F-24 UK Limited

FACT24

FACT24 is designed to help users prevent, manage and analyse critical situations through effective communications. FACT24 enables users to communicate with key stakeholders, emergency response and crisis management teams securely on mass with ease and simplicity. FACT24 ensures real time exchange of information and documents for seamless virtual crisis management.

Features

• Full-scale notification, alerting and crisis management solution
• Location and qualification-based alerting
• Crisis management dashboard as integrated communication platform
• Real-time task and document management
• Ad-hoc telephone conferencing
• Specific communication functions including shift plans, PIN prompt, conference recording
• Auditable Crisis Management Logs
• Representation of complex corporate structures
• F24 Alert! app for activating, modifying and monitoring alarms
• TrustCase app for secure communication and alarm activation

Benefits

• Automated alerting
• Flexibility in configuring messages and confirmation options
• Qualification-based alerting
• Tamper-proof documentation of all activities
• Information hotline for automatic handling of high call traffic
• Publish content from multiple devices
• Quickly manage content on the move
• Real-time auditing
• 2-Way communications
• Activate an alert anywhere via a mobile device

£498 a licence a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at office_uk@f24.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

364828013235814

Contact

John Davison
01923432715
office_uk@f24.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Implementing FACT24 for your emergency and crisis management is not a time-consuming process. Quite the contrary: It generally only takes a few days for you to have the system set up and ready for use. This is made possible by the seamless interplay between FACT24 as a software-as-a-service solution and our technical expertise on the contents of the solution. We will advise and support you until FACT24 is fully operational. The flexibility of FACT24 allows you to develop the system further. For example, you can integrate additional locations, incorporate additional use cases and use a number of different communication channels.
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our support team usually response within the hour. We can also provide 24/7 support at an additional cost.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: For support you can contact your Account Manager or alternatively you can contact our support team via telephone or email. They will aim to respond within the hour, during office hours. ; ; We can provide 24/7 support at an additional cost.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We provide differing modes of training both onsite and online depending upon the scale of the project and the customer requirements. Online user documentation is available on all services supplied.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Data can extracted in reports available in pdf or excel.; ; For employee contact information data is exported to excel.
• End-of-contract process: Prior to contract expiry notification of steps to be performed are sent out to the client reminding and explaining to them how they can download any content required for future reference. On contract expiry the system access is disabled and the process starts to purge all data in line with GDPR regulations.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile apps are scaled down versions of the desktop service. effectively enabling individuals to manager an incident on the "go", communicate securely with groups of persons and activate notifications easily and quickly.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Users can either activate notifications via a 3rd party application via the Web-services API interface and receive acknowledgements back and they can also upload contact persons and their contact details to communicate with in an emergency or incident.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Customisation is possible but not encouraged as we like to maintain a consistent shared service approach for clients

Scaling

• Independence of resources: F24 has both a ISO certified ISMS (Information Security Management System) and BCMS (Business Continuity Management System) ISO27001 and ISO22301. Comprehensive measures are in place to ensure availability. Customer data is mirrored via multiple data centres and databases, all FACT24 service systems are multi-redundant and available via different provider access lines. Additionally backups are made at regular intervals and stored across multiple EU data centres. All systems are equipped with firewalls, security zones and uninterruptible power supplies (UPS). The systems are scanned continuously for vulnerabilities, and the systems with customer access are also scanned with signature-based and heuristic virus scanners.

Analytics

• Service usage metrics: Yes
• Metrics types: Comprehensive service usage statistics featuring but not limited to number of notifications made, voice call minutes used, SMS sent, notifications acknowledged.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Via file download in excel format or other such as pdf
• Data export formats:
  • CSV
  • Other
• Other data export formats: Excel
• Data import formats:
  • CSV
  • Other
• Other data import formats: Excel

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Our sophisticated security and back-up system contains redundant structures throughout the entire process chain (locations – systems – network providers). This allows us to contractually guarantee you the following availabilities: ; ; 99.99 percent for FACT24 Alerting Service -- ; 99.50 percent for FACT24 Web Administration --; 99.50 percent for FACT24 Web Service Interface --; 99.50 percent for FACT24 Crisis Management Tool --; 99.50 percent for FACT24 Case Manager --; ; The figures above refer to the availability over the course of year.
• Approach to resilience: Information is available on individual request. To demonstrate that service provision is secure and reliable we are certified to ISO 27001 and ISO22301 .
• Outage reporting: Service outages are reported to the designated customer contact point or points via email or in some instances also by telephone. All service performance statistics are published via a public dashboard on our website.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: The electronic data processing systems are outfitted with an Identity Policy & Audit-System (“IPA”); log-in is only possible with personal identification, password and certificate. All data media containing customer information are encrypted using AES-XTS-256 (passwords and PBKDF2). VPN tunnels – likewise on the basis of IPSEC (AES-256-CBC with at least 2048bit) – are used for purposes of remote access to systems by F24 operations support staff. 2-factor authorisation processes encrypted using Transport Layer Security (at least TLS 1.2). Customer backups are also stored using AES-XTS-256 encryption. Mobile app encrypted with NaCL and XSALSA 20/20 (256-bit key) both in the database/transmission.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: Original Accredited from 09/11/2010, Latest Revision 10/11/2019
• What the ISO/IEC 27001 doesn’t cover: The scope of the Information Security Management System covers all activities for the development, operation and improvement of highly secure emergency notification and crisis management services.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: ISO 22301: Business Continuity Management System

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO27001

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All components of services are tracked and monitored through their lifetime and all changes are assessed for potential security threat in line with our ISO27001 and ISMS program.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Information about technical vulnerabilities of information systems being used shall be obtained in a timely fashion, the organisation’s exposure to such vulnerabilities are evaluated and appropriate measures taken to address the associated risk. ; ; Patches that have been classified as critical must be tested and applied immediately. All non system critical tasks are deferred until patches are in place.; ; Policy -; Immediately test of critical patches on staging system.; ; After test was successful immediately roll-out on production systems; ; This process must be done in one to two days maximum.; ; Potential threats are obtained by multiple sources, partners and subscribed industry sources.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: F24 have an established “Monitoring and Logging Policy”. ; ; Policy Highlights; ; All monitoring data must be transferred encrypted; ; All metric data must be transferred encrypted; ; Data collection endpoints need only be accessible by authorised individuals and systems; ; If SNMP is used, it must be SNMP v3 with enabled authorisation and encryption.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: F24 utilise our own services for incident management, our FACT24 ENS (Emergency Notification Service) solution for mass notifications and CIM (Crisis Incident Management) for incident logging for a fully audit compliant process for all types of incident supporting a multitude of user reports and incident reports.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Public Services Network (PSN)

Social Value

• Social Value:

  Social Value

  Covid-19 recovery

  Covid-19 recovery

  FACT24 can be used to assist organisations with how they communicate to staff, stakeholders and local community in respect of best practice and guidance relating to COVID 19 recovery plans and processes. ; ; Further details available on request.

Pricing

• Price: £498 a licence a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Schedule an individual appointment with a senior consultant from F24 and receive a live demonstration of the tool covering your specific needs. Receive your individual demo account and test FACT24 for 30 days completely free of charge.
• Link to free trial: https://www.fact24.com/en/special-pages/formulare/

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at office_uk@f24.com. Tell them what format you need. It will help if you say what assistive technology you use.