Skip to main content

Beta Help us improve the Digital Marketplace - send your feedback

SYMBIANT LTD

GRC, Risk, Audit and Compliance Management software

Symbiant is an agile AI enabled, modular, GRC platform for Risk Management Software, GRC, Audit Management Software, Compliance Software, Risk Management Systems, and audit management systems. It's modular so you can activate and customise the solutions you need. Includes action tracking, KRI, and full reporting.

Features

  • Risk Management Software
  • Audit Management Software
  • Compliance Management Software
  • Incident Management Software
  • Risk Management Systems & GRC
  • Agile GRC Software
  • Control Management Software (CSA)
  • DPIA Software
  • Audit Action Tracking Software
  • Document Management

Benefits

  • Easy to use, comprehensive and flexible, modular
  • AI enabled to reduce workload and help manage data
  • Off the shelf system that you can customise to requirements
  • link data between risk, audit, compliance and governance
  • SHE, DPIA, Due Diligence, Action Tracking
  • customise reports and forms
  • Automated notices and emails
  • Risk Registers, Working Papers, Action Tracking, Controls & Policies
  • Collaborate with colleagues
  • Single Sign-on and SAAS

Pricing

£3 to £20 a user a month

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mlong@symbiant.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

3 6 5 8 7 4 6 7 4 6 3 2 5 4 8

Contact

SYMBIANT LTD Mark Long
Telephone: 020 8895 6410
Email: mlong@symbiant.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
No
System requirements
HTML5 compatible browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
24/7/365
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
No
Support levels
Basic Support is free
Premium support options available
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Dedicated user support from a person and Video and online training
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Data can be easily exported by administrators
End-of-contract process
Client database is removed and the client data is destroyed.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Menus, dashboