RiskBase Ltd

RiskBase

RiskBase is a suite of plug-and-play assessment, survey and inspection tools. Supporting partners to produce over 500,000 site visits a year our software makes light work of compliance. We partner with Housing Associations, Local Authorities, Fire safety consultancies and Residents' Management Companies.

Features

• FRAs, Door Checks, Compartmentation & FRAEWs on site via App.
• Automated data syncing from the field directly to your desktop.
• Unlimited users, working on the same survey & asset, simultaneously.
• Produce detailed self-generated reports in the background as you work.
• Deliver resident engagement, mandatory occurrence reporting and safety case reports.
• Tailor templates to property types, with relevant questions, prompts, actions.
• Task Management - view, update, sign-off and assign tasks easily.
• Interactive dashboards allow everyone to quickly analyse real-time data.
• Passwordless, SSL secure, 2-Factor authentication offers total data security.
• Utilise the RiskBase API, interoperable with other asset management systems.

Benefits

• Work offline; access properties, collect and edit information, complete assessments.
• Let questionnaires/checklists guide assessments for consistently high quality findings.
• View previous actions/control measures in new assessments for ultimate continuity.
• Simple, effective surveys using QR codes, floor plans and photos.
• Checklists visible on reports, highlighting all survey questions and answers.
• RiskBase's easy to understand reports; uncomplicated, well structured and comprehensive.
• Plan, contribute and communicate in one place with your team.
• Simple data import/exporting; from detailed CSVs to concise PDFs.
• RiskBase on-boards, trains and supports your team throughout project lifecycle.
• Cost savings, higher efficiency, and a regulator ready Golden Thread

£1.00 a unit a month

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at adam.sanders@riskbase.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

185642775794906

Contact

Adam Sanders
0330 311 2525
adam.sanders@riskbase.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: The same functionality is available on the web and on a device. For web, a currently supported web browser is required. On device, iOS or Android running on a currently supported device is required.
• System requirements:
  • Web: A currently supported web browser
  • IOS: A currently supported device running iOS
  • Android: A currently supported device running Android

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The support team respond to tickets immediately during working hours. Users can expect a response within 10 minutes to support requests sent between 8:30 and 19:00. Response times can extend to 45 minutes out-of-hours and during weekends. Support ticketing is not monitored between 22:00 and 7:30.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: All web chat interactions are with RiskBase staff.
• Onsite support: Yes, at extra cost
• Support levels: Onsite support is provided on request. In-person training may be required when onboarding new users or during regular CPD sessions/days at a partner's office.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The RiskBase customer success team onboard new organisations with a full suite of templates, user groups and demo properties. New organisations are offered an online orientation where they receive a demo and can ask questions. Followup training sessions focussing on template building and administration are available for all. ; ; New users receive a welcome email with links to details documentation and user guides. ; ; User sign in with their email address. They are set up passwordless; a six-digit code is emailed to them on sign-in. Multi-factor authentication and single-sign-on security features are also available.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: On request, RiskBase can provide a ZIP file containing all data. The ZIP will contain itemised CSVs, photos and files. Organisations can export the same data manually by exporting individual CSVs, photos and files.
• End-of-contract process: The contract is a pay-as-you-go service without an end date. If organisations decide to cease using RiskBase and request their data, it is provided at no additional cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: The API allows users to consume and update data stored within the app. A standard set of endpoints is available for self-serve integrations but new or custom endpoints can be requested.; ; The API includes a SCIM 2.0 provisioning enabling partners to manage users and user groups and utilise SAML single-sign-on. ; ; Webhooks can notify third party software when changes occur to help maintain and synchronise data held in multiple systems. ; ; Settings within the app allow self-serve setup and token creation as well as creation of webhooks.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Everything in RiskBase is customisable, from organisation-wide settings; user groups, teams, user permissions, categories, timescales, and notifications to bespoke risk assessment and survey templates; fields and question sets.; ; RiskBase provides a standard setup for new customers but at its core, the system is a framework to build a bespoke safety management system to fit individual requirements.

Scaling

• Independence of resources: Our development philosophy is to evolve the core product, the roadmap prioritises features for the majority and any customisation must trickle down to benefit other users.; ; We maintain headroom in our server and data bandwidth to mitigate any interruption to service. ; ; We maintain a suitably sized product and customer success team so timely onboarding, training and implementation support are available when required.

