4C Europe UK Ltd

Exonaut Business Continuity Management Solution

Exonaut Business Continuity Manager is a web-based, end-to-end solution to maintain organisational resilience and ensure efficient recovery from disruptions. It integrates and automates your business continuity program, including continuity plans, risk assessments, incident management and IT disaster recovery. Customised dashboards provide a real-time overview of critical resources and response efforts.

Features

• Digitally develop, review, test and invoke business continuity plans
• Dashboard visualisation of continuity plan status and risk exposure
• Business Impact Analysis mapping of dependencies and Recovery Time Objectives
• Integrated risk assessments against critical dependencies and resources
• Mobile and web access to latest continuity and crisis plans
• Configurable email, SMS, push and in-system notifications
• Automated reporting of data analytics in multiple export formats
• Cloud-based or on-premise solution

Benefits

• Visualise operational, organisational and IT continuity status
• Digitalise the testing and invocation of continuity plans
• Consolidate all business continuity information into single system
• Access updated information in mobile and web-based interface
• Secure data with customisable permission structure and technical safeguards
• Simplify task management to assign and track continuity plan ownership
• Automate reporting of business continuity data, saving time and resources
• Standalone solution or scalable with training/risk/incident/compliance management solutions

£442 to £585 a user a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at planning@4cstrategies.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

224780990632434

Contact

Katie Smith
07712404486
planning@4cstrategies.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Exonaut comprises the following scalable solutions, which can operate independently or as part of a fully integrated platform for Governance, Risk and Compliance, and Emergency Management needs:; - Risk Management; - Business Continuity Management; - Incident & Crisis Management; - Compliance Management; - Training & Exercises; - Command & Control
• Cloud deployment model: Private cloud
• Service constraints: There are no constraints
• System requirements:
  • Administrators: Java 8 or later.
  • All users: Windows 7 Operating System or later
  • All users: Chrome, Firefox, Edge or Internet Explorer 11
  • Mobile users: Android 5.1, Windows 8.1, iOS 9 (or later)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The Exonaut support portal is available 24/7, where users can submit and track their questions until resolution. Response times range from 5 mins to 4 hours depend on the level of criticality for the question raised. Critical issues receive a response within one hour on average. Weekend support can be purchased as an additional service.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: In addition to the 24/7 support portal, helpdesk hours with telephone support are available from 09:00-17:00 (UK Time) Monday to Friday, excluding national holidays. Each client also has a dedicated account manager for support and troubleshooting throughout the implementation project and once the solution is live. ; ; Please refer to our Pricing document for the support costs, which are included as part of our license agreement.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The 4C Account Manager will discuss your requirements at an early stage in the sales process. This will allow us to understand how you want to access your data, the level of configuration and customisation required (such as roles, permissions and access rights). We will also discuss your requirements for mobile working supporting laptop, smart phone or tablet access for remote/field based workers. ; ; All SaaS implementations utilise a rapid implementation methodology ensuring that the service is tailored to fit each organisation and is tested adequately by the organisation prior to “Go Live”. ; ; A standard training package is included in the Implementation Project, providing:; - 1 x 8 hour/full day Training Session for Super Users; - 2 x 4 hour/half day Training Session for Standard Users (max 8 participants per session); ; Alternatively, 4C can work with the customer to provide a customisable training package .; ; 4C provides a User Guide to accompany each Exonaut solution which is updated for each Service Release (every 6 months) as well as a searchable Exonaut Knowledge Management Portal with a series of How-To & Troubleshooting articles.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Upon termination of the contract the customer has the option to receive a backup of all data by one of the following formats, e.g:; * Hard drives ; * USB keys; * Internet File Transfer (Sftp or FTP-S) ; ; 4C will then delete and destroy all copies of the customer’s data.; ; The buyer can complete basic data extraction by using Microsoft Excel at any stage of the contract.
• End-of-contract process: 4C will provide an extract of the customer data as part of the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The Exonaut Mobile Observer App allows users to access and update information held in the Exonaut database from an Android or iOS device, and from a Windows tablet. When the device is offline it is stored locally and the information is updated dynamically when connectivity is restored. Functionality includes: accessing maps and updated documents; submitting geotagged incident reports/inspections/evaluations with photo/video/audio evidence; and secure messaging feature.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: Web and mobile interface, with the possibility for integration with other systems via the Exonaut Integration Engine. ; ; Information can also be collected via email questionnaires which do not require the user to log in to Exonaut. Users are directed to a web form, in which they submit information that is updated to the system and any dashboard overviews in real-time.
• Accessibility standards: None or don’t know
• Description of accessibility: Exonaut applications are designed to be compliant to WCAG 2.0 AA and similar standards for user accessibility
• Accessibility testing: Exonaut is subject to continuous testing as part of its rampup and release process with two service releases per year. This testing also includes users of assistive technology.
• API: Yes
• What users can and can't do using the API: There are several different APIs available. One has full access to the system (read/write/delete) based on the credentials used when calling the API. In addition there are other APIs with reduced functionality to enable simpler integration. In general any implementation of an API integration would involve an initial consultation to define the appropriate data transfer configuration.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: During the implementation stage of the project 4C will work with the buyer to understand how the system will be configured to fit their individual requirements. System administrators will then be trained in how to make changes to the configuration and customisation. Customisation of the system comprises adding logos, changes to certain data tags and the creation of bespoke system attributes for form creation. Only users with specific permissions can make changes to the system.

Scaling

• Independence of resources: All clients have a single and unique front end instance of the system where we can set bandwidth limitations or limit the usage of different type of IOPS e.g CPU usage, in order to balance load between individual services.

