Skip to main content

Help us improve the Digital Marketplace - send your feedback

Bounce Agency

SIM Martyn's Law Manager

Martyn’s Law Manager is a toolset for venue compliance with Martyn’s Law Protect Duty in the UK. It works for both Standard and Enhanced tier venues, including public facilities, sports, education, healthcare, hospitality, and retail establishments.

Features

  • Risk Assessment and Management:
  • Asset Management
  • Access Control and Visitor Management
  • Communication and Emergency Response
  • Training and Compliance Monitoring
  • Incident Reporting and Investigation
  • Crowd Management and Evacuation Planning
  • Compliance Auditing and Documentation
  • Integration with External Systems

Benefits

  • Compliance with Martyn's Law Regulations
  • Enhanced Security and Safety
  • Improved Operational Efficiency
  • Better Risk Management
  • Enhanced Customer Experience
  • Cost Savings
  • Data-Driven Decision Making
  • Competitive Advantage

Pricing

£50 to £5,000 a licence a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrew.downie@bounce-agency.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

3 4 2 7 6 3 4 8 7 7 7 9 9 7 2

Contact

Bounce Agency Andrew Downie
Telephone: 02074917401
Email: andrew.downie@bounce-agency.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
No constraints.
System requirements
Uses all common browsers on desktop and mobile.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 1 hour during normal working hours (9am-5.30pm).
Within 2 hours weekends.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AAA
Web chat accessibility testing
As part of our steering group driven development, the web chat support was tested with a number of disabled people within local authorities. These tests included partially vision Impairment, deaf or hard of hearing and autism spectrum disorder.
Onsite support
Yes, at extra cost
Support levels
We provide regular drop-in online training sessions, chat and email support at no extra cost.
We provide face-to-face support at our day rate provided,
We provide account manager support for enterprise users.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We offer training onsite or via Teams calls. Training takes approximately 1 hour. This is followed up with user reference documentation.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Data repatriation will be provided free of charge (in raw text and PDF formats)
End-of-contract process
Data repatriation and purging / destruction of data from all servers including backups is included. Additional requirements for delivery of the data in non-standard file formats or with transformations applied will be chargeable per the standard rate card.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The web-app version of the service is fully responsive for mobile and tablet.
Service interface
Yes
User support accessibility
WCAG 2.1 AAA
Description of service interface
Admin level of users can customise their experience. Including protocol adjustment and adding or removing team members.
Accessibility standards
WCAG 2.1 AAA
Accessibility testing
As part of our steering group driven development, the web chat support was tested with a number of disabled people within local authorities. These tests included partially vision Impairment, deaf or hard of hearing and autism spectrum disorder.
API
Yes
What users can and can't do using the API
User can access all incident and action data.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
The system can be customised to suit requirements. The system includes response protocols, but users can fully customise to their requirements. Team members can be added or removed. These controls are available to admin level users via a control area.

Scaling

Independence of resources
The system is hosted on reliable, cloud-based, burstable, highly secure infrastructure. This means high volumes of incidents can be handled simultaneously without issue or delay.
The system will automatically scales up at busy periods as required.

Analytics

Service usage metrics
Yes
Metrics types
Incident progress is shown through real-time dashboards for quick reference. Reports can be created at any time.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
System admins can export to Excel and CSV formats.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We will use commercially reasonable efforts to make each service available with a Monthly Uptime Percentage of at least 99.99%, in each case during any monthly billing cycle. In the event any of the included services do not meet the SLA, customers will be eligible to receive a Service Credit as described below.

Less than 99.99% but equal to or greater than 99.0% - 10%
Less than 99.0% but equal to or greater than 95.0% - 30%
Less than 95.0% - 100%
Approach to resilience
We have a business continuity plan which identifies the mission critical elements of the service and system.
Our system automatically runs workloads in different hosting locations should there be a service disruption.
The service and system is automatically backed up incase of system outage, human error or cybersecurity breaches.
Outage reporting
We alert all users via email and external dashboard.

Identity and authentication

User authentication needed
Yes
User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
We use Identity and Access Management (IAM) policies attached to groups or roles to control access to systems and assets. Assigning privileges at the group or the role level helps to reduce the opportunity for an identity to receive or retain excessive privileges.

We incorporate the principles of least privilege and separation of duties with access permissions and authorizations.
Access restriction testing frequency
At least every 6 months
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Certificated by EY CertifyPoint
ISO/IEC 27001 accreditation date
5 Nov 2019
What the ISO/IEC 27001 doesn’t cover
Software not covered.
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
06/11/2020
CSA STAR certification level
Level 4: CSA C-STAR Assessment
What the CSA STAR doesn’t cover
The CSA Star certification covers the infrastructure and management of all hardware. It doesn't cover our software running.
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
CSA CCM version 3.0
Information security policies and processes
Our security policies align with ISO 27001.
1) Acceptable use policy (AUP)
2) Access control policy
3) Change management policy
4) Information security policy
5) Incident response (IR) policy
6) Remote access policy
7) Email/ communication policy

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
We use a secure, highly scalable, managed source control service that hosts private Git repositories. We implement workflows that include code reviews and feedback by default, and control who can make changes to specific branches.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
We use Amazon Inspector to automate security assessment and management at scale. Amazon Inspector scans for unintended network exposure, software vulnerabilities, and deviations from application security best practice.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
We use the AWS data protection service. AWS data protection services provide encryption and key management and threat detection that continuously monitors and protects your accounts and workloads.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
We use an Incident Manager with a set of automated response plans.
These are connected to a number of monitoring tools to automatically trigger our response.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

Fighting climate change

Fighting climate change

Fighting climate change

• To operate a cycle to work scheme and encourage employees to make use of it.
• To operate a flexible working policy with the aim of improving staff wellbeing and re-ducing the amount of travel our employees undertake.
• To strike a reasonable balance between in-person and online meetings to reduce the amount of travel our employees undertake.
• To continue to operate as a digital, paperless organisation.
• To continue to choose Hosting partners who conform to ISO 14001 Environmental Management System (EMS) and exclusively use renewable energy sources.
• To encourage staff, partners and suppliers to adopt green agendas.
• To continue to donate on a monthly basis to the World Land Trust, helping plant trees in deforested areas.

Pricing

Price
£50 to £5,000 a licence a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
A fully functioning trial system can be arranged by negotiation

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrew.downie@bounce-agency.com. Tell them what format you need. It will help if you say what assistive technology you use.