RH Environmental Limited

RIAMS

RIAMS is an enterprise cloud document management and knowledge management platform. It's designed to digitise and centralise the administration and distribution of documents and content for internal or public use. Applications include sharing, collaboration and the consistent use of information. Users can customise content locally and integrate with other applications.

Features

• Remote access to documents and content
• Real-time document and content updating
• Centralised document administration and distribution
• Document sharing
• Email notifications and reminders
• Automated audit system
• User analytics
• Tiered user permission levels
• Document version control
• Local edits to master documents

Benefits

• Intuitive and easy to use with rapid deployment
• Better and more consistent use of information
• Improve service outcomes and resilience
• Keep in touch with user customisable notifications and reminders
• Cost efficient document distribution and knowledge management
• Easy to use search
• View older versions of documents (archives)
• Access existing content libraries or create bespoke
• Local, national and international application
• One-click automation updating multiple websites or applications

£240 to £36,888 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@rheglobal.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

344612385888166

Contact

RHE Global
0117 403 3584
info@rheglobal.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: None
• System requirements: A modern browser (Chrome, IE, Firefox, Safari)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: A response will be provided within 48 hours and there is limited service on the weekend.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Free support is provided through phone and email for subscribing organisation.; ; On-site support can be provided at extra cost. This would include half day training and hardware and/or software examination for compatibility issues.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Online training can be held for an extra cost, otherwise an over then phone walkthrough will be given for both the website and app. We also supply supportive material for implementation and advertising.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: All data submitted to your RIAMS website account can be extracted by your officers.
• End-of-contract process: Once a renewal has not been taken up your account will be deactivated at the end of your last contracted date. After this we will store data for 1 month, to allow the opportunity to gain data that might have been missed when extracting or if you would like to re-take up the subscription. After this 1 month, all data is permanently wiped.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: Logos can be added to documents on our platform, local documents can be added in place of ours and procedures can be adapted with local information.; ; Only administrators can adapt and customise content on RIAMS.

Scaling

• Independence of resources: The senior development team actively monitor the server statistics on a daily basis and report any potential infrastructure requirements to the management team at scheduled, bi-monthly software strategy meetings. API request throttling is in place to prevent a single user maliciously or accidentally initiating a DoS attack. In addition to this, our AWS server arrangements allow for single-click scaling of hardware which can be provisioned immediately using our automated configuration management (ansible). As the application grows we will investigate the use of a load balancer to reroute traffic.

Analytics

• Service usage metrics: Yes
• Metrics types: Administrators can track the usage of View Only and other Senior Users.; ; Reports can also be requested directly from RIAMS Support Staff on more in depth usage stats.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can either be downloaded from the case management page in PDF format or excel format. Data can also be exported through the API available on Enterprise plans.
• Data export formats: CSV
• Data import formats: Other
• Other data import formats: Data is submitted by reporters thorugh the app

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We outsource our servers and rely on third party SLA’s for availability. We currently use Amazon Web Services, Digital Ocean, Kingston Communications (KCom) and Helastel.; ; Contractually we do not guarantee availability unless specifically required due to factors beyond our control.; ; We have had a handful of < 1 hour service interruptions in the past 2 years.; ; Our server hosts guarantee approximately 99.9% uptime, with service credits if they fail.; ; https://aws.amazon.com/s3/sla/; ; https://www.digitalocean.com/help/policy/
• Approach to resilience: Information available on request.
• Outage reporting: Email alerts are sent to all customers concerned. Outage messages may be circulated around social media, and dashboards will fall into maintenance mode with a reason for downtime.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: We have dedicated two senior team members in sales and development who are the gatekeepers of the management and support channels. Access to administration panels for user maintenance is restricted to these key personnel.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We use industry standards to operate our data security management. This includes a named Data Security Manager and data security training provided to all Development and Sales staff that deal in customer data. RIAMS had its own data security policy which is available on request.
• Information security policies and processes: We review our information security policy annually. The whole company is registered with the IASME Cyber Essentials programme. Information Security is a standing item on the Company Management Team agenda. The information security policy is the responsibility of a Board Level Director, who receives reports from the Information Security Officer who is also supported by a Business Analyst in the Software Solutions team.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Software code and assets are tracked and versioned in Git.; ; Releases are versioned and deployed through the Jenkins Continuous integration platform allowing for one-click rollback if required.; ; Server software packages are managed with ansible which automates provisioning.; ; Any code changes are reviewed by the Senior Development team and released to the staging server for testing before being released to production.; ; Server software package changes between development machines, staging and production are all managed via ansible which ensures the environment is replicable.; ; Feature changes require approval from sales, the business analyst and senior development team before coding begins.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We assess potential threats via our automated vulnerability scanner, OpenVAS, which runs weekly. We monitor for unusual activity that may indicate a system defect being exploited. Areas of the application that involve handling of secure information are prioritised. If a third-party library is used, the development team will research the issues to assess whether there are known flaws which could affect our systems. We receive alerts from the National Cyber Security Centre regarding the latest threats which are forwarded to the development team if relevant. Patches are prioritised and tested on our staging server before released to production.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The senior development team monitor server data and statistics which shows a current and historical overview of the platform. Unusual activity (spikes or behaviour not typical to that time of day) are investigated by analysing the logs. Potential compromises can also be identified during testing on the staging server. Any issue would be raised with the development team and prioritised in the backlog before changes are made to production. In addition to manual testing, there is also some automated test-coverage across the application. Failed tests would indicate a potential flaw in the application and would be prioritised immediately.
• Incident management type: Supplier-defined controls
• Incident management approach: Dedicated support team who respond to incidents.; Incident call raised by the "incident commander" who assembles relevant people to action the incident.; Incident logged in an issue tracking system.; Post-mortem with follow up actions to help detect and mitigate similar issues in the future.; Use of a common post-mortem template so we can analyse where the majority of issues stem from. Users report incidents either through the app, or via the support page on the website. The support team then react to this and notify the incident commander.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Covid-19 recovery

  Covid-19 recovery

  RIAMS allows for services to be retained during lockdowns and can assist with remote working.

Pricing

• Price: £240 to £36,888 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We currently offer a 4-week free trial on the entire service.
• Link to free trial: Riams.org

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@rheglobal.com. Tell them what format you need. It will help if you say what assistive technology you use.