Analytics

• Service usage metrics: Yes
• Metrics types: Regular and bespoke reports on service usage can be requested.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Data can be exported in .DOC, .CSV, .XLS, HTML and PDF formats through our configurable reporting tool.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • .DOC
  • .XLS
  • .PDF
  • HTML
• Data import formats:
  • CSV
  • Other
• Other data import formats: .XLS

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 4C guarantees Exonaut availability level of 99 percent. Service Credits will be provided to users in the event that these levels are not met, in accordance with “4C Strategies Software as a Service – Terms and Conditions” document that has been uploaded to the G-Cloud 13 portal.
• Approach to resilience: Our services run in a fully redundant and clustered infrastructure on Site A. All systems are then replicated to a fully redundant clustered infrastructure on Site B. In case of an emergency the delivery of services will switch from Site A to Site B. Details available on request.
• Outage reporting: Email alerts to appointed contacts within customer organization. If outage is endangering SLA breach escalation to a management incident team who will contact customer by phone or other agreed means.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Restricted to named users with access control and regular review.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: UK Cyber Essentials Plus

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: UK Cyber Essentials Plus; ISO 9001 Quality Management certification
• Information security policies and processes: 4C closely follow standard set out in ISO27001 and are working towards accreditation at 4C Group Level by the end of 2022.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: IT Service management is in line with ISO27001 and certified through IASME. Our hosting environment uses automated configuration tools to maintain an overview of system status. Planned significant changes are extensively tested in a sandbox environment prior to deployment. Monthly management checks are used to assure this process.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: IT Service management is in line with ISO27001 and certified through IASME. Our hosting environment is patched in accordance with normal industry practice and timescales. Automated reporting tools are used to maintain configuration control. Monthly management checks and annual penetration testing is used to assure this process.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: IT Service management is in line with ISO27001 and certified through IASME. Our hosting environment uses automated monitoring scanning tools to identify and handle potential incidents. Alerts are generated and handled by support personnel as appropriate. Monthly management checks are used to assure this process.
• Incident management type: Supplier-defined controls
• Incident management approach: Depending on the type of incident it is always directly escalated to a responsible manager who then conducts an assessment and escalates further if needed. Incidents are either reported by automatic alarms or reported through any of our available support channels: web / email / phone. Affected clients are always notified through their POC and an incident report made available afterword either by request or automatically sent out depending on the contractual agreement.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  It is important for 4C Strategies to engage itself in the sustainable long-term development of our community. One significant part of our community engagement is to actively conduct continuous environmental efforts within our ordinary operations in order to contribute to a long-term sustainable community. Since a few years back, 4C Strategies has been working with complete compliance to ISO 14001, but are currently not certified. Our environmental efforts include our direct environmental impact (at our offices and our business travels), our indirect environmental impact (through the assignments we carry out for our customers) as well as our part of collective responsibilities regarding sustainable development from a larger perspective. Our environmental activities are conducted through distinct routines and principles, and are revised and measured against set targets annually.
• Covid-19 recovery:

  Covid-19 recovery

  Available upon request
• Tackling economic inequality:

  Tackling economic inequality

  Gender equality can be divided into quantitative and qualitative equality. Quantitative gender equality refers to the gender distribution within for example different positions within different levels of an organisation. An equal gender balance is normally present if at least 40 percent belong to the underrepresented gender. Qualitative refers to the conditions, knowledge and experience within an organisation. A qualitatively equal organisation takes advantage of the experience and knowledge of both women and men and lets them enrich the norm. An organisation can be equal in a qualitative sense and not have an even gender balance or have an even gender balance without being equal in the qualitative sense. 4C shall work towards both a quantitative and qualitative equality within the company. Women and men should be provided equal opportunity to exert influence on the company's business and influence their own work situation, there shall be no unjustified salary differences, women and men should have equal opportunities for development, there shall be favourable conditions for combining work and family and there shall be no gender-based harassment. 4C offers individualised salaries. Salary differentiations should be explainable through fact-based and thereby gender-neutral reasons. Difference in salary between for example women and men is surveyed yearly and the result of the salary survey is used in the salary revision.
• Equal opportunity:

  Equal opportunity

  4C shall regardless of gender, transgender identity or expression, ethnicity, religion or other belief, disability, sexual orientation and age, provide equal rights to exert influence on the company's business and own work situation. The company shall offer equal opportunities for career-, competence-, and personal development. 4C strives for gender balance at all levels of the company. In internal and external recruitment, the gender balance aspect should always be considered. An applicant of an underrepresented gender should therefore be recruited if there are several applicants with equal or equivalent qualifications. Employees should be able to combine employment with parenthood and the company shall offer favourable conditions for combining work and family life to the highest possible degree. Employees on parental leave should not be overlooked when salaries are revised. 2020-12-15 RESTRICTED Code of Conduct 4C Group AB 3(4) Group AB http://www.4cstrategies.com Telephone: +46(0)8-522 279 00 Stockholm info@4cstrategies.com Fax: +46(0)8-20 15 62 4C shall analyse conditions, policies, processes, routines and workplace culture in order to prevent discrimination and promote equal rights and opportunities regardless of gender, transgender identity or expression, ethnicity, religion or other belief, disability, sexual orientation and age. Below are listed the areas in which 4C shall take active measures for all grounds of discrimination: • Working conditions • Provisions and practices regarding pay and other terms of employment • Compensation, Benefits and other contractual terms • Recruitment and promotion • Education and training. Other opportunities for skills development • Possibility to reconcile work and parenthood
• Wellbeing:

  Wellbeing

  Available upon request

Pricing

• Price: £442 to £585 a user a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at planning@4cstrategies.com. Tell them what format you need. It will help if you say what assistive technology you use.