YUDU Sentinel

YUDU Sentinel

Keep vital business communications running in a crisis, when all other systems fail.

Sentinel delivers mass notification, document hosting and collaboration tools to help manage an incident remotely from any device, to keep crisis response teams and key stakeholders updated throughout the life cycle of any critical event.

Features

• Hosted on single-tenant secure cloud servers, to protect against cyber-attacks
• Mass alerting & notification: email, SMS, chat, voice & in-app
• Deliver offline documentation to your crisis teams and organisation
• Two-way communication lets people respond to yes/no questions
• Communicate in real-time and share critical files
• Create instant conference calls to coordinate response efforts
• Text-to-voice Hotline software to keep stakeholders updated
• Offline contact directory, ring-fenced and GDPR compliant
• Web, app, & mobile access
• Audit logs for post-crisis analysis and compliance

Benefits

• Keep your people informed during a crisis
• Manage a crisis remotely from any device
• Always have offline access to the documents you need
• Easily contact your team with an offline contact directory
• Pre-scripted templates for fast crisis response
• Check that your people are safe and see real-time responses
• Backup system that works when your servers are down
• Access to training materials to help staff prepare for emergencies
• Improve decision making with post-incident analysis
• Simple to use and admin-light

£5,000 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@sentinelresilience.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

158686661468111

Contact

Charlie Stephenson
+44 7960252055
enquiries@sentinelresilience.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Hybrid cloud
• Service constraints: No.
• System requirements:
  • Access via Microsoft Edge browser and other modern browsers
  • IOS 15 and/or Android 6 or higher (option apps)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times are set out in the Sentinel Service Level Agreement and deals with critical responses with a 2 hr 24/7 response time and tiered for lower level responses. Automatic alerts are 24/7. General queries about the system and training plans are dealt with within the same working day. We currently do not offer support for training and general enquiries at weekends.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Undertaken by Hubsopt
• Onsite support: Yes, at extra cost
• Support levels: Response times are set out in the Sentinel Service Level Agreement and deals with critical responses with a 2 hr 24/7 response time and tiered for lower level responses. Automatic alerts are 24/7. (Full detail available) ; All clients have an account manager who can help them with technical issues and a further support from the Technical Support Team. This customer support team is UK-based and highly knowledgeable.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The onboarding process will train any customer operatives and configure the system to suit each organisation. The system will be fully tested with the Client's environment before release. This is a fully developed process and is designed to get clients operational in the shortest possible time. ; Sentinel is designed from the start to be intuitive and easy to use and the user interface kept as simple as possible.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: As a downloadable csv file or agreed secure digital media.
• End-of-contract process: At the end of the contract all outstanding licence and usage fees due up to the termination date are settled by the customer. YUDU will accept instructions from the client at no cost to the customer for the return or destruction of any content, intellectual property and remove any apps installed on 3rd part sites that have been managed by YUDU.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: All the functions that are available on the desktop is able to be accessed on any mobile device. The Console is fully responsive are resizes to the mobile device. Incidents can be managed entirely from any remote location. The mobile app has a library of critical documents and contacts that can be accessed off-line when no signal is available. Access can be controlled with biometric authentication.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The mobile app displays documents, downloads, contacts and messages in a simple user interface.; ; The backend dashboard offers that and more analytics, permissions control, contact/document groups etc through a simple to use platform.
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: The app has been tested using the iOS and Android accessibility features.
• API: Yes
• What users can and can't do using the API: Access to the API requires a full Sentinel system which will be available from a url provided to you by YUDU at the time of deployment.; ; Through our API, you can:; Requesting the App directory; Creating a user; Creating a contact; Creating a group; Assigning a user to a group; Getting a groups users; Assigning a contact to a group; Requesting a list of documents; Assigning a document to a user; Getting a users documents; Creating a broadcast; Sending a broadcast; Checking recipients and broadcast status; Checking system activity; ; Some API activities require an API token for access.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The platform can be white labelled with your organisation's branding. You also control which features are used by whom and have full control over permissions. Users fill in their own profiles with their information. The system can be customised to scale according to volume use for the different technology available on the platform.; SMS sender ID can be customised, along with email sender ID. For voice calls, the calls per minute can also be customised.; Who can customise what depends on what needs to be customised. Most system/service customisation occurs in the initial onboarding process.

Scaling

• Independence of resources: Single-tenant server architecture means that each instance of Sentinel is entirely separate to other clients' and our own servers and therefore any disruption, outages, cyber attacks on other clients will not impact other clients. SMS messaging has dedicated sub-accounts containing a bank of numbers that are dedicated and not shared with other clients. Email we use dedicated IP addresses to ensure we are not impacted by slow delivery when queued behind other users on shared IP addresses. CPU monitoring and alerts on all systems to ensure server performance is adequate for each client.

Analytics

• Service usage metrics: Yes
• Metrics types: A full audit can be provided of:; - All messages/broadcasts sent (in-app, email, SMS); - Telephony, minutes used, call made, files storage MB ; - Optional voice recordings of conference calls.; - All actions taken by staff times-stamped.; - Responses to yes/no questions broadcasted and other inbound communications, including voicemails ; -Chat users ; No of user and contacts on the system
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: As a downloadable csv file. Users can also access their account through a login page, enter their own data and choose if they want to make it accessible to others in their organisation or just admins.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We can guarantee a 99.99% SLA for Sentinel .The SLA allows for financial reimbursement if the uptimes are not complying with the SLA terms.
• Approach to resilience: Our server architecture is single-tenant, making it as independent and secure as possible. Servers are mirrored with redundant servers in multiple zones with automatic fail-over. Data is backed daily. The database can be rolled back at 5 minute intervals. ; By using multiple channels for mass notification (email, SMS, in-app and automated voice calls, The system maximises the chances of broadcasts reaching users in an incident. For app users, documents and action cards are available offline, making the system as reliable as resilient as possible.
• Outage reporting: 1. When downtime or service degradation that will negatively affect sentinel or publisher clients is detected, initial updates will be provided on the Sentinel status page and Sentinel operations twitter account. The operations team will update the hotline ticker-tape status through our internal sentinel system which will be embedded on the yudu status page webpage. Support@Sentinelresilience.com com email address should customers wish to raise a support ticket to discuss the issue further.; ; 2. If system is affected for longer than 2 hours, we initiate an outward communication from the sentinel system to the affected group via email and SMS channels. ; ; 3. We keep communicating updates on system outage every couple of hours from then on with progress on remediation.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Sentinel is a cloud based service that has multiple levels of management access controlled by permissions and strong password policies. A restricted and named number of security cleared YUDU developers have admin access to maintain and fix issues on the system.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International
• ISO/IEC 27001 accreditation date: Originally accredited on 6th September 2019, and renewed in 2020, 2021, 2022,2023
• What the ISO/IEC 27001 doesn’t cover: A.10.1 Cryptographic controls: A.10.1.1: Policy on the use of cryptographic controls A.10.1.2: Key management A.11 Physical and environmental security: A.11.1.5: Working in secure areas A.11.1.6: Delivery and loading areas A.14.2 Security in development and support processes A.14.2.7: Outsourced development A.18.1 Compliance with legal and contractual requirements A.18.1.5: Regulation of cryptographic controls
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 01/01/2016
• CSA STAR certification level: Level 2: CSA STAR Attestation
• What the CSA STAR doesn’t cover: We are with AWS, who are CSA STAR accredited.
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Data privacy is managed by the Data Protection Office who reports directly to the CEO. Security Policies are reviewed quarterly by the Board and updated using version control system. All updated policies are available to employees in the company app. Penetration testing is conducted at least every 12 months. ; The INFOSEC policies are created and enforced by the Yudu Information Management Security Group which forms part of our ISO 27001 audit. Quarterly Business Continuity Plan tests are conducted quarterly and reports generate with lessons learned. YUDU runs an online security incident reporting system and change management system which are reviews on a 6 month basis.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: The processes are set out in the Sentinel Secure Development Policy. Any change to the configuration of the system requires change management authorisation and any changes are logged on the online change management system. Software releases go through an automated test suite including DAST and SAST tools followed by manual interface test and peer review. Software releases are made every 2 months on average.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: AWS Guard Duty is deployed across the Sentinel server estate which monitors unusual activity. We use AWS Cloudtrail to monitor AWS access and usage with the requisite alerts. ; Github's Dependabot tool is used to alert for any known vulnerabilities.; Patches are deployed with assessed critical patched are deployed immediately. ; Laravel Enlightn which is used in the internal development environment.; Potential threats are also reviewed as part of the ISMS team. Cyber threats are assessed and advice from multiple sources including our cyber consultants network and the National Cyber Security Centre. Critical patches are deployed within 24hrs of notification or discovery.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Our development team run network scans which may identify a potential compromise. The data is encrypted at rest and access is by 2 factor authentication: any unusual activity including data transfer is monitored. When a potential compromise is identified, the in-house YUDU Sentinel crisis management system is activated and used to immediately alert the incident team and set up a conference call with the response team. The next steps and responsibilities are decided on the call and the actions monitored on the system throughout the incident. Response times vary from minutes for a cyber attack to 4 hours.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: The YUDU Incident Management Process document sets out the framework of the incident response. Our in-house YUDU Sentinel system is used to alert staff of a problem and check the status of all employees. The actions taken next will follow the protocols set out in the IMP document and Business Continuity Plan. Staff have off-line access to through our Sentinel App. The senior leadership team communicate next steps through Sentinel communication channels.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Sentinel uses data centres that will be using 100% renewable energy by 2025. It is a paperless system that saves trees and the energy used in the manufacture and distribution of paper-based products

Pricing

• Price: £5,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: 3 month money back for set up costs on full Sentinel installations

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@sentinelresilience.com. Tell them what format you need. It will help if you say what assistive technology you use.