Rebel Software

Intranet / Extranet / Communications Development

We provide multiple SaaS and PaaS services for secure Intranet Development, Extranets, Social Intranets, Travel Booking and Expense Management, Workplace Hazard Reporting and Management, health and Safety Reporting and Management, Property Management, Stock Management

Features

• Access via Desktop, Phone or Tablet
• Real time reporting
• User Permissions
• Machine Learning
• Visual Reporting and Metrics

Benefits

• Publish content from multiple devices
• Collaborative Working
• Quickly manage content on the move
• Easy and Intuitive Interface
• Personalised User Dashboard
• Visual Reporting and Metrics
• Administrator Dashboard

£3.50 to £7.00 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gary.holman@rebel.agency. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

210763483084546

Contact

Gary Holman
07802981581
gary.holman@rebel.agency

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: We provide multiple SaaS and PaaS services for Intranet Development, Extranets, Social Intranets, Travel Booking and Expense Management, Workplace Hazard Reporting and Management, health and Safety Reporting and Management, Property Management, Stock Management
• Cloud deployment model: Private cloud
• Service constraints: We use a Microservices Architecture and any maintenance is undertaken with no disruption to services - Any major updates to the core the users will be notified in advance
• System requirements: SaaS and PaaS require browser based access

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 15 minutes to 4 hrs
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AAA
• Web chat accessibility testing: We have done extensive Web chat testing with good feedback
• Onsite support: Onsite support
• Support levels: Basic - Billing support and read-only access to break/fix cases - Support Desk - Technical account manager or cloud support engineer. 4 hrs - 7hrs - FREE; Pro Development - In-depth investigation and response for developers - Support Desk and Telephone. Technical account manager or cloud support engineer. Response time 15 mins - 4 hrs - £62.50 Per Hour per user (Billed Monthly); Pro Production - Fast, thorough response for live solution managers. Support Desk and Telephone. Technical account manager or cloud support engineer. Response time 15 mins - 1 hr - £75.00 per user (Billed Monthly); Enterprise - Strategic guidance and 24/7 onsite and hands-on help for all cases and users - Individual Case Specific and Dependent on location -Technical account manager or cloud support engineer. Response time POA Please call to discuss
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our software is designed to be extremely intuitive and easy to use - Users will require little or no training to use both our SaaS and PaaS solutions. However both online and onside training will be provided if necessary
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: All data is extracted via the a web download interface and the original database fully wiped upon contract end
• End-of-contract process: There are no 'hidden' additional costs at the end of the contract - Unless specified within a bespoke contract addition - Please call us for further information

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The layout user interface is different and optimised for tablet and mobile for easy use
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: The whole platform is API based. Changes to the software are not made through the API unless specifically required by the client
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: We offer an API first platform with no user interface where clients can use their own user interface to attach to our services via API's - All our services can be fully customised to match the clients requirements and expectations

Scaling

• Independence of resources: We use AWS EC2 Instances to provide on demand processing and power to scale up in line with user performance and usage

Analytics

• Service usage metrics: Yes
• Metrics types: Administrator User Metrics, System/Platform Infrastructure or application metrics all metrics are gathered via Elastisearch: Platform search, caching and visualised using Kibana: Analytics (works in conjunction with Elastisearch)
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Via the user interface CSV or Excel options - User Permissions apply for access
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We have an 99.9% uptime guarantee and a Service Level Agreement - In the unlikely event that a catastrophic event happens subscription is suspended and users refunded
• Approach to resilience: We use AWS EC2 Instances in the AWS datacentre for our hosting requirements. We offer customers the ability to achieve highly resilient network connections between Amazon Virtual Private Cloud (Amazon VPC) and their on-premises infrastructure. This capability extends customer access to AWS resources in a reliable, scalable, and cost-effective way. Highly resilient, fault-tolerant network connections are key to a well-architected system. AWS recommends connecting from multiple data centres for physical location redundancy. When designing remote connections, we consider using redundant hardware and telecommunications providers. Additionally, it is a best practice to use dynamically routed, active/active connections for automatic load balancing and failover across redundant network connections. Provision sufficient network capacity to ensure that the failure of one network connection does not overwhelm and degrade redundant connections.
• Outage reporting: Via a public dashboard an API and SMS and email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: Access to the platform can be made immediately through the Admin panel or via contact to us directly as long as you have the proper authorisation to do so
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
• Information security policies and processes: To establish a general approach to information security To detect and forestall the compromise of information security such as misuse of data, networks, computer systems and applications. To protect the reputation of the company with respect to its ethical and legal responsibilities. To observe the rights of the customers; providing effective mechanisms for responding to complaints and queries concerning real or perceived non-compliances with the policy is one way to achieve this objective.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We ensure that changes to the system have been properly tested and authorised. Changes are access so they do not unexpectedly alter security properties Vulnerability management – We identify and mitigate security issues in constituent components Protective monitoring – We ensure measures in place to detect attacks and unauthorised activity on the service Incident management – We respond to incidents and recover a secure, available service The status, location and configuration of service components (both hardware and software) are tracked throughout their lifetime. Changes to the service are assessed for potential security impact. Then managed and tracked through to completion.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We employ: Regular penetration tests of infrastructure and any relevant web applications Security reviews of the design of the service An engineering approach that ensures security is a key consideration in developing the service
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We implement regular audit events to support effective identification of suspicious activity All events are analysed to identify potential compromises or inappropriate use of your service We take prompt and appropriate action to address incidents
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incident management processes are in place for the service and are actively deployed in response to security incidents along with a full report Pre-defined processes are in place for responding to common types of incident and attack Users report through a 24/7 defined process and contact route exists via telephone helpdesk and email for reporting of security incidents by consumers and external entities Security incidents of relevance will be reported to you immediately or in an acceptable timescales and formats

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • NHS Network (N3)

Social Value

• Fighting climate change:

  Fighting climate change

  We are building a culture of awareness. Making sustainability part of our culture, it will become the norm, both in and out of the office. We rethink our waste. Reduce our travel where possible. Choose environmentally conscious vendors and strive to save energy.
• Covid-19 recovery:

  Covid-19 recovery

  We are committed to support the recovery of any employees who are suffering and have suffered Covid-19.
• Tackling economic inequality:

  Tackling economic inequality

  From creating new businesses and new employment opportunities, to improving education and training, Rebel is committed to tackling economic inequality at root. Our overriding vision is to help lower the unequal distribution of income and opportunity between different groups in society.
• Equal opportunity:

  Equal opportunity

  We are a equal opportunities business and employer
• Wellbeing:

  Wellbeing

  We actively monitor and protect employee wellbeing

Pricing

• Price: £3.50 to £7.00 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Rebel Software has developed a new secure Intranet / Extranet platform called 'Hubly' which is the first social community networking platform builder of its kind to use AI to proactively monitor and help protect organisations and online communities from abusive, harmful content and potential brand reputational damage…”
• Link to free trial: https://app.hubly.online/sign-up/

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gary.holman@rebel.agency. Tell them what format you need. It will help if you say what assistive technology you use.