NOTIFY TECHNOLOGY LTD

Notify Cloud & Mobile Environmental, Health & Safety Platform

Notify's Cloud & Mobile Platform helps you digitally manage your health and safety needs including

Capture incidents & Manage Investigation & Root Causation
Conduct Audits, Inspections, Checklist on the Go
Empower your team to Conducts Risk Assessments
Effortlessly Issue, manage and track Actions
Smart Dashboards & Analytics for business insights

Features

• Capture Incidents in seconds with our simple Mobile App
• Investigate Incidents, Root Causation and Assign Remedial Actions
• Powerful Form Templates to build the reports you need effortlessly
• Manage Audits, Inspections & Checklists with our Audits Mobile App
• Create and Manage Risk Assessments, Controls & Risk Scoring
• Insightful Dashboards and Analytics drive real business improvement
• Professionally branded reporting, with scoring and grading
• Help protect sensitive data with Confidential Records
• In built workflows driving automation
• Manage Environment Audits, COSHH Risk Assessments

Benefits

• Digitally transforms your Health, Safety, Environment & Safety Compliance needs​
• Highly configurable to work the way your business wants to
• Appropriate for all Sectors, Free from Jargon
• Easy to adopt, adapt and embed across your business
• Drives a positive employee culture and H&S working practices
• Positively impacting the safety, health and productivity of your business​
• Leveraging AI, automation and ESG to future proof your business
• Transform your business to a proactive and positive H&S culture
• Supports H&S Compliance towards ISO45001
• Get a rapid return on your investment

£30.00 a licence a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at guy.clack@notifytechnology.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

361236435464886

Contact

Guy Clack
0330 390 0530
guy.clack@notifytechnology.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Notify has a 99.9% uptime, with regular features & enhancements deployed and planned maintenance where we take the service off-line with minimum disruption to customers. Customers are advised in advance of any planned maintenance to the platform.
• System requirements: None, works on any internet enabled PC, Tablet/Mobile device

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Email and ticketing support available Monday to Friday 9 till 5pm.; ; Severity: Critical; Impact: Severe business disruption, unable to operate.; Response time: 30 minutes; Target resolution time: 1 hour during business hours; ; Severity: High; Impact: Major degradation of service resulting in a reduction in operability.; Response time: 2 hours; Target resolution time: 1 business day; ; Severity: Medium; Impact: Minor reduction in operability; Response Time: 4 hours; Target resolution time: 3 to 5 business days; ; Severity: Low; Impact: Single user/user group experiencing problems with no direct impact on business; Response time: 1 day; Target resolution time: 10 to 14 business days
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: No
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Available via our Notify Website - https://www.notifytechnology.com/
• Web chat accessibility testing: None
• Onsite support: Yes, at extra cost
• Support levels: Notify's UK based Customer Success & Account Management team are available Monday to Friday 9 to 5.30pm.; ; All cases, issues, or requests for change are, in the first instance, reported via our Service Desk, with a full audit trail of responses between Service Desk and our CRM system.; ; Where first line support is unable to resolve the customer query, the case is escalated to our Product Team. Here, our system experts will work to understand the customer query and diagnose the problem. Once derived, the solution is communicated, by phone and/or email, to the customer within the defined SLA's in the T&Cs.; ; Support is included within the price of the application. Onsite support/training can also be provided at an additional cost on the rare occasion it is required,
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Notify has been designed with a simple user interface, using jargon free terminology but with powerful configuration options to meets the needs of different types of businesses in different sectors.; ; As we support all business sizes, for those businesses requiring an off the shelf set of Incidents and Reports onboarding is simple, quick and embedded into your business quickly. ; ; A suite of training videos and knowledgebase articles are made available to customers, enabling them to learn aspects of the service within their own timeframes.; ; For businesses requiring more complex needs our Customer Success team are with you each step of the way with supportive on-boarding and a period of Hypercare until you've got what you need in your business and we can work with you to assess the best delivery of this via on-line training, user documentation and also on-site training if required.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Notify provides the ability to extract Incident, Audit, Risk Assessment and Action data downloads via CSV file format.; ; If the customer requires a full download including pictures, attachments etc, they should provide Notify 30 days advance notice in writing their requirements of the data they require extracting.
• End-of-contract process: If the customer is not renewing, they can use the inbuilt CSV Export functionality to export their data.; ; Depending on the complexity of their data extraction needs, Notify can provide an extract of their data, photos and attachments by written request which may incur a cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Our Notify Incident Reporting Mobile app (IOS & Android) allows a user to report an event such as near miss, injury, ill health and more to be captured in 4 simple steps. Our Incident Management Module, allows these incidents to be investigated, root causation and remedial actions applied.; ; Our Notify A&I Mobile App, helps teams conduct simple or complex Audits, Inspections or Checklist from their work or personal mobile device. The Notify Audits platform provides the ability to manage the complete view of these audits across their whole business.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: We provide an out of the box Environmental, Health & Safety Platform but for businesses who want more personalisation, the system is highly configurable empowering customers to build their own Form Templates, Reporting Preferences, Logo and Report Branding. They can also enable report and section scoring and overall RAG grading with custom visibility rules and triggers for actions and attaching evidence items such as photos or video content.; ; Global Pick Lists and Organisation Structures can be managed to meet the needs or each customer type or segment.; ; User Permissions & Security across the application can be centrally managed by permission groups so that the right people have the right access across the system. ; ; Notify's Customer Success Team can also support on more complex customisation needs to workflows, customised email notifications and much more.

