Black Rainbow Ltd

Black Rainbow's Case, Investigations and Quality Management Software

NIMBUS is an integrated Investigations Case and Quality Management solution for managing incidents, tasks, records, decisions, evidence, staffing, assets, investigations and intelligence. Highly configurable, flexible workflows, searching, reporting, analytics, document control, quality audits and disclosure. For proactive operations, crime scenes, major and organised crimes, forensic sciences, and ISO17025 and ISO17020.

Features

  • Integrated Case and Quality Management System with submission portal
  • Evidence tracking and contemporaneous note recording
  • Flexible workflow builder to integrate and automate SOPs and processes
  • Incident, tasking, action management and decision logging
  • Asset and Inventory management - tracking utilisation, validations, locations
  • Manage staff training and competencies linking these to operational investigations
  • Document management featuring version control, distributions, viewing and editing
  • Disclosure and Reporting management with Management Information Dashboards
  • Compatible with mobile devices for remote working

Benefits

  • Improved risk management and full activities audit logging
  • Rapidly accelerates ISO/IEC 17020:2012, 17025:2017, 9001:2015 and 27001:2013 compliance
  • Rapid deployment and highly configurable by users
  • Real-time dynamic MI dashboards for insight into operations business impacts
  • Review, retention and delete (RRD) functions to comply with legislation
  • Control and consistency through workflows - repeatable and defensible
  • COTS product; A single interoperable ICT solution with APIs
  • Absorbs information rapidly to build a visual sequence of events
  • Cross-discipline design and case collaboration for multi use cases
  • Back Record Conversion and data migration

Pricing

£850.00 to £1,600.00 a user a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nikki.moscrop@blackrainbow.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

2 7 4 3 2 1 4 5 0 1 5 2 2 5 1

Contact

Black Rainbow Ltd Nikki Moscrop
Telephone: +447831919676
Email: nikki.moscrop@blackrainbow.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
Out of standard hours support should be agreed in advance (including commercials) if required.
System requirements
Available upon request

User support

Email or online ticketing support
Email or online ticketing
Support response times
Support and maintenance agreement available upon request.

Response times vary by priority level:
P1: 2 hours
P2: 4 hours
P3: 8 hours

Changes to these standard SLA's can be agreed with individual customers if required.
User can manage status and priority of support tickets
No
Phone support
No
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Black Rainbow's standard support model is tiered by the priority of the issue. Standard support costs are included in our annual license cost and all customers are allocated a technical account manager as well as access to support@blackrainbow.com.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Black Rainbow provides online and on-site training which can be hosted on NIMBUS Learning Management System. User materials are also provided. We work closely with customers from (pre) project mobilisation through to sign-off. Furthermore we conduct on-going customer specific knowledge sharing workshops during the life of all contracts.
Service documentation
Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
Interactive media is also provided.
End-of-contract data extraction
Migration support and any other technical or project based support can be provided if required (including commercials).
End-of-contract process
Migration support and any other technical or project based support can be provided if required (including commercials).

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
N/A
Service interface
No
User support accessibility
WCAG 2.1 AA or EN 301 549
API
Yes
What users can and can't do using the API
There is an API available (not published). Buyers may contact us for additional information.
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
System is highly configurable by customers and does not require any technical proficiency to do so. It was designed this way to limit the need for customers to revert with requests for system changes which also delivers significant cost savings to customers.

Scaling

Independence of resources
Customers are provided with isolated instances (single tenanted).
System is performance tested to account for significant user scaling.

Analytics

Service usage metrics
Yes
Metrics types
Management Information Dashboards with custom widgets to provide metrics from any data recorded within the system. Metrics such as user usage, number of cases, open actions, timelines, etc.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Application-level encryption of data
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
User can export their data simply via predefined formats.
Data export formats
  • CSV
  • Other
Other data export formats
  • MS-Word.doc
  • XML
  • PDF
  • JSON
Data import formats
  • CSV
  • Other
Other data import formats
  • MS-Word .DOC
  • XML
  • PDF
  • JSON

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
All customer managed instances have a dedicated virtual network that resides within the relevant cloud hosting provider.

Availability and resilience

Guaranteed availability
99.9% as standard.
Recourse mechanisms agreed in line with SLA's.
Approach to resilience
Available upon request
Outage reporting
This is provided via email alerts.

