Black Rainbow Ltd

Black Rainbows' NIMBUS: Forensic, Investigations and Intelligence Software (hosted service)

Black Rainbow's Nimbus Forensic, Investigations and Intelligence Products (hosted service)

Features

• Requirements consultation and validation
• Technical architecture design and implementation
• Security risk management
• System configuration support
• Training and enablement
• Manage staff training and competencies linking these to operational investigations
• Systems and tool configuration
• Service and support desk
• Data migration support
• Cloud application performance management

Benefits

• Rapid deployment
• Immediate operational gains and efficiencies
• Muti-team collaboration
• Full auditability
• Integrated modules
• Custom simple configuration and workflow building
• COTS product; A single interoperable ICT solution with APIs
• Resource and Asset optimization
• Real time and flexible management information
• Scalable flexible platform and for multi locations and use cases

£750 to £2,400 a unit

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ops@blackrainbow.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

295228854250704

Contact

ops@blackrainbow.com
+353872335214
ops@blackrainbow.com

Service scope

• Service constraints: P1 support available 24/7 for Black Rainbow cloud hosted solutions.; Support delivered in line with Black Rainbow support and maintenance agreement. Out of standard hours support should be agreed in advance if required.
• System requirements: Available upon request

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support and maintenance agreement available upon request. Response times vary by priority level: P1: 30 minutes P2: 4 hours P3: 12 hours Changes to these standard SLA's can be agreed with individual customers if required.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Black Rainbow's standard support model is not tiered by customer status - but tiered by the priority of the issue. Support costs are included in our annual license cost and all customers are allocated a technical account manager as well as access to support@blackrainbow.com.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Black Rainbow enables customers on NIMBUS products. This enablement approach ensures customers have the ability to make configuration changes to the "out of the box" configuration to suit their specific requirements. Black Rainbow also offers end-user training in a variety of formats. User materials are also provided.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Interactive media is also provided
• End-of-contract data extraction: Migration support and any other technical or project based support can be provided if required (at an additional cost). This may be outlined in the Exit Plan.
• End-of-contract process: Migration support and any other technical or project based support can be provided if required (at an additional cost). This may be outlined in the Exit Plan.

Using the service

• Web browser interface: Yes
• Using the web interface: Users have access to application configuration, customisation, colour theme, languages, user roles set-up, administration and management as well as application usage.
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: Please contact us for additional information.
• API: Yes
• What users can and can't do using the API: There is an API available (not published). Buyers may contact us for additional information.
• API automation tools: Other
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: Customers are provided with isolated instances (single tenanted). System is performance tested to account for significant user scaling.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
• Other metrics:
  • Page response times
  • Total data storage
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Application-level encryption of data
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up: Database and web server back-up
• Backup controls: This is agreed with Black Rainbow as part of the standard offering in terms of frequency and nature of back-ups in accordance with SLA's and other requirements.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: All services part of customer managed instances within dedicated virtual network cloud hosting provider.

Availability and resilience

• Guaranteed availability: 99.9% as standard. Recourse mechanisms agreed in line with SLA's
• Approach to resilience: Available upon request
• Outage reporting: This is provided via email alerts

Identity and authentication

• User authentication: Identity federation with existing provider (for example Google apps)
• Access restrictions in management interfaces and support channels: Direct access to the systems is not possible. A multifactor VPN connection is required to establish connection. Administrative access is logged.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
• Devices users manage the service through: Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Centre for Assessment. UKAS-accredited body No. 0120
• ISO/IEC 27001 accreditation date: 21/06/2021
• What the ISO/IEC 27001 doesn’t cover: Black Rainbow adopts a fully remote working environment therefore the only clauses not included in our ISO/IEC 27001 certification are those relating to office premises.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Black Rainbow are Cyber Essentials Plus certified. Black Rainbow is certified to ISO/IEC 27001:2013 Training is conducted monthly and procedures and processes updated accordingly.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Configuration and change management activities are managed through our service desk. All changes are assessed for availability, integrity and security considerations Further information available upon request.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Black Rainbow conduct continuous automated vulnerability assessments. Patches to be deployed within agreed maintenance windows or unless otherwise agreed. Further information can be provided upon request.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Black Rainbow ensure all logging goes via/ assessed by our SIEM which is continuously monitored. All risks are identified and managed in line with Black Rainbow security policies and procedures, copies of which may be made available to customers upon request.
• Incident management type: Supplier-defined controls
• Incident management approach: All risks are identified and managed in line with Black Rainbow security policies and procedures, copies of which may be made available to customers upon request.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: A selection of third parties (e.g. AWS/ Microsoft Azure)
• How shared infrastructure is kept separate: This is achieved via isolated instances and all PaaS services being single tenant.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: This is achieved and delivered via our hosting providers.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Black Rainbow works to fight climate change through: • Better orchestration of logistics and deployment of people to reduce unnecessary travel and reduce CO2 emissions. • Reduction of paper and printing consumables, waste disposal, reducing CO2 emissions and unnecessary deforestation. • Products are accessible on any existing device so no need to procure additional devices, supports reuse initiatives. • Black Rainbow IT infrastructure is fully cloud based and we encourage our customers to transition over to cloud based computing. Cloud based computing increases the use of renewable energy sources. Cloud service providers we have chosen to have created data centres that rely on renewable energy sources, making them environmentally friendly. Microsoft Azure has been 100 per cent carbon neutral since 2012.

  Covid-19 recovery

  Like most other businesses, our business operation was interrupted as part of the Covid-19 pandemic in March 2020 albeit relatively minimally. Through our implemented risk management processes, we ensured that any impact to our business and customers was minimal. Our agile way of working (including well established and embedded remote working processes and culture) ensured the delivery and quality of our product and services remained relatively unaffected. Steps taken in achieving this included a review of our employee roles and responsibility matrix, to ensure adequate coverage in the instances that team members fell ill. We over resourced strategic projects to ensure effective knowledge sharing and resilience and also ensured a degree of staffing buffer across all projects. We updated customer installation and training documentation to facilitate remote installs and training delivery to ensure that customer commitments could still be honoured and delivered in lieu of physical access being permitted to customer sites. We reinforced government guidelines to protect the health an safety of employees and ensured all scheduled team and customer meetings/interactions were remotely held.

  Tackling economic inequality

  s part of specified contracts Black Rainbow offers to visit schools in economically challenged areas to support educational initiatives and offer career guidance for careers in the software industry. Black Rainbow provides accessibility themes and functionality within NIMBUS ensuring that it is accessible and comfortably usable by as many people as possible, reducing barriers to employment and health inequalities.

  Equal opportunity

  Black Rainbow takes its responsibility to nurture talent and help individuals fulfil their potential seriously in all aspects of its HR activities. We have a fair and equal pay policy that includes a commitment to supporting well above the Living Wage. We promote equality of opportunity and develop a workforce, which reflects the population of the countries in which we operate such as age, gender, religion or belief, race, sexual orientation and disability.

  Wellbeing

  We do not have any zero-hour contract employees. We encourage flexible working (including for example practices such as flexitime and career breaks) and encourage family friendly working and wider work life balance practices. We fully support progressive workforce engagement, such as Trade Union recognition and representation where possible, and encourage all staff to use and contribute with an effective voice in a safe and supportive environment.

Pricing

• Price: £750 to £2,400 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ops@blackrainbow.com. Tell them what format you need. It will help if you say what assistive technology you use.