Klaxon Major Incident and Mass Notification Platform

Klaxon is a major incident, mass notification and planned maintenance communications solution, helping organisations keep people safe, informed and productive during an incident, emergency or crisis.

It is ideally suited for SME and Enterprise organisations and supports multiple use-cases such as IT downtime, Business Continuity, Disaster Recovery and Cyber-security communications.


  • Broadcast mass notifications quickly to virtually any communication device
  • Target mass notifications by location, department, group, technology or service
  • Two-way communications allows you to ask questions and take action
  • Create template major incidents/mass notifications for future use
  • Supported receivers: Smartphone, Microsoft Teams, E-mail, Voice, SMS, Web-Dashboard, Browser
  • Supports private notifications to communicate with closed groups
  • Workflow for mass notification approvals and reminders to send updates
  • Synchronises with your cloud identity system for automated on-boarding/off-boarding
  • Integration with ServiceNow and Microsoft Teams
  • Fully cloud-based, all systems and data hosted in the UK


  • Reach a large number of people, quickly, using multiple devices/channels
  • Save time and reduce cost/lost production during a crisis
  • Understand if/how your people are impacted by an emergency
  • Full audit trail to demonstrate an active duty of care
  • Shifts focus from being reactive to proactive during an incident
  • Communicate even if your IT systems are unavailable
  • Enhances flexible/remote working and learning
  • Zero administration - fully automatic provisioning and data synchronisation
  • Fast and straightforward to implement
  • Cloud based and secure. Hosted in the UK


£0.75 to £0.75 a licence a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@klaxon.io. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

1 6 9 6 0 0 7 6 6 1 3 3 7 5 9


Telephone: +44 333 242 7902
Email: sales@klaxon.io

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
System requirements
  • Internet connectivity
  • Modern web browser (if web browser alerting is required)
  • Manufacturer supported version of Microsoft Windows or Mac OS X.
  • IOS or Android smartphone/tablet for the smartphone/tablet app

User support

Email or online ticketing support
Email or online ticketing
Support response times
9 am to 5 pm, Monday to Friday - excluding bank holidays and weekends.

Weekend and out of hours support available for an additional charge.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Support levels
Our standard support service SLAs are defined here:


Out of hours / weekend support is available for an additional charge. Please refer to the Pricing Document.
Support available to third parties

Onboarding and offboarding

Getting started
Our standard service includes one day of onsite or online training.

Additional training days can be purchased for an extra cost.
Service documentation
Documentation formats
End-of-contract data extraction
We provide a copy of all data, on request. There is no additional charge for this service.
End-of-contract process
We provide a copy of all data, on request. There is no additional charge for this service.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The smartphone and tablet application supports the following functionality:

- administrators can create and manage major incidents/mass notifications;
- recipients can receive and respond to notifications;
- recipients can set their communication preferences.
Service interface
User support accessibility
Description of service interface
Klaxon has the following interfaces:

* Web browser
* Smartphone
* Microsoft Teams
* Webhooks

The Web browser interface provides the main user interface for accessing Klaxon - features include the web dashboard for viewing the status of major incidents, mass notifications and planned maintenance; creating/updating major incidents/mass notifications or planned maintenance and configuring/customising Klaxon.

Mass notifications are received via a variety of channels including:

Smartphone, Microsoft Teams, E-mail, Voice, SMS, Web Browser (pop up), Web Dashboard

With the exception of the dashboard, these channels use the native interface of the device channel/device receiving the mass notification.
Accessibility standards
Accessibility testing
Conducted Web Accessibility Test with Accessibility Insights for Web and the Incident Dashboard UI complies with WCAG2.1 AAA standard. As part of development process, other areas of improvement will be completed in future development sprint aiming to achieve the same standard.
What users can and can't do using the API
We have a full set of APIs that can be used to extend interact with Klaxon. The API is documented using Swagger and is available via our web site.
API documentation
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Customisation available
Description of customisation
Most areas of the product are customisable to meet the customer's specific requirements - this includes:

* Branding - adding logo, brand colours and email templates
* Role-based security, allowing features to be turned on or off depending on the role
* Changing the language used to describe labels, making it organisation specific.
* Workflow such as approvals and reminders.
* Selecting default communication channels.
* Creating templates for common mass notifications/major incidents.
* Adding groups, subscriptions (services/technologies)/recipients/locations (incl timezones).
* Integration into key systems, such as authentication systems using SAML/AUTH/SCIM2.