Analytics

• Service usage metrics: Yes
• Metrics types: RiskBase offers a fully customisable back-end dashboard - offering task and action management capability in real time. This enables our clients to analyse and manage important tasks easily and efficiently. The dashboard outputs are designed by our clients, meaning for example that an immediate snapshot of a portfolio asset can be retrieved and filtered by pre-selected data filters. Reports can be produced in App as assessments are undertaken, as well as scheduled and ad-hoc reporting. RiskBase offers an API enabling the platform to securely exchange data with other software clients may deploy. RiskBase is a truly interoperable data management platform.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users export asset data, user data and tasks via CSV. Photos and files can be exported in the original format or compressed inside ZIP files.
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats: JSON

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Minimum 99% availability.; ; SLAs and Credits are agreed per contract.
• Approach to resilience: The RiskBase application is hosted on infrastructure with build in fail-over and redundancy. Further information is available upon request.
• Outage reporting: Email alerts are used to inform customers in advance of planned upgrades. Internal reporting systems are in place for unplanned outages and degraded services.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Following the principle of least privilege, staff are provided the minimum level of access they need to complete their responsibilities.; ; Where access is provided, strong passwords are recommended and multi-factor authentication is required. Where possible, additional measures like VPNs and certificates are put in place.; ; Each customer has a list of authorised users who can send support requests; the support team can see each user's level of access and administrators are clearly listed.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We are currently working towards ISO27001 and follow vendor specific as well as industry-wide best practices.
• Information security policies and processes: We are currently working towards ISO27001 and follow vendor specific as well as industry-wide best practices.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Changes are fully planned and documented and adhere to a defined workflow. Changes are subject to rigorous testing, moving through development and testing environments before release to production. Access permissions limit releases to key staff ensuring approval at each stage. Emergency changes are released as hot fixes which follow the same process but in an expedited timeframe.; ; Changes are designed to improve functionality. If a potential change could cause degraded service, customers are informed and appropriate action is taken to mitigate or eliminate impact.; ; Industry standard version control is deployed; all changes are recorded and can be reverted if required.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: The application and systems are updated to ensure they are running the latest patches and security updates. An update policy is in place and is undertaken periodically or ASAP as new threats and issues emerge.; ; All application architecture is documented and staff are subscribed to relevant security bulletin feeds and are notified of potential threats and vulnerabilities.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Systems are monitored for uptime, errors, and access and notifications are received when results are out of normal parameters. Automated vulnerability and malware scanning is in place. Penetration testing is undertaken by external security specialists. Incidents are responded to immediately.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incidents are logged by automated tools and manually by phone or email. Incident management processes are in place and staff are kept up-to-date with an internal issue tracker.; ; Depending on the type of issue, senior management may be notified and ; customers may be contacted.; ; Changes are be made to mitigate or prevent further re-occurrence.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  The RiskBase software can help to influence staff, suppliers, customers and communities through the delivery of the contract to support environmental protection and improvement. Our software can help keeps buildings safe from fire and fire spread. By enabling effective fire and building safety assessments, and through resident engagement via the portal, protection of the local environment and places people live and work is a bi-product of the RiskBase App and platform.

  Tackling economic inequality

  The RiskBase software can aid the creation of new businesses, new jobs and new skills. Fire Risk Assessors are often independent or micro entity sized businesses. Deploying the RiskBase software means more work can be carried out by third party assessors and/or in-house assessors across local authority properties. RiskBase also offers CPD type sessions, to help educate and grow the technical skillset of those using the platform to carry out assessments and surveys.

  Equal opportunity

  RiskBase is an equal opportunity enabler in the workplace and can support in-work progression to help people from disadvantaged or minority groups to progress. Every user of the RiskBase software is trained and onboarded to use the app and other functionality. Skills are developed continuously and support offered from the RiskBase team.

  Wellbeing

  The RiskBase software will influence health and wellbeing in the workforce. RiskBase ensures that fire and building safety surveys and assessments are carried out in the most efficient and cost-effective fashion. This means that the workforce carrying out such assessments and surveys can complete their work in a timely, compliant manner - whereby there is no requirement to take work home on 'paper & pen' and then laboriously transferred to Word and Excel documents, which are not secure and are often corrupted unintentionally, meaning that recorded data is often lost. Because of the accuracy of and the functionality of digital records, less time is needed on each job, meaning less time physically spent surveying buildings. This can sometimes be a mental burden for fire risk assessors, given the often complex and time consuming nature of completing accurate assessments, and often the associated liability. The RiskBase app makes fieldwork much more manageable, both physically and mentally and ensures that logical assessments and surveys are carried out, and the data stored and maintained in the cloud, with zero likelihood of corruption, breach or loss of data. RiskBase is also a community enabler. The platform offers our clients (Local Authorities) the opportunity for community engagement via the RiskBase Engage portal. This service enables residents in local authority dwellings to be exposed to the fire safety plans and actions of the buildings in which they live - such as the evacuation policy. The portal also offers residents the opportunity to report any defective fire safety equipment; such as communal area fire doors. This collaborative interaction and transparent communication between residents and landlords will lead to a stronger, more connected and integrated community, whereby landlords are making it clear that resident safety is paramount.

Pricing

• Price: £1.00 a unit a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: The RiskBase Customer Success team will onboard prospective clients for a pilot period, usually for 4-weeks. This will enable an opportunity to use the app and carry out surveys and view Task Management. Includes technical support and an initial training session. There is no fee and no obligation thereafter.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at adam.sanders@riskbase.uk. Tell them what format you need. It will help if you say what assistive technology you use.