carried out by a user and is logged with the date and time the activity was performed. Asset owners are assigned to company information assets which includes carrying out regular reviews of system access.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- British Assessment Bureau
- ISO/IEC 27001 accreditation date
- 17 October 2019
- What the ISO/IEC 27001 doesn’t cover
- Nil
- ISO 28000:2007 certification
- Yes
- Who accredited the ISO 28000:2007
- British Assessment Bureau
- ISO 28000:2007 accreditation date
- 17 October 2017
- What the ISO 28000:2007 doesn’t cover
- Nil
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
-
- Cyber Essentials
- Cyber Essentials Plus
- ISO 27001:2017
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
Boomalert currently complies with requirements, policies and controls, including Cyber Essentials, NCSC Cloud Security Principles and operates to security level IL3 . It is ISO 27001:2017 accredited. The following tools, policies and frameworks have been implemented: an information security management system (ISMS), risk assessment and management following ISO 27002 code of practice, regular staff awareness training, including an HR security lifecycle that covers recruitment, induction, in life management and exit, governance of the ISMS through performance evaluation, other policies and controls in line with ISO 27002 to address risks and requirements in the areas of: asset management, access control, cryptography, physical and environmental security, operations security, communications security, system acquisition, development and maintenance, supplier selection and management, including a robust segmented approach to supplier work, information security, incident management (including EU GDPR compliance). information security for business continuity planning and disaster recovery.
Additionally, Boomalert's approach to information assurance includes processes and tools for managing aspects of EU GDPR such as: Subject Access Requests (SAR) and notifying ICO and individuals affected data incidents. The organisation has invested in capability for undertaking privacy impact assessments (PIA) and working in line with both EU GDPR and ISO 27001:2017 for information security in projects.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- Changes to any system components, configurations, software and system code are regulated and controlled via a structured change management process to minimise the impact of any changes upon service users. Changes are recorded and evaluated according to their priority, risk and their impact upon availability of services and changes must be formally approved prior to implementation.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
Network devices, including firewall and other boundary devices, are in place to monitor and control communications at the external boundary of the network and at key internal boundaries within the network. These boundary devices employ rule sets, access control lists (ACL), and configurations to enforce the flow of information to specific information system services. ACLs, or traffic flow policies, are used to manage the flow of traffic.
Automated monitoring systems are utilised to provide a high level of service performance and availability. These monitoring tools are designed to detect unusual or unauthorised activities and unauthorised intrusion attempts. - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
Network devices, including firewall and other boundary devices, are in place to monitor and control communications at the external boundary of the network and at key internal boundaries within the network. These boundary devices employ rule sets, access control lists (ACL), and configurations to enforce the flow of information to specific information system services. ACLs, or traffic flow policies, are used to manage the flow of traffic.
Automated monitoring systems are utilised to provide a high level of service performance and availability. These monitoring tools are designed to detect unusual or unauthorised activities and unauthorised intrusion attempts. - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- Boomalert maintains a strategy for reacting to, and recovering from, adverse situations which is in line with senior management’s level of acceptable risk; Maintaining a programme of activity which ensures the company has the ability to react appropriately to, and recover from, adverse situations in line with the business continuity objective; Maintaining appropriate response plans underpinned by a clear escalation process; Maintaining a level of resilience to operational failure in line with the risk faced, the level of negative impact which could result from failure and senior management’s level of acceptable risk.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
Boomerang has a published Carbon Reduction Plan aimed at achieving net zero emissions in alignment with PPN 06/21 guidelines. Additionally, Boomerang adheres to an ESG (Environmental, Social, and Governance) policy to uphold best practices concerning environmental concerns. This includes operating in a paperless environment to minimise waste and using data centres powered by renewable energy.Covid-19 recovery
In order to support sustainable COVID-19 recovery efforts, Boomerang has adjusted its operational policies to include hybrid working arrangements, promoting social distancing. Boomerang is dedicated to the recruitment and retraining of individuals who have faced redundancies due to COVID-19, accounting for 50% of its hires in the last 12 months. Furthermore, Boomerang has provided its messaging services to organizations with specific COVID-alerting features.Tackling economic inequality
Boomerang adheres to a Diversity and Equality policy to ensure the hiring of personnel from diverse economic backgrounds. The company continuously supports the development of its employees by implementing Personal Development Plans, aiding staff in achieving their objectives with regular reviews. This aids with Boomerang's goals on continuous innovation. Boomerang conducts due diligence with its supply chain collaborators, upholding consistent standards across suppliers. This includes stringent cybersecurity measures.Equal opportunity
Apart from Boomerang's Equality and Diversity policy, we also enforce a Modern Slavery policy and a Code of Conduct to ensure fairness from hiring through employment. Staff members adhere to Personal Development Plans (PDPs) for continuous development and progression. We extend this commitment across our supply chain through rigorous due diligence of our suppliers.Wellbeing
Boomerang prioritises the well-being of its personnel, guided by policies such as the Code of Conduct and Health and Safety Policy, among others. The Diversity and Equality policy, along with the ESG framework, underscore the company's dedication to the well-being of its staff and its role within the broader community.
Pricing
- Price
- £0.04 a unit
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- A trial service is provided, containing full access to service functionality. Trials are provided free of charge, include some free message credit and are active for a period of 14 days. Trial accounts are created directly from the Boomalert website, requested via the website or requested by contacting Boomalert directly.
- Link to free trial
- Www.boomalert.com