Firewood Ltd

FAST

FAST™ is an application that provides users with best practice tools and techniques for managing and conducting assurance reviews. Users can create reviews, track progress, develop findings, assign tasks, and generate comprehensive reports. FAST™ simplifies assurance management with user-friendly interfaces, and works to optimise accountability and transparency in every review.

Features

• Tailored Assurance Reviews: Industry frameworks tailored for organisational requirements.
• Assurance Review Assignment and Tracking: Assigns tasks and tracks progress.
• Document Management: Centralises documents ensuring easy access and trackability.
• Automated Reminders: Sends automated reminders for upcoming deadlines.
• Comprehensive Reporting: Generates detailed reports on assurance activities.
• User Access Controls: Implements role-based access controls.
• Real-time Collaboration: Facilitates collaboration among team members.
• Scalability and Flexibility: Application scales according to needs.
• Customisable Dashboards and Analytics: Allows visualisation of indicators and trends.
• Data Encryption and Security Measures: Safeguards sensitive information.

Benefits

• Efficiency Enhancement: Reduces effort and time spent on assurance tasks.
• Improved Compliance: Adheres to industry standards and best practices.
• Enhanced Communication: Facilitates coordination across departments and teams.
• Increased Transparency: Provides stakeholders with clear visibility into assurance activities.
• Greater Accountability: Reduces the likelihood of overlooked responsibilities.
• Flexibility and Scalability: Accommodates an organisations changing needs.
• Risk Mitigation: Allows compliance monitoring for assurance reviews.
• Cost Savings: Provides efficiency gains, and reduced manual effort.
• Enhanced Decision-Making: Dashboards and analytics provide insights and metrics.
• Stakeholder management: Improved stakeholder communication and involvement in assurance process.

£400 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at flora.nyisztor@firewoodltd.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