Identity and authentication

User authentication needed
Yes
User authentication
Identity federation with existing provider (for example Google Apps)
Access restrictions in management interfaces and support channels
Direct access to the systems is not possible. A multifactor VPN connection is required to establish connection. Administrative access is logged.
Access is restricted through user role permissions and access controls. We also integrate with Customer AD / LDAP protocols.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Centre for Assessment. UKAS-accredited body No. 0120
ISO/IEC 27001 accreditation date
21/06/2021
What the ISO/IEC 27001 doesn’t cover
Black Rainbow adopts a fully remote working environment therefore the only clauses not included in our ISO/IEC 27001 certification are those relating to office premises.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Black Rainbow are Cyber Essentials Plus certified. Black Rainbow is certified to ISO/IEC 27001:2013 Training is conducted monthly and procedures and processes updated accordingly.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Configuration and change management activities are managed through our service desk. All changes are assessed for availability, integrity and security considerations Further information available upon request.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Black Rainbow conduct continuous automated vulnerability assessments. Patches to be deployed within agreed maintenance windows or unless otherwise agreed. Further information can be provided upon request.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Black Rainbow ensure all logging goes via/ assessed by our SIEM which is continuously monitored. All risks are identified and managed in line with Black Rainbow security policies and procedures, copies of which may be made available to customers upon request.
Incident management type
Supplier-defined controls
Incident management approach
All risks are identified and managed in line with Black Rainbow security policies and procedures, copies of which may be made available to customers upon request.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

Black Rainbow actively mitigates negative environmental impacts through, for example: • Improved planning and execution of people and project management – if staff must travel then they execute multiple initiatives on individual trips, thereby optimising employees necessary travel and ultimately reducing CO2 emissions • In line with the above, we also have a defined strategy and drive for remote customer engagement where possible, also reducing unnecessary travel • Reduction of paper and other consumables and effective recycling and waste disposal tactics • Products are accessible on any existing device so no need to procure additional devices, supports reuse initiatives • Black Rainbow IT infrastructure is fully cloud based. Cloud based computing increases the use of renewable energy sources • Supplier vetting and management • Raising awareness amongst employees and promoting energy efficiencies for home offices
Covid-19 recovery

Covid-19 recovery

Like most other businesses, our business operations were interrupted as part of the Covid-19 pandemic beginning March 2020 (albeit the interruption and impact were relatively minimal). The following outlines how we managed effectively through this period: • Our agile way of working (including well established and embedded remote working processes and culture) ensured the delivery and quality of our product and services remained at a high standard • On a weekly basis we reviewed employees’ roles and responsibility matrix and workloads to ensure adequate cross- coverage in the instances that team members fall ill • We brought forward planned recruitment and recruited additional staff as a contingency measure • We over resourced strategic projects to ensure effective knowledge sharing and resilience and also ensure a degree of staffing buffer across all projects • We reached out to staff on a one to one basis to support their well-being during this difficult period and deployed an updated employee communications strategy • We updated customer installation and training documentation to facilitate remote installs and training delivery in lieu of physical access being permitted to customer sites • The health and safety of our employees and customers is of paramount importance and we therefore reinforced government guidelines and ensured all scheduled team and customer meetings/interactions were remotely held • All relevant internal policies and procedures were updated and made operational accordingly
Tackling economic inequality

Tackling economic inequality

Black Rainbow provides well paying full time yet flexible employment across a diverse social economic landscape and are proud of the opportunities we afford our employees. We actively promote ongoing education within our workforce and provide them with fresh challenges to keep their relevant and marketable. We work with small suppliers where possible and appropriate to support the economic viability and success of small businesses. We are committed to paying suppliers on time. We do not tolerate discrimination on any grounds and proactively solicit feedback in relation to employee concerns. We support select charitable causes that in our opinion directly and immediately impact and improve the lives of those affected. One of the causes we sponsor is the Dragon the Deben (https://www.facebook.com/dragonthedeben/) for charity and team building to help address the stresses of the outside world and bring people together in these trying times, all whilst supporting the Teenage Cancer Trust and St Margaret’s Hospice. The two dragon boats are called NIMBUS and PHANEROS. We are committed to continued growth and to improving the lives of our employees and the communities in which we operate.
Equal opportunity

Equal opportunity

As above, Black Rainbow provide well paying full time yet flexible employment across a diverse social economic landscape and are proud of the opportunities we afford our employees. We are committed to supporting well above the national Living Wage. We promote equality of opportunity and develop our workforce to reflect the population of the countries in which we operate such as age, gender, religion or belief, race, sexual orientation and disability. We work with select suppliers (e.g. recruitment agencies) to ensure that equal opportunity is positioned appropriately and proactively on their criteria and company agenda.
Wellbeing

Wellbeing

All our employees are FTEs and have stability of employment and hours of work. We do not have any zero-hour contract employees. We encourage flexible working (including for example practices such as flexitime) and encourage family friendly working and wider work life balance practices. We promote healthy lifestyle choices. We provide a structured and market aligned benefits package to all employees to support health and wellbeing. We work to ensure a positive growth culture and opportunities for development within Black Rainbow aligned with individuals wholistic life and career plans. We support lifelong learning and the career development of our employees. Our communications strategies and plans also promote employee wellbeing across multiple fronts. We fully support progressive workforce engagement, recognition and representation where possible, and encourage all staff to use and contribute with an effective voice in a safe and supportive environment.

Pricing

Price
£850.00 to £1,600.00 a user a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nikki.moscrop@blackrainbow.com. Tell them what format you need. It will help if you say what assistive technology you use.