Scaling

• Independence of resources: Notify software is hosted within AWS Ireland and split into 3 availability zones. This offers a high level of availability and helps assist with our business continuity. If one zone goes down, the system will continue to operate. Systems are monitored and in the event an alert notification is triggered, members of the Notify team are notified and the appropriate action is taken to rectify the situation.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
• Other data at rest protection approach: Databases are encrypted so that data at rest is protected. The database backups are also encrypted.; RDS encryption uses the industry standard AES-256 encryption algorithm.; We utilise AWS Encryption tools to ensure that no data is written to disk in an unencrypted form. The Service Provider protects data at rest in line with the requirements of SSAE-16 / ISAE 3402.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Authorised users can export their Incident, Audit, Risk or Action Data to a CSV file.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Incident, Audits, Risk Reports can be exported to PDF individually
  • We provide a Bulk Incident Export feature (JSON file format)
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Databases are encrypted so that data at rest is protected. The database backups are also encrypted.; RDS encryption uses the industry standard AES-256 encryption algorithm.; The service provider (AWS) employs encryption to ensure that no data is written to disk in an unencrypted form. The Service Provider protects data at rest in line with the requirements of SSAE-16 / ISAE 3402.

Availability and resilience

• Guaranteed availability: Notify shall use its reasonable endeavours to make the Hosted Services available on a 99.9% basis, measured each calendar month. This target uptime excludes downtime during maintenance.; ; For further information please refer to our End User Service and Maintenance Agreement - https://www.notifytechnology.com/wp-content/uploads/2020/12/Terms-and-Conditions-inc-Schedules.pdf
• Approach to resilience: Notify software is hosted within AWS Ireland and split into 3 availability zones. This offers a high level of availability and helps assist with our business continuity. If one zone goes down, the system will continue to operate. Systems are monitored and in the event an alert notification is triggered, members of the Notify team are notified and the appropriate action is taken to rectify the situation.
• Outage reporting: Notify will directly notify our customers via email and where relevant contact by phone in the unlikely situation that the Cloud service is unavailable.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: We currently support single sign on with Microsoft Azure and Okta.
• Access restrictions in management interfaces and support channels: Role based access is used so that only authorised users are given access to the infrastructure they need. MFA is also used too where possible to protect access. ; Senior management sign off on changes to access.
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials
• Information security policies and processes: Our approach to cybersecurity is:; • Customised to our unique requirements, but takes into account industry-accepted good practice. These are documented, reviewed and updated on a regular basis.; •We carry out annual Penetration Testing with a CREST Accredited 3rd Party.; • Focused on a combination of people, process and technological measures to ensure we have a defence-in-depth approach to security that corresponds with the level of risk we face.; •All our external partners and staff are expected to be part of our security mission and comply with our company policies.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: - We carry out annual Penetration Testing with CREST Accredited 3rd Party providers.; - We carry out internal assessments of our security against Top 10 OWASP vulnerabilities.; - Our hosting partner AWS stores all of our product data, we engage with them using​ t​he Shared Responsibility Model​ for security and compliance. -
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerability scans are performed on a regular basis against the web servers to validate no vulnerabilities exist. Our servers are protected using TrendMicro's Deep Security with automatic updates applied and scheduled scans configured.; ; Security patches are applied on a monthly basis but if ad Hoc patches are required these are applied first into our test environment and then into our production systems.; ; We run our own internal scans against OWASP Top 10 vulnerabilities. We are also audited annually by a 3rd party CREST Accredited PEN Test Professionals to scan and identify any vulnerabilities in our Web and Mobile Applications.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use a number of tools across our solution to proactively monitor our system and supporting infrastructure. These are sent to the relevant team to be investigate further. Security events are investigate as a priority and escalated as required.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents are centrally recorded, and appropriate management measures, including escalation and notification procedures are in place.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Our platform allows the simple reporting of all environmental incidents to be reported in moments, enabling a rapid response.; Environmental checklist audits are easily created to provide due diligence within the working environment.; Environmental Risk Management documentation can be undertaken with risks managed and residual risks assessed
• Covid-19 recovery:

  Covid-19 recovery

  The Notify platform has been used as a tool across many organisations to prepare their colleagues for returning to work - enabling people to report illness, assess workplace safety measures and report wellbeing incidents which have been on the increase over the past two years due to lockdown
• Wellbeing:

  Wellbeing

  The Notify platform enables the reporting of all incidents of wellbeing, whether by the impacted person themselves or a concerned colleague. Many HR functions have utilised the audits and inspections apps to undertake wellbeing health checks

Pricing

• Price: £30.00 a licence a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We provide a 14 day trial period for a choice of the of following modules.; ; - Incident Management; - Audits & Inspections; - Risk Management; ; This excludes access to our H&S Dashboards.
• Link to free trial: https://www.notifytechnology.com/get-notify-free/

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at guy.clack@notifytechnology.com. Tell them what format you need. It will help if you say what assistive technology you use.