ISARR

ISARR - Risk Portal, Information Sharing Platform (ISP)

The ISARR ISP is a flexible and comprehensive platform that support’s Information Sharing, Operational Learning and Collaborative Action across Multi-Agency/Organisations, Partners and Teams.

The secure portal enables the capture and sharing of information and key learnings with follow up tasks/actions, integrated with a wide range of modules and bespoke configurations.

Features

• Highly flexible and secure Groups & Permissions
• Operational Learning, Information sharing & collaboration for organisations & partners
• Fully white labelled and bespoke setup
• Large range of module capabilities configured specifically for the project
• Includes Information and Alert Feeds, Security, Risk & Resilience capabilities
• Mass and targeted notifications and alerts
• Visualise custom location information and Alerts on an interactive map
• Bespoke incident and event reporting using client terminology and categories
• Client workflows and action checklists to mirror existing procedures
• Online Learning, Training & Awareness modules

Benefits

• Do more for less - reducing costs & increasing efficiency
• Fulfill multiple requirements and capabilities, all from a single platform
• Information Management & Collaboration with a wide range of stakeholders
• Fast time, tiered messaging for an all informed network
• Bespoke workflow and action checklists to embed structure and process
• Multi stakeholder reporting and status for enhanced Situational Awareness
• Learning and awareness with operational tools
• seamless adoption and effectiveness
• Secure and easy to use with minimal training, improving adoption
• Community and business engagement for enhanced community resilience and security

£12,000 to £250,000 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at solutions@isarr.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

192119799739876

Contact

ISARR - Intelligence, Security and Risk Resilience
+44 (0) 203 4750 753
solutions@isarr.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: No. ISARR supports all main Mobile Operating Systems, Desktop Operating Systems and Browsers. It utilises any available data network and IT infrastructure.
• System requirements:
  • Modern internet browser
  • Internet connectivity

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Two Support options; Standard: - Monday to Friday 0900 - 1730 GMT Priority: - 24/7 on call Detailed within the SLA Agreement
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Support response times Two Support options; Standard: - Monday to Friday 0900 - 1730 GMT Priority: - 24/7 on call with escalation to Cloud Engineer Detailed within the SLA Agreement
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onsite consultation, configuration, training and ongoing support. Optional custom support documentation (branded to the client and including client specific procedures) Ongoing product training, knowledge transfer that informs the development roadmap so clients influence the direction of features and services.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Interfaces are available via the administration web pages to export data. In addition, full database exports are available via support requests.
• End-of-contract process: Various procedures are supported at the end of the contract inline with the clients specific data retention policies including repatriating/transitioning or destroying data all subject to GDPR / Data Protection Laws.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Same experience and features presented in mobile form factor utilising the browser application (no additional download required)
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Users with appropriate permissions have access to the admin interface. Permissions levels are granular and can be configured with different permission templates during setup and configuration. General configuration of the software, service and user admin can be conducted through this interface.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: Testing in exercises with blind users
• API: Yes
• What users can and can't do using the API: Full REST API
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The ISARR ISP Portal has a comprehensive set of customisation and administration permission options that can be built bespoke to the project. For example, Platform (client) Admins and additional Group only level admins which spreads and minimises the administration overheads. Other configuration options include; 1. Branding options: Logo, favicon, colour palette 2. Terms & conditions,footer links to custom privacy and other client policy information 3. User Management & Permissions 4. Groups and sharing structure 5. Sharing & Notification procedures 6. Security controls (password complexity, time out, multi factor authentication,IP range restrictions) 7. Comprehensive module options including; - Custom incident/event report forms - Workflow and SOP support - Statusboards - Decision logs - Resources and articles - Global Alerts (with geofence notifications) - Learning Management Platform with e-Learning & micro learning packages (SCORM and xAPI compliant) - Video Conferencing - Messaging Notifications (email, SMS, IVR)

Scaling

• Independence of resources: Cloud infrastructure provides load balanced services for high availability, with resource monitoring and horizontal and vertical scaling

Analytics

• Service usage metrics: Yes
• Metrics types: Self hosted and secure web analytics (like Google Analytics for websites) Provides activity tracking for reports on application usage including end user configurable reporting and graphical dashboards
• Reporting types:
  • API access
  • Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Interfaces are available via the administration web pages to export data (CSV and PDF). In addition, full database exports are available via support requests
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99.95% uptime
• Approach to resilience: Available on request
• Outage reporting: Clients can nominated key contacts to be added to private resource monitoring service which creates email alert updates. This includes a resources graphical dashboard.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Username and long complex passwords, requiring multi factor authentication over a dedicated VPN. Server level access also incorporates SSH For support channels SAML 2.0 with multi factor authentication All of the access controls are reviewed and managed within the Access Management Register
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: IASME Cyber Assurance Level Two Audited (third party, independent audit)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: IASME Cyber Assurance Level Two Audited - The highest IASME level of certification (3rd party, independent audited)
• Information security policies and processes: We have fully documented Policy, Standards, Guidance and Tools Information Assurance & Security Framework. This is Audited via an independent 3rd party assessor as part of the IASME Cyber Assurance Level Two Audited standard. A copy is available on request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All development is managed and controlled using software development tools including Gitlab,locally hosted and secured All software releases follow a thorough release process which includes QA testing and documentation (for internal and external use) and includes the testing of back end and user GUI elements. Once completed, this is deployed to a staging environment for client testing and familiarisation, followed by a planned release discussed and agreed with the client
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Available on request
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Available on request
• Incident management type: Supplier-defined controls
• Incident management approach: Available on request

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Wellbeing

  Fighting climate change

  ISARR are committed to fighting climate change. We do this through our Ecologi Zero partnership (https://ecologi.com/) Ecologi Zero helps ISARR track our carbon emissions - Scope 1, 2 and 3. ISARR also take proactive action and are committed to funding climate offset activities with every contract including, Habitat restoration, Reforestation, Carbon avoidance.

  Covid-19 recovery

  The ISARR platform is a digital first, online platform that can be accessed securely from any location with an internet connection, delivering capacity and capability for organisations to implement, maintain and sustain work from home and other hybrid working practices inline with recommended guidelines.

  Tackling economic inequality

  Increase supply chain resilience and capacity: The ISARR platform supports collaboration and interaction across the supply chain including staff, suppliers and key stakeholders, to build more effective risk triggers so that all partners remain more resilient to supply chain disruption through the faster, more informed response to potential risks. This builds a more collaborative, agile and resilient supply chain and proactive disruptive event mitigations.

  Wellbeing

  Improve health and wellbeing: The ISARR platform provides reporting and management capability to enhance physical and mental health and wellbeing in the workplace, with the ability to securely and rapidly communicate across key stakeholders to ensure the timely identification and mobilisation of appropriate interventions and support services. Improve community integration: The ISARR platform can facilitate information sharing, engagement and collaboration across diverse communities and stakeholders in order to better engage and communicate information at all levels, and importantly, provide the ability for collaboration and the harnessing of shared resources and interventions that will help build community cohesion, spirit and resilience.

Pricing

• Price: £12,000 to £250,000 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at solutions@isarr.com. Tell them what format you need. It will help if you say what assistive technology you use.