SIM Martyn's Law Manager
Martyn’s Law Manager is a toolset for venue compliance with Martyn’s Law Protect Duty in the UK. It works for both Standard and Enhanced tier venues, including public facilities, sports, education, healthcare, hospitality, and retail establishments.
Features
- Risk Assessment and Management:
- Asset Management
- Access Control and Visitor Management
- Communication and Emergency Response
- Training and Compliance Monitoring
- Incident Reporting and Investigation
- Crowd Management and Evacuation Planning
- Compliance Auditing and Documentation
- Integration with External Systems
Benefits
- Compliance with Martyn's Law Regulations
- Enhanced Security and Safety
- Improved Operational Efficiency
- Better Risk Management
- Enhanced Customer Experience
- Cost Savings
- Data-Driven Decision Making
- Competitive Advantage
Pricing
£50 to £5,000 a licence a month
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
3 4 2 7 6 3 4 8 7 7 7 9 9 7 2
Contact
Bounce Agency
Andrew Downie
Telephone: 02074917401
Email: andrew.downie@bounce-agency.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Public cloud
- Private cloud
- Service constraints
- No constraints.
- System requirements
- Uses all common browsers on desktop and mobile.
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Within 1 hour during normal working hours (9am-5.30pm).
Within 2 hours weekends. - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- WCAG 2.1 AAA
- Web chat accessibility testing
- As part of our steering group driven development, the web chat support was tested with a number of disabled people within local authorities. These tests included partially vision Impairment, deaf or hard of hearing and autism spectrum disorder.
- Onsite support
- Yes, at extra cost
- Support levels
-
We provide regular drop-in online training sessions, chat and email support at no extra cost.
We provide face-to-face support at our day rate provided,
We provide account manager support for enterprise users. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- We offer training onsite or via Teams calls. Training takes approximately 1 hour. This is followed up with user reference documentation.
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- Data repatriation will be provided free of charge (in raw text and PDF formats)
- End-of-contract process
- Data repatriation and purging / destruction of data from all servers including backups is included. Additional requirements for delivery of the data in non-standard file formats or with transformations applied will be chargeable per the standard rate card.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- The web-app version of the service is fully responsive for mobile and tablet.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AAA
- Description of service interface
- Admin level of users can customise their experience. Including protocol adjustment and adding or removing team members.
- Accessibility standards
- WCAG 2.1 AAA
- Accessibility testing
- As part of our steering group driven development, the web chat support was tested with a number of disabled people within local authorities. These tests included partially vision Impairment, deaf or hard of hearing and autism spectrum disorder.
- API
- Yes
- What users can and can't do using the API
- User can access all incident and action data.
- API documentation
- Yes
- API documentation formats
- API sandbox or test environment
- No
- Customisation available
- Yes
- Description of customisation
- The system can be customised to suit requirements. The system includes response protocols, but users can fully customise to their requirements. Team members can be added or removed. These controls are available to admin level users via a control area.
Scaling
- Independence of resources
-
The system is hosted on reliable, cloud-based, burstable, highly secure infrastructure. This means high volumes of incidents can be handled simultaneously without issue or delay.
The system will automatically scales up at busy periods as required.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Incident progress is shown through real-time dashboards for quick reference. Reports can be created at any time.
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
- Physical access control, complying with CSA CCM v3.0
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- System admins can export to Excel and CSV formats.
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
We will use commercially reasonable efforts to make each service available with a Monthly Uptime Percentage of at least 99.99%, in each case during any monthly billing cycle. In the event any of the included services do not meet the SLA, customers will be eligible to receive a Service Credit as described below.
Less than 99.99% but equal to or greater than 99.0% - 10%
Less than 99.0% but equal to or greater than 95.0% - 30%
Less than 95.0% - 100% - Approach to resilience
-
We have a business continuity plan which identifies the mission critical elements of the service and system.
Our system automatically runs workloads in different hosting locations should there be a service disruption.
The service and system is automatically backed up incase of system outage, human error or cybersecurity breaches. - Outage reporting
- We alert all users via email and external dashboard.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- 2-factor authentication
- Access restrictions in management interfaces and support channels
-
We use Identity and Access Management (IAM) policies attached to groups or roles to control access to systems and assets. Assigning privileges at the group or the role level helps to reduce the opportunity for an identity to receive or retain excessive privileges.
We incorporate the principles of least privilege and separation of duties with access permissions and authorizations. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
- 2-factor authentication
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Certificated by EY CertifyPoint
- ISO/IEC 27001 accreditation date
- 5 Nov 2019
- What the ISO/IEC 27001 doesn’t cover
- Software not covered.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- 06/11/2020
- CSA STAR certification level
- Level 4: CSA C-STAR Assessment
- What the CSA STAR doesn’t cover
- The CSA Star certification covers the infrastructure and management of all hardware. It doesn't cover our software running.
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- CSA CCM version 3.0
- Information security policies and processes
-
Our security policies align with ISO 27001.
1) Acceptable use policy (AUP)
2) Access control policy
3) Change management policy
4) Information security policy
5) Incident response (IR) policy
6) Remote access policy
7) Email/ communication policy
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- We use a secure, highly scalable, managed source control service that hosts private Git repositories. We implement workflows that include code reviews and feedback by default, and control who can make changes to specific branches.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- We use Amazon Inspector to automate security assessment and management at scale. Amazon Inspector scans for unintended network exposure, software vulnerabilities, and deviations from application security best practice.
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- We use the AWS data protection service. AWS data protection services provide encryption and key management and threat detection that continuously monitors and protects your accounts and workloads.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
We use an Incident Manager with a set of automated response plans.
These are connected to a number of monitoring tools to automatically trigger our response.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
Fighting climate changeFighting climate change
Fighting climate change
• To operate a cycle to work scheme and encourage employees to make use of it.
• To operate a flexible working policy with the aim of improving staff wellbeing and re-ducing the amount of travel our employees undertake.
• To strike a reasonable balance between in-person and online meetings to reduce the amount of travel our employees undertake.
• To continue to operate as a digital, paperless organisation.
• To continue to choose Hosting partners who conform to ISO 14001 Environmental Management System (EMS) and exclusively use renewable energy sources.
• To encourage staff, partners and suppliers to adopt green agendas.
• To continue to donate on a monthly basis to the World Land Trust, helping plant trees in deforested areas.
Pricing
- Price
- £50 to £5,000 a licence a month
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- A fully functioning trial system can be arranged by negotiation