UrbanAware

Service scope

Software add-on or extension: No
Cloud deployment model: Private cloud
Service constraints: The software is currently deployed on a commercial cloud hosting service, with a local deployment used for development and testing. The deployment is scalable and customers only pay for what they need.
System requirements: A range of service deployment options are available

User support

Email or online ticketing support: Email or online ticketing
Support response times: Email support. Response time Next working day
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: No
Onsite support: No
Support levels: Support levels are offered in alignment with customer needs. Technical support is provided by the Riskaware team.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: UrbanAware's user manual is provided within the platform in pdf format, as well as tool tips within the user interface. Additionally, one-to-one training can be provided on request.
Service documentation: Yes
Documentation formats: HTML

PDF
End-of-contract data extraction: Data extraction can be arranged on request.
End-of-contract process: At the end of a contract, a users' account will be removed and they will no longer have access to the system.

Using the service

Web browser interface: Yes
Supported browsers: Microsoft Edge

Firefox

Chrome
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: Support for mobile devices is available through a mobile specific application. The application has a different use case to the fully-featured desktop product for commanders. Users with mobile device are typically in the field and they require specific information to be shared with them by the commander. The mobile application has been designed with this in mind.
Service interface: No
User support accessibility: WCAG 2.1 AA or EN 301 549
API: No
Customisation available: Yes
Description of customisation: Our service is customised by the Riskaware team to suit users' operational and language needs. Features can be added according to user requirements.

Scaling

Independence of resources: Each customer would have their own deployment container with it's own dedicated resources.

Analytics

Service usage metrics: Yes
Metrics types: The last login of each user is tracked. Some deployments use Google Analytics for more detailed usage analysis.
Reporting types: Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: No
Datacentre security standards: Supplier-defined controls
Penetration testing frequency: At least once a year
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Other
Other data at rest protection approach: Data is hosted on the cloud, but within its own separate container. The container is not accessible outside the internal container network. Multiple roles are used to ensure each service has minimal privileges. Riskaware are a certified Cyber Essentials Plus accredited organisation.
Data sanitisation process: No
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach: The user interface allows an audit to be produced for analysing all the actions taken during an incident or training exercise. The audit can be viewed within the tool, or exported to a Microsoft Word file. Images can also be exported of a user's simulation outputs. A full copy of the user's data can be exported on request.
Data export formats: CSV

Other
Other data export formats: PNG
Data import formats: Other

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)

Legacy SSL and TLS (under version 1.2)
Data protection within supplier network: TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability: To be agreed via Service Level Agreement.
Approach to resilience: Available on request.
Outage reporting: Email alerts are sent to a list of in-house developers in the event of any down time or unexpected modelling failures. All scheduled outages have to be officially approved by the Riskaware board and users are informed.

Identity and authentication

User authentication needed: Yes
User authentication: Username or password
Access restrictions in management interfaces and support channels: The bespoke nature of the service means that customers can request management and support services via email and therefore do not have direct access to such interfaces.
Access restriction testing frequency: At least once a year
Management access authentication: Username or password

Audit information for users

Access to user activity audit information: Users contact the support team to get audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: No audit information available
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: No
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: Yes
Any other security certifications: Cyber Essentials Plus

ISO 9001:2015 TickITplus

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: Other
Other security governance standards: Cyber Essentials Plus
Information security policies and processes: Riskaware has in place the ISO 9001:2015 TickITplus standards and is working towards obtaining ISO 27001.

Operational security

Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach: Riskaware is a certified ISO 9001:2015 TickITplus company. All of its products and processes conform to these standards. In order to ensure these QA processes are adhered to, UrbanAware uses issue-tracking tools, such as Jira, which is used to track work against requirements and to ensure high standards of work through peer review.
Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach: Riskaware is an accredited Cyber Essentials Plus company. All of it's systems and online products have been judged by assessor to be secure. The process of obtaining this accreditation, involves tracking, monitoring and mitigating vulnerabilities by Riskaware's in house ICT Team.

Additionally, the ICT team proactively monitor threats. Patches are deployed almost immediately and most of our systems are configured to automatically update. Threat information is collated from industry leading experts by the ICT team.
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: The server that hosts the application has a virus scanner and a fire wall, and all network traffic to and from the server is centrally logged. Riskaware's ICT team regularly monitor new and emerging threats via government and leading industry security sites & produce a monthly report for internal awareness.
Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach: Users can report incidents via email to the Riskaware development team. All incidents will be responded to within 24 hours, with progress tracked internally using our development management software, Jira. Our incident tracking processes adhere to the ISO 9001:2015 TickITplus standards.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: No

Fighting climate change: Fighting climate change

Riskaware's environmental policy is to meet or exceed all the relevant environmental legislation; minimise waste by ensuring operations are as efficient as possible; and to increase employee awareness of environmental issues. We do this by minimising the use of paper, reusing and recycling where possible, reducing the amount of energy used, and reducing travel and encouraging the use of greener transport
Covid-19 recovery: Covid-19 recovery

Riskaware were able to avoid furloughing or making any redundancies during the COVID-19 pandemic. With our CrystalCast product, we helped Public Health England to model various possible scenarios during the course of the pandemic.
Tackling economic inequality: Tackling economic inequality

Riskaware pays all employees above a living wage standard. In addition, Riskaware has a zero-tolerance approach to modern slavery, and we are committed to acting ethically and with integrity in all our business dealings and relationships and to implementing and enforcing effective systems and controls to ensure modern slavery is not taking place anywhere in our own business or in any of our supply chains
Equal opportunity: Equal opportunity

Riskaware has a policy of equal opportunity employment, and equal pay and benefits regardless of any of the protected characteristics outlined in the Equality Act 2010. Riskaware management will investigate any instances of direct or indirect discrimination, harassment or victimisation and resolve through their disciplinary procedure.
Wellbeing: Wellbeing

Riskaware has in place a team of mental health first aiders who are trained to offer advice to staff who are experiencing situations that are detrimental to their wellbeing, and to encourage them to seek further help if necessary. Riskaware staff have regular group and individual sessions with their line manager, at which general wellbeing is discussed as well as work related topics.

Pricing

Price: £5,000 to £100,000 a unit a year
Discount for educational organisations: No
Free trial available: Yes
Description of free trial: Free trial available on request as part of negotiations.

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

UrbanAware

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents