Black Rainbow's Case, Investigations and Quality Management Software
NIMBUS is an integrated Investigations Case and Quality Management solution for managing incidents, tasks, records, decisions, evidence, staffing, assets, investigations and intelligence. Highly configurable, flexible workflows, searching, reporting, analytics, document control, quality audits and disclosure. For proactive operations, crime scenes, major and organised crimes, forensic sciences, and ISO17025 and ISO17020.
Features
- Integrated Case and Quality Management System with submission portal
- Evidence tracking and contemporaneous note recording
- Flexible workflow builder to integrate and automate SOPs and processes
- Incident, tasking, action management and decision logging
- Asset and Inventory management - tracking utilisation, validations, locations
- Manage staff training and competencies linking these to operational investigations
- Document management featuring version control, distributions, viewing and editing
- Disclosure and Reporting management with Management Information Dashboards
- Compatible with mobile devices for remote working
Benefits
- Improved risk management and full activities audit logging
- Rapidly accelerates ISO/IEC 17020:2012, 17025:2017, 9001:2015 and 27001:2013 compliance
- Rapid deployment and highly configurable by users
- Real-time dynamic MI dashboards for insight into operations business impacts
- Review, retention and delete (RRD) functions to comply with legislation
- Control and consistency through workflows - repeatable and defensible
- COTS product; A single interoperable ICT solution with APIs
- Absorbs information rapidly to build a visual sequence of events
- Cross-discipline design and case collaboration for multi use cases
- Back Record Conversion and data migration
Pricing
£850.00 to £1,600.00 a user a year
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
2 7 4 3 2 1 4 5 0 1 5 2 2 5 1
Contact
Black Rainbow Ltd
Ian O'Callaghan
Telephone: +353872335214
Email: ops@blackrainbow.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Public cloud
- Private cloud
- Hybrid cloud
- Service constraints
- Out of standard hours support should be agreed in advance (including commercials) if required.
- System requirements
- Available upon request
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Support and maintenance agreement available upon request.
Response times vary by priority level:
P1: 2 hours
P2: 4 hours
P3: 8 hours
Changes to these standard SLA's can be agreed with individual customers if required. - User can manage status and priority of support tickets
- No
- Phone support
- No
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- Black Rainbow's standard support model is tiered by the priority of the issue. Standard support costs are included in our annual license cost and all customers are allocated a technical account manager as well as access to support@blackrainbow.com.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Black Rainbow provides online and on-site training which can be hosted on NIMBUS Learning Management System. User materials are also provided. We work closely with customers from (pre) project mobilisation through to sign-off. Furthermore we conduct on-going customer specific knowledge sharing workshops during the life of all contracts.
- Service documentation
- Yes
- Documentation formats
-
- Other
- Other documentation formats
- Interactive media is also provided.
- End-of-contract data extraction
- Migration support and any other technical or project based support can be provided if required (including commercials).
- End-of-contract process
- Migration support and any other technical or project based support can be provided if required (including commercials).
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- MacOS
- Windows
- Windows Phone
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- N/A
- Service interface
- No
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- API
- Yes
- What users can and can't do using the API
- There is an API available (not published). Buyers may contact us for additional information.
- API documentation
- Yes
- API documentation formats
- Open API (also known as Swagger)
- API sandbox or test environment
- No
- Customisation available
- Yes
- Description of customisation
- System is highly configurable by customers and does not require any technical proficiency to do so. It was designed this way to limit the need for customers to revert with requests for system changes which also delivers significant cost savings to customers.
Scaling
- Independence of resources
-
Customers are provided with isolated instances (single tenanted).
System is performance tested to account for significant user scaling.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Management Information Dashboards with custom widgets to provide metrics from any data recorded within the system. Metrics such as user usage, number of cases, open actions, timelines, etc.
- Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Encryption of all physical media
- Other
- Other data at rest protection approach
- Application-level encryption of data
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- User can export their data simply via predefined formats.
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- MS-Word.doc
- XML
- JSON
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- MS-Word .DOC
- XML
- JSON
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- Other
- Other protection within supplier network
- All customer managed instances have a dedicated virtual network that resides within the relevant cloud hosting provider.
Availability and resilience
- Guaranteed availability
-
99.9% as standard.
Recourse mechanisms agreed in line with SLA's. - Approach to resilience
- Available upon request
- Outage reporting
- This is provided via email alerts.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Identity federation with existing provider (for example Google Apps)
- Access restrictions in management interfaces and support channels
-
Direct access to the systems is not possible. A multifactor VPN connection is required to establish connection. Administrative access is logged.
