KLAXON TECHNOLOGIES LIMITED

Klaxon Major Incident and Mass Notification Platform

Klaxon is a major incident, mass notification and planned maintenance communications solution, helping organisations keep people safe, informed and productive during an incident, emergency or crisis.

It is ideally suited for SME and Enterprise organisations and supports multiple use-cases such as IT downtime, Business Continuity, Disaster Recovery and Cyber-security communications.

Features

• Broadcast mass notifications quickly to virtually any communication device
• Target mass notifications by location, department, group, technology or service
• Two-way communications allows you to ask questions and take action
• Create template major incidents/mass notifications for future use
• Supported receivers: Smartphone, Microsoft Teams, E-mail, Voice, SMS, Web-Dashboard, Browser
• Supports private notifications to communicate with closed groups
• Workflow for mass notification approvals and reminders to send updates
• Synchronises with your cloud identity system for automated on-boarding/off-boarding
• Integration with ServiceNow and Microsoft Teams
• Fully cloud-based, all systems and data hosted in the UK

Benefits

• Reach a large number of people, quickly, using multiple devices/channels
• Save time and reduce cost/lost production during a crisis
• Understand if/how your people are impacted by an emergency
• Full audit trail to demonstrate an active duty of care
• Shifts focus from being reactive to proactive during an incident
• Communicate even if your IT systems are unavailable
• Enhances flexible/remote working and learning
• Zero administration - fully automatic provisioning and data synchronisation
• Fast and straightforward to implement
• Cloud based and secure. Hosted in the UK

£0.75 to £0.75 a licence a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@klaxon.io. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

169600766133759

Contact

Klaxon Sales
+44 333 242 7902
sales@klaxon.io

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None.
• System requirements:
  • Internet connectivity
  • Modern web browser (if web browser alerting is required)
  • Manufacturer supported version of Microsoft Windows or Mac OS X.
  • IOS or Android smartphone/tablet for the smartphone/tablet app

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 9 am to 5 pm, Monday to Friday - excluding bank holidays and weekends.; ; Weekend and out of hours support available for an additional charge.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Our standard support service SLAs are defined here:; ; https://info.klaxon.io/service-levels; ; Out of hours / weekend support is available for an additional charge. Please refer to the Pricing Document.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Our standard service includes one day of onsite or online training.; ; Additional training days can be purchased for an extra cost.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: We provide a copy of all data, on request. There is no additional charge for this service.
• End-of-contract process: We provide a copy of all data, on request. There is no additional charge for this service.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The smartphone and tablet application supports the following functionality:; ; - administrators can create and manage major incidents/mass notifications; ; - recipients can receive and respond to notifications; ; - recipients can set their communication preferences.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: Klaxon has the following interfaces:; ; * Web browser; * Smartphone; * Microsoft Teams; * API; * Webhooks; ; The Web browser interface provides the main user interface for accessing Klaxon - features include the web dashboard for viewing the status of major incidents, mass notifications and planned maintenance; creating/updating major incidents/mass notifications or planned maintenance and configuring/customising Klaxon.; ; Mass notifications are received via a variety of channels including:; ; Smartphone, Microsoft Teams, E-mail, Voice, SMS, Web Browser (pop up), Web Dashboard; ; With the exception of the dashboard, these channels use the native interface of the device channel/device receiving the mass notification.
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: Conducted Web Accessibility Test with Accessibility Insights for Web and the Incident Dashboard UI complies with WCAG2.1 AAA standard. As part of development process, other areas of improvement will be completed in future development sprint aiming to achieve the same standard.
• API: Yes
• What users can and can't do using the API: We have a full set of APIs that can be used to extend interact with Klaxon. The API is documented using Swagger and is available via our web site.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Most areas of the product are customisable to meet the customer's specific requirements - this includes:; ; * Branding - adding logo, brand colours and email templates; * Role-based security, allowing features to be turned on or off depending on the role; * Changing the language used to describe labels, making it organisation specific.; * Workflow such as approvals and reminders.; * Selecting default communication channels.; * Creating templates for common mass notifications/major incidents.; * Adding groups, subscriptions (services/technologies)/recipients/locations (incl timezones).; * Integration into key systems, such as authentication systems using SAML/AUTH/SCIM2.; ; The majority of customisation is completed by the administrator, supported by us. Some customisation is completed directly by us.

Scaling

• Independence of resources: Klaxon was designed from the start to be a scalable cloud application. It is hosted in the UK in the Microsoft Azure public cloud environment. ; ; We monitor the performance of Klaxon in real-time to ensure that our clients receive a good experience.; ; The hosting platform automatically scales to add additional resource as and when required.

Analytics

• Service usage metrics: Yes
• Metrics types: Klaxon offers a range of audience engagement metrics, as well as a breakdown of SMS and general usage.
• Reporting types:
  • API access
  • Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be exported by making a request to our Service Desk.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Webhook
  • API
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • SCIM 2 (http://www.simplecloud.info/)
  • Webhook

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.9% availability, excluding planned maintenance.; ; Please refer here for further information: https://info.klaxon.io/service-levels
• Approach to resilience: Klaxon is hosted on resilient infrastructure. For example, we host the database across two Microsoft data centres, with automatic failover.
• Outage reporting: We deliver service outage notifications via an instance of Klaxon that our clients are registered to use. Our clients receive these notifications via any of the channels that are supported.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Administrator access requires two-factor authentication.; ; Standard user access either uses the clients own SAML/OAUTH2 authentication system.; ; Access to our support site is via username and password only.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: ISO 27001 for the cloud hosting provider.

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
• Other security governance standards: CSA CCM version 3.0/ISO 27001 for the hosting environment; Cyber Essentials Plus for Klaxon Technologies - please visit www.klaxon.io and scroll to the bottom of the page for a link to our Cyber Essentials Plus certificate
• Information security policies and processes: Our CEO, Dan Simms, has board-level responsible for information security.; ; We take the security of your data seriously. We have achieved Cyber Essentials Plus, and the hosting environment that runs Klaxon has achieved several information security certifications.; ; • All data encrypted in transit and at rest.; • TLS encryption of email-based communications, if supported by the client (we support up to TLS 1.3).; • Service hosted by Microsoft, with ISO 27001 certification for the hosting environment. Please see here for further information - https://azure.microsoft.com/en-gb/overview/trusted-cloud/compliance/; • Security monitoring via Microsoft Azure Security Centre.; • Database Advanced Threat Protection.; • DMARC/DKIM to protect against email spoofing.; • DNSSec protection of Klaxon DNS service.; • Regular vulnerability assessments.; • Cyber Essentials Plus certification.; ; Our security policy is outlined here: https://info.klaxon.io/security-policy

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes to the Klaxon application are implemented via an ITIL aligned change control process. This process considers all aspects of the change, including what is changing, who it impacts, timing, implementation plan, rollback plan and risks including information security.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We undertake monthly vulnerability scans of our service, a full annual vulnerability/penetration test.; ; In addition, we use the functionality available in the cloud hosting platform including Cloud security posture management and Advanced threat protection.; ; If we discover a new vulnerability then this is treated as a high priority development item. If required, we will pause other development activity to address the vulnerability.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We utilise features of the cloud hosting platform to help us monitor the environment. This includes, but is not limited to, Microsoft Security Center, Azure Monitor and Application Insights.; ; If we detect a compromise, our policy is to immediately share the details that we are aware of with our clients to allow them to fulfil their GDPR obligations, while investigating the nature of the compromise.
• Incident management type: Supplier-defined controls
• Incident management approach: Our cyber incident policy provides guidance on the type of incidents that should be reported, who they should be reported to and when they should be reported.; ; Incidents can be reported to our Service Desk via email or online portal.; ; Our policy makes it clear that a post-incident report will be issued to stakeholders following an incident.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  .
• Covid-19 recovery:

  Covid-19 recovery

  .
• Tackling economic inequality:

  Tackling economic inequality

  .
• Equal opportunity:

  Equal opportunity

  .
• Wellbeing:

  Wellbeing

  .

Pricing

• Price: £0.75 to £0.75 a licence a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: 1 month free trial is available; SMS and voice messages are not available during the trial
• Link to free trial: https://www.klaxon.io/schedule-demo

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@klaxon.io. Tell them what format you need. It will help if you say what assistive technology you use.