The majority of customisation is completed by the administrator, supported by us. Some customisation is completed directly by us.


Independence of resources
Klaxon was designed from the start to be a scalable cloud application. It is hosted in the UK in the Microsoft Azure public cloud environment.

We monitor the performance of Klaxon in real-time to ensure that our clients receive a good experience.

The hosting platform automatically scales to add additional resource as and when required.


Service usage metrics
Metrics types
Klaxon offers a range of audience engagement metrics, as well as a breakdown of SMS and general usage.
Reporting types
  • API access
  • Real-time dashboards


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data can be exported by making a request to our Service Desk.
Data export formats
  • CSV
  • Other
Other data export formats
  • Webhook
  • API
Data import formats
  • CSV
  • Other
Other data import formats
  • SCIM 2 (http://www.simplecloud.info/)
  • Webhook

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
99.9% availability, excluding planned maintenance.

Please refer here for further information: https://info.klaxon.io/service-levels
Approach to resilience
Klaxon is hosted on resilient infrastructure. For example, we host the database across two Microsoft data centres, with automatic failover.
Outage reporting
We deliver service outage notifications via an instance of Klaxon that our clients are registered to use. Our clients receive these notifications via any of the channels that are supported.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Administrator access requires two-factor authentication.

Standard user access either uses the clients own SAML/OAUTH2 authentication system.

Access to our support site is via username and password only.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
No audit information available
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications
Any other security certifications
ISO 27001 for the cloud hosting provider.

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
Other security governance standards
CSA CCM version 3.0/ISO 27001 for the hosting environment
Cyber Essentials Plus for Klaxon Technologies - please visit www.klaxon.io and scroll to the bottom of the page for a link to our Cyber Essentials Plus certificate
Information security policies and processes
Our CEO, Dan Simms, has board-level responsible for information security.

We take the security of your data seriously. We have achieved Cyber Essentials Plus, and the hosting environment that runs Klaxon has achieved several information security certifications.

• All data encrypted in transit and at rest.
• TLS encryption of email-based communications, if supported by the client (we support up to TLS 1.3).
• Service hosted by Microsoft, with ISO 27001 certification for the hosting environment. Please see here for further information - https://azure.microsoft.com/en-gb/overview/trusted-cloud/compliance/
• Security monitoring via Microsoft Azure Security Centre.
• Database Advanced Threat Protection.
• DMARC/DKIM to protect against email spoofing.
• DNSSec protection of Klaxon DNS service.
• Regular vulnerability assessments.
• Cyber Essentials Plus certification.

Our security policy is outlined here: https://info.klaxon.io/security-policy

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All changes to the Klaxon application are implemented via an ITIL aligned change control process. This process considers all aspects of the change, including what is changing, who it impacts, timing, implementation plan, rollback plan and risks including information security.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We undertake monthly vulnerability scans of our service, a full annual vulnerability/penetration test.

In addition, we use the functionality available in the cloud hosting platform including Cloud security posture management and Advanced threat protection.

If we discover a new vulnerability then this is treated as a high priority development item. If required, we will pause other development activity to address the vulnerability.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We utilise features of the cloud hosting platform to help us monitor the environment. This includes, but is not limited to, Microsoft Security Center, Azure Monitor and Application Insights.

If we detect a compromise, our policy is to immediately share the details that we are aware of with our clients to allow them to fulfil their GDPR obligations, while investigating the nature of the compromise.
Incident management type
Supplier-defined controls
Incident management approach
Our cyber incident policy provides guidance on the type of incidents that should be reported, who they should be reported to and when they should be reported.

Incidents can be reported to our Service Desk via email or online portal.

Our policy makes it clear that a post-incident report will be issued to stakeholders following an incident.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks

Social Value

Fighting climate change

Fighting climate change

Covid-19 recovery

Covid-19 recovery

Tackling economic inequality

Tackling economic inequality

Equal opportunity

Equal opportunity





£0.75 to £0.75 a licence a month
Discount for educational organisations
Free trial available
Description of free trial
1 month free trial is available
SMS and voice messages are not available during the trial
Link to free trial

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@klaxon.io. Tell them what format you need. It will help if you say what assistive technology you use.