Black Rainbow Ltd

Black Rainbows' NIMBUS: Forensic, Investigations and Intelligence Software

NIMBUS Forensic, Investigations and Intelligence software is integrated and collaborative, managing incidents, cases, tasks, quality (ISO-17025/20), records, crime scene, disclosure, investigations and intelligence. It is highly configurable with flexible workflows, automations, searching, reporting, analytics, decision support, document control, quality audits, asset management, intelligence input and analysis.

Features

• Dynamic user experience with real time updates
• Flexible workflow builder and configuration capabilities
• Incident, tasking, action management and decision logging
• Asset, Inventory, training and document management functionalities
• Intelligence gathering, analysis, dissemination and actioning
• Third party integrations and data fusion
• Real time report building
• Compatible with mobile devices for remote working
• Fast and scalable searching

Benefits

• Rapid deployment
• Immediate operational gains and efficiencies
• Muti-team collaboration
• Full auditability
• Integrated modules
• Simple configuration and workflow building
• COTS product
• Supports real time decision making and intelligence gathering
• Real time and flexible management information
• Scalable flexible platform and for multi locations and use cases

£750 to £2,400 a user

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ops@blackrainbow.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

332635693497280

Contact

ops@blackrainbow.com
+353872335214
ops@blackrainbow.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: P1 support available 24/7 for Black Rainbow cloud hosted solutions.; Support delivered in line with Black Rainbow support and maintenance agreement. Out of standard hours support should be agreed in advance if required.
• System requirements: Available upon request

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support and maintenance agreement available upon request. Response times vary by priority level: P1: 30 minutes P2: 4 hours P3: 12 hours Changes to these standard SLA's can be agreed with individual customers if required.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Black Rainbow's standard support model is not tiered by customer status - but tiered by the priority of the issue. Support costs are included in our annual license cost and all customers are allocated a technical account manager as well as access to support@blackrainbow.com.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Black Rainbow enables customers on NIMBUS products. This enablement approach ensures customers have the ability to make configuration changes to the "out of the box" configuration to suit their specific requirements. Black Rainbow also offers end-user training in a variety of formats. User materials are also provided.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Interactive media is also provided.
• End-of-contract data extraction: Migration support and any other technical or project based support can be provided if required (at an additional cost). This may be outlined in the Exit Plan.
• End-of-contract process: Migration support and any other technical or project based support can be provided if required (at an additional cost). This may be outlined in the Exit Plan

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: N/A
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: There is an API available (not published). Buyers may contact us for additional information.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: System is highly configurable by customers.

Scaling

• Independence of resources: Customers are provided with isolated instances (single tenanted). System is performance tested to account for significant user scaling.

Analytics

• Service usage metrics: Yes
• Metrics types: The system can provide usage metrics by user (duration of usage etc).
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Application-level encryption of data
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: User can export their data simply via predefined formats
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • MS-Word.doc
  • XML
  • PDF
  • JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • MS-Word.DOC
  • XML
  • PDF
  • JSON

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: All services part of customer managed instances within dedicated virtual network cloud hosting provider.

Availability and resilience

• Guaranteed availability: 99.9% as standard. Recourse mechanisms agreed in line with SLA's.
• Approach to resilience: Available upon request
• Outage reporting: This is provided via email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication: Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: Direct access to the systems is not possible. A multifactor VPN connection is required to establish connection. Administrative access is logged. Access is restricted through user role permissions and access controls. We also integrate with Customer AD / LDAP protocols.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Centre for Assessment. UKAS-accredited body No. 0120
• ISO/IEC 27001 accreditation date: 21/06/2021
• What the ISO/IEC 27001 doesn’t cover: Black Rainbow adopts a fully remote working environment therefore the only clauses not included in our ISO/IEC 27001 certification are those relating to office premises.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Black Rainbow are Cyber Essentials Plus certified. Black Rainbow is certified to ISO/IEC 27001:2013 Training is conducted monthly and procedures and processes updated accordingly.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Configuration and change management activities are managed through our service desk. All changes are assessed for availability, integrity and security considerations Further information available upon request.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Black Rainbow conduct continuous automated vulnerability assessments. Patches to be deployed within agreed maintenance windows or unless otherwise agreed. Further information can be provided upon request.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Black Rainbow ensure all logging goes via/ assessed by our SIEM which is continuously monitored. All risks are identified and managed in line with Black Rainbow security policies and procedures, copies of which may be made available to customers upon request.
• Incident management type: Supplier-defined controls
• Incident management approach: All risks are identified and managed in line with Black Rainbow security policies and procedures, copies of which may be made available to customers upon request.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Black Rainbow works to fight climate change through: • Better orchestration of logistics and deployment of people to reduce unnecessary travel and reduce CO2 emissions. • Reduction of paper and printing consumables, waste disposal, reducing CO2 emissions and unnecessary deforestation. • Products are accessible on any existing device so no need to procure additional devices, supports reuse initiatives. • Black Rainbow IT infrastructure is fully cloud based and we encourage our customers to transition over to cloud based computing. Cloud based computing increases the use of renewable energy sources. Cloud service providers we have chosen to have created data centres that rely on renewable energy sources, making them environmentally friendly. Microsoft Azure has been 100 per cent carbon neutral since 2012.

  Covid-19 recovery

  Like most other businesses, our business operation was interrupted as part of the Covid-19 pandemic in March 2020 albeit relatively minimally. Through our implemented risk management processes, we ensured that any impact to our business and customers was minimal. Our agile way of working (including well established and embedded remote working processes and culture) ensured the delivery and quality of our product and services remained relatively unaffected. Steps taken in achieving this included a review of our employee roles and responsibility matrix, to ensure adequate coverage in the instances that team members fell ill. We over resourced strategic projects to ensure effective knowledge sharing and resilience and also ensured a degree of staffing buffer across all projects. We updated customer installation and training documentation to facilitate remote installs and training delivery to ensure that customer commitments could still be honoured and delivered in lieu of physical access being permitted to customer sites. We reinforced government guidelines to protect the health an safety of employees and ensured all scheduled team and customer meetings/interactions were remotely held.

  Tackling economic inequality

  As part of specified contracts Black Rainbow offers to visit schools in economically challenged areas to support educational initiatives and offer career guidance for careers in the software industry. BlackRainbow provides accessibility themes and functionality within NIMBUS ensuring that it is accessible and comfortably usable by as many people as possible, reducing barriers to employment and health inequalities.

  Equal opportunity

  Black Rainbow takes its responsibility to nurture talent and help individuals fulfil their potential seriously in all aspects of its HR activities. We have a fair and equal pay policy that includes a commitment to supporting well above the Living Wage. We promote equality of opportunity and develop our workforce, which reflects the population of the countries in which we operate such as age, gender, religion or belief, race, sexual orientation and disability.

  Wellbeing

  We do not have any zero-hour contract employees. We encourage flexible working (including for example practices such as flexitime and career breaks) and encourage family friendly working and wider work life balance practices. We fully support progressive workforce engagement, such as Trade Union recognition and representation where possible, and encourage all staff to use and contribute with an effective voice in a safe and supportive environment.

Pricing

• Price: £750 to £2,400 a user
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ops@blackrainbow.com. Tell them what format you need. It will help if you say what assistive technology you use.