Access is restricted through user role permissions and access controls. We also integrate with Customer AD / LDAP protocols. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Dedicated link (for example VPN)
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- Between 6 months and 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Centre for Assessment. UKAS-accredited body No. 0120
- ISO/IEC 27001 accreditation date
- 21/06/2021
- What the ISO/IEC 27001 doesn’t cover
- Black Rainbow adopts a fully remote working environment therefore the only clauses not included in our ISO/IEC 27001 certification are those relating to office premises.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- Black Rainbow are Cyber Essentials Plus certified. Black Rainbow is certified to ISO/IEC 27001:2013 Training is conducted monthly and procedures and processes updated accordingly.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Configuration and change management activities are managed through our service desk. All changes are assessed for availability, integrity and security considerations Further information available upon request.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Black Rainbow conduct continuous automated vulnerability assessments. Patches to be deployed within agreed maintenance windows or unless otherwise agreed. Further information can be provided upon request.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Black Rainbow ensure all logging goes via/ assessed by our SIEM which is continuously monitored. All risks are identified and managed in line with Black Rainbow security policies and procedures, copies of which may be made available to customers upon request.
- Incident management type
- Supplier-defined controls
- Incident management approach
- All risks are identified and managed in line with Black Rainbow security policies and procedures, copies of which may be made available to customers upon request.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
Black Rainbow actively mitigates negative environmental impacts through, for example: • Improved planning and execution of people and project management – if staff must travel then they execute multiple initiatives on individual trips, thereby optimising employees necessary travel and ultimately reducing CO2 emissions • In line with the above, we also have a defined strategy and drive for remote customer engagement where possible, also reducing unnecessary travel • Reduction of paper and other consumables and effective recycling and waste disposal tactics • Products are accessible on any existing device so no need to procure additional devices, supports reuse initiatives • Black Rainbow IT infrastructure is fully cloud based. Cloud based computing increases the use of renewable energy sources • Supplier vetting and management • Raising awareness amongst employees and promoting energy efficiencies for home offices - Covid-19 recovery
-
Covid-19 recovery
Like most other businesses, our business operations were interrupted as part of the Covid-19 pandemic beginning March 2020 (albeit the interruption and impact were relatively minimal). The following outlines how we managed effectively through this period: • Our agile way of working (including well established and embedded remote working processes and culture) ensured the delivery and quality of our product and services remained at a high standard • On a weekly basis we reviewed employees’ roles and responsibility matrix and workloads to ensure adequate cross- coverage in the instances that team members fall ill • We brought forward planned recruitment and recruited additional staff as a contingency measure • We over resourced strategic projects to ensure effective knowledge sharing and resilience and also ensure a degree of staffing buffer across all projects • We reached out to staff on a one to one basis to support their well-being during this difficult period and deployed an updated employee communications strategy • We updated customer installation and training documentation to facilitate remote installs and training delivery in lieu of physical access being permitted to customer sites • The health and safety of our employees and customers is of paramount importance and we therefore reinforced government guidelines and ensured all scheduled team and customer meetings/interactions were remotely held • All relevant internal policies and procedures were updated and made operational accordingly - Tackling economic inequality
-
Tackling economic inequality
Black Rainbow provides well paying full time yet flexible employment across a diverse social economic landscape and are proud of the opportunities we afford our employees. We actively promote ongoing education within our workforce and provide them with fresh challenges to keep their relevant and marketable. We work with small suppliers where possible and appropriate to support the economic viability and success of small businesses. We are committed to paying suppliers on time. We do not tolerate discrimination on any grounds and proactively solicit feedback in relation to employee concerns. We support select charitable causes that in our opinion directly and immediately impact and improve the lives of those affected. One of the causes we sponsor is the Dragon the Deben (https://www.facebook.com/dragonthedeben/) for charity and team building to help address the stresses of the outside world and bring people together in these trying times, all whilst supporting the Teenage Cancer Trust and St Margaret’s Hospice. The two dragon boats are called NIMBUS and PHANEROS. We are committed to continued growth and to improving the lives of our employees and the communities in which we operate. - Equal opportunity
-
Equal opportunity
As above, Black Rainbow provide well paying full time yet flexible employment across a diverse social economic landscape and are proud of the opportunities we afford our employees. We are committed to supporting well above the national Living Wage. We promote equality of opportunity and develop our workforce to reflect the population of the countries in which we operate such as age, gender, religion or belief, race, sexual orientation and disability. We work with select suppliers (e.g. recruitment agencies) to ensure that equal opportunity is positioned appropriately and proactively on their criteria and company agenda. - Wellbeing
-
Wellbeing
All our employees are FTEs and have stability of employment and hours of work. We do not have any zero-hour contract employees. We encourage flexible working (including for example practices such as flexitime) and encourage family friendly working and wider work life balance practices. We promote healthy lifestyle choices. We provide a structured and market aligned benefits package to all employees to support health and wellbeing. We work to ensure a positive growth culture and opportunities for development within Black Rainbow aligned with individuals wholistic life and career plans. We support lifelong learning and the career development of our employees. Our communications strategies and plans also promote employee wellbeing across multiple fronts. We fully support progressive workforce engagement, recognition and representation where possible, and encourage all staff to use and contribute with an effective voice in a safe and supportive environment.
Pricing
- Price
- £850.00 to £1,600.00 a user a year
- Discount for educational organisations
- No
- Free trial available
- No