297353183115313

Contact

Flora Nyisztor
07715572361
flora.nyisztor@firewoodltd.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: The FAST™ application is upgraded regularly as bug fixes and new functionality become available. FAST™ client administrators are notified in advance of any changes to their applications. Firewood™ produces two types of releases:; • Major release: A major release includes bug fixes, minor enhancements, and major changes or additions. ; • Maintenance release: This is a regular application update that includes bug fixes for application bugs that have been discovered or reported. A maintenance release may include smaller enhancements with limited impact. ; Please note all application procedures are carried out at scheduled times to limit the impact on the user.
• System requirements: Up-to date web browser with Javascript enabled.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We ensure timely support within a 24/7 timeframe and an alert mechanism. This commitment demonstrates our responsiveness to user needs, fosters trust, and enhances the overall user experience. Swift assistance can resolve issues promptly, preventing disruptions to our clients' operations and ensuring they maximise the application's benefits. By prioritising rapid support, we underscore our dedication to customer success, reinforcing our reputation as a reliable partner in delivering dependable solutions for assurance-related tasks.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: At present, we are in the early stages of developing a web chat feature. We will aim to comply with WCAG 2.1 A.
• Web chat accessibility testing: At present, we are in the early stages of developing a web chat feature. We will test with assistive technology users.
• Onsite support: No
• Support levels: Our FAST™ application offers a comprehensive support framework with two distinct levels: client support, and technical account manager support. This two-tiered approach ensures that our clients receive high-quality assistance tailored to their specific needs, whether they require basic troubleshooting, personalised account management, or expert technical guidance, including cloud support. Customer support is included in the subscription price. There are no additional costs for customer support.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We assist users in getting started with our service through a variety of resources tailored to their preferences and needs. This includes offering onsite training, online training, and comprehensive user documentation. ; ; Here's how we support users in adopting our service:; ; 1. Onsite Training: For organisations seeking hands-on guidance and personalised instruction, we offer onsite training sessions conducted by experienced trainers. These sessions can be customised to focus on specific features, workflows, and best practices relevant to the organisation's objectives.; ; 2. Online Training: We provide online training resources such as webinars, and one-to-one tutorials. These resources offer flexibility and convenience, allowing users to learn at their own pace and revisit topics as needed.; ; 3. User Documentation: Our service includes a user guide, FAQs, troubleshooting tips, and step-by-step instructions. The user guide serves as a valuable resource for users at all skill levels, enabling them to quickly find answers to their questions and resolve issues independently.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: At the end of the contract, we prioritise the seamless extraction of user data. Users have multiple options to extract their data:; ; 1. Self-Service Data Export: We provide users with tools and interfaces within the platform to export their data independently in either .csv or .xlsx formats, which are compatible with popular data analysis tools.; ; 2. Assistance from Support Team: Our dedicated support team is available to assist users throughout the data extraction process. Users can reach out for guidance, troubleshooting, or to request customised data exports tailored to their specific requirements.; ; 3. Data Migration Services: For users who prefer a hands-off approach, we offer data migration services facilitated by our experienced technical team.; ; 4. Data Retention Policy: Prior to the end of the contract, users are informed about our data retention policies and timelines. This ensures that users have ample time to extract their data before it is securely archived or deleted in accordance with the terms of the contract and relevant data protection regulations.
• End-of-contract process: At the end of a FAST contract:; ; • Subscriptions automatically renew annually unless cancelled before the renewal date.; ; • To cancel or modify your subscription, please contact our customer support team at least 30 days before the renewal date.; ; Included in the price:; ; • Core products or services specified in the contract.; • Basic support or maintenance.; • Standard deliverables outlined in the agreement.; • Any agreed-upon warranties or guarantees.; ; Additional costs may include:; ; • Customisations or modifications beyond the scope of the original agreement.; • Extra services not specified in the contract.; • Penalties for late payments or breaches of contract terms.; • Upgrades or optional features not included in the base price.; • Training fees.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: The service interface is comprised of three sections: a navigation bar for the assurance project, a navigation bar for an application specific module called 'Review', and a main application subsection where the users’ content and data is displayed. The interface is designed to showcase the 'Review' element of the assurance process as that is the most visited section of an assurance process hence its own navigation bar.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: To ensure our application is accessible, we've committed to rigorous testing using assistive technology, aligning with WCAG 2.1 A standards. We employed automated accessibility tools to identify and correct issues, such as navigation challenges and non-compliant content. Regular testing with assistive technology is a crucial part of our ongoing commitment to accessibility.
• API: No
• Customisation available: Yes
• Description of customisation: The customisable features include:; ; • User Interface: Users can choose different colour schemes, upload logos and adjust font sizes to enhance their visual experience.; • Notifications: Users have the option to set their preferences for receiving alerts and updates, which can be delivered via email, SMS, or directly through app notifications.; • Data Dashboards: Users can configure dashboards to focus on specific metrics and reports that are most relevant to their roles and responsibilities.; • Workflow Settings: Users can customise workflows and processes, such as approvals and tasks, to better align with organisational requirements.; • Customisation is facilitated through a user-friendly 'Settings' menu within our application. This menu includes intuitive guides and a preview feature that allows users to apply changes easily and see them in real time.; ; The ability to customise settings is tiered by user type to ensure both flexibility and control:; ; • End Users can personalise their interface and notification settings to their liking.; • Administrators are equipped to manage more extensive settings like workflows, data access permissions, and to set up dashboard templates for their teams.; • We will work with your developers to create deeper custom integrations and functionalities specific to your organisational needs

Scaling

• Independence of resources: To guarantee consistent performance for our users, our application is hosted on AWS. We employ AWS Elastic Load Balancing to distribute incoming user traffic evenly across multiple servers. Furthermore, AWS Auto Scaling is in place to dynamically adapt the number of active servers according to current traffic conditions. This strategy ensures efficient load management and optimal service responsiveness, ensuring that the performance for any individual user remains stable, unaffected by changes in overall user demand. Hosting on AWS also provides additional advantages such as enhanced scalability, robust security features, and high reliability due to AWS's global infrastructure.

Analytics

• Service usage metrics: Yes
• Metrics types: Our service metrics encompass the following categories:; ; Usage Metrics: These metrics track the number of active users, active projects, and active reviews within our application.; ; Uptime/Availability: This metric measures the percentage of time our application remains available and fully operational.; ; Incident Response and Resolution Time: This involves the time our support team takes to respond to user-reported incidents and the duration required to resolve these incidents.; ; Security Metrics: We monitor the number of security incidents, identify, and patch vulnerabilities, and ensure compliance with relevant security standards and regulations.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users can export their data through the integrated widgets in our application, designed to support data portability in a user-friendly manner. These widgets enable users to download their information in either .csv or .xlsx formats, which are compatible with popular data analysis tools. This functionality is aimed at enhancing user autonomy by offering a simple and effective mechanism for transferring their data.
• Data export formats:
  • CSV
  • Other
• Other data export formats: XLSX
• Data import formats: Other
• Other data import formats: None

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: Our services are hosted on AWS cloud solutions. AWS RDS are used for storing and accesing client data, this is protected by a VPN which is governed by an access control list comprising of the client and IPs.
• Data protection within supplier network: Other
• Other protection within supplier network: We are in the early-stages of configuring our own Microsoft OneDrive EcoSystem to establish a VPN governed by an access control list comprising of our devices within our company's network.

Availability and resilience

• Guaranteed availability: Our commitment to availability is outlined in our Service Definition document: ; ; Service Commitment: We ensure that the Service remains accessible for 99% of the time within any calendar month. ; ; Service Constraints: Include maintenance windows and customisations limitations. Periodic maintenance windows are scheduled for updates, upgrades, and system enhancements. To minimise disruption, maintenance is announced at least 48 hours in advance and conducted during off-peak hours. ; ; Compensation measures for any shortfalls are outlined in the Pricing document: ; ; Compensation: If we fail to meet our service commitment, we provide service credits to affected customer accounts in the application. ; ; Claims Process: Customers can follow the procedures outlined in our Pricing document to claim service credits in case of downtime.
• Approach to resilience: Available on request. The application is hosted on AWS cloud infrastructure, providing scalability, reliability, and geographic redundancy.
• Outage reporting: Reporting outages promptly and transparently is crucial for maintaining trust and credibility with our users. We report outages as follows:; ; Customer Notification: We promptly notify customers about the outage and provide updates on the situation and expected resolution time. Transparency is key during this process, so we provide detailed information about the cause of the outage, impact on users, and steps being taken to resolve the issue. Alerts are sent via email, and integrated with collaboration tools like Microsoft Teams.; ; Status Page/Real-time Dashboard: We maintain a status page or real-time dashboard where users can check the status of the application and any ongoing incidents or outages. This page provides real-time updates on the status of the application, including details about any ongoing incidents, planned maintenance, or service disruptions.; ; Post-Incident Review: After the outage has been resolved, we conduct a post-incident review to analyse the root cause, identify areas for improvement, and implement preventative measures to avoid similar outages in the future.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: To restrict access in management interfaces and support channels, we leverage AWS Identity and Access Management (IAM). This robust tool allows us to define and enforce precise access controls for individuals and groups handling application maintenance. By utilising IAM policies, we effectively manage permissions and ensure that only authorized personnel have access to sensitive interfaces and support mechanisms. This approach not only secures our management processes but also aligns with best practices for access management in cloud environments.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Our organisation strictly adheres to ISO/IEC 27001 standards and UK GDPR. We have implemented stringent security measures including access controls, encryption and secure software development practices. We are planning to apply for ISO/IEC 27001 certification in Q3 2024.
• Information security policies and processes: Our organisation strictly adheres to ISO/IEC 27001 standards and UK GDPR. We have implemented stringent security measures including access controls, encryption and secure software development practices. ; ; Our reporting structure is as follows: ; ; - Technical team reports to Security Analyst; - Security Analyst reports to Board designate; ; To ensure policies are followed, we conduct audits, both internal and by third parties. These audits are complemented by continuous monitoring of our IT infrastructure, using advanced tools to detect and respond to security incidents promptly such as AWS CloudWatch and AWS CloudTrail

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We utilise AWS-native tools like AWS Config to track configurations and changes across our entire stack, ensuring complete visibility over the resources lifecycle. For change management, we adhere to a strict protocol that leverages AWS services. All changes are proposed through an RFC and assessed for security impact using AWS's well-architected framework. The review process involves a thorough risk analysis by our internal change team, with AWS Trusted Advisor providing additional oversight. Our security team monitors deployment with AWS CloudTrail and AWS CloudWatch, ensuring any deviations are detected and addressed promptly.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We use a blend of automated tools and expert analysis to assess threats to our services. AWS Inspector and GuardDuty facilitate real-time threat assessment and detection. Our security team also conducts manual reviews. Comprehensive unit tests, alongside white-box and black-box testing involving various user scenarios, precede every deployment. We prioritise patches based on vulnerability severity and deploy them swiftly. Our knowledge of potential threats is sourced from AWS security bulletins, CVE databases, and industry forums, ensuring we stay informed and proactive in our security measures.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: To detect potential security breaches, we utilise AWS CloudTrail for comprehensive logging and AWS CloudWatch for real-time monitoring, both configured to identify unusual activities. Additionally, AWS GuardDuty is employed for its machine learning and anomaly detection capabilities. If a potential compromise is detected, our incident response team is alerted immediately. This team, available 24/7, follows a predefined plan that includes isolating affected systems, conducting thorough investigations, and mitigating damage. Our response strategy adheres to industry best practices and is regularly updated to tackle new security challenges effectively.
• Incident management type: Supplier-defined controls
• Incident management approach: Our incident management processes include predefined protocols for common security events, ensuring swift and consistent responses. Users can report incidents via report bug section within our application where they can attach evidence, this form is linked to our customer support inbox which is monitored 24/7. After resolving incidents, we provide detailed reports summarising the incident, actions taken, and outcomes. These reports are distributed to relevant stakeholders to refine our strategies and enhance future readiness.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality

  Fighting climate change

  We recognise that our environmental responsibility extends beyond our immediate operations to include practices of our partners, suppliers, clients, and communities. We are committed to minimising our carbon footprint through sustainable practices in our own operations while actively encouraging our stakeholders to support and engage in environmental protection and improvement. ; By using our assurance tool, businesses can minimise their environmental impact in several meaningful ways. As a cloud-based tool accessible from any browser with an internet connection, FAST™ eliminates the need for complex software installations. This allows businesses to continue using their existing hardware, thereby reducing the demand for new equipment, and decreasing electronic waste. Additionally, FAST™ facilitates remote collaboration, significantly cutting down on the need for commuting and, consequently, reducing transportation-related emissions. Resource efficiency and productivity are inherently linked to improved environmental stewardship and reduced environmental impacts. FAST™ provides real-time information on the progress of projects, allowing users to quickly identify and address inefficiencies. This responsiveness to real demand prevents potential project failures and resource wastage and thus allows organisations to operate in a more sustainable manner. FAST™ can also drive sustainable innovation. By providing a library of assurance frameworks that can be tailored to conduct reviews of green initiatives, FAST™ empowers businesses to explore new green practices and technologies through a proven methodology.

  Tackling economic inequality

  Our commitment to job creation is evident in our recent hiring of three new employees to accelerate the development of the FAST™ application. We promoted inclusivity by hiring two individuals at entry-level and one female at senior-level, thereby actively working to lower barriers to entry in the consulting and tech industries. We also place a strong emphasis on continuous learning and skill development. To this end, we have enrolled our new employees in training programmes that bolster both their professional growth and personal development.; As the number of active users on FAST™ increases, the scope of our work naturally expands. To address this, we plan to enlarge our development team. This will help us swiftly address any bugs or issues, continually update the application, and introduce new features. Additionally, we recognise the need to grow our customer service capabilities to promptly respond to user issues. At Firewood™, we also have a proven track record of collaborating closely with our supply chain to design, develop and refine innovative methods and tools that enhance delivery and increase productivity. FAST™ is an example of a joint effort that involved input from assurance experts in our supply chain and was refined through rigorous testing with delivery specialists. As we scale up FAST™, we will continue to work with our trusted suppliers and partners to refine and test new versions of the application. We are also looking to broaden our network to include experts in Machine Learning and AI as we develop the next version of the application, ensuring that FAST™ remains at the technological forefront. Moreover, we are committed to rigorously vetting all suppliers and partners to ensure they meet our high standards for cyber security risk management.

Pricing

• Price: £400 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We do not offer a free version of FAST™, but we provide a two-week free trial that includes our standard service and support, but we will not create customised frameworks during this period. We are willing to extend the trial period on a case by case basis.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at flora.nyisztor@firewoodltd.com. Tell them what format you need. It will help if you say what assistive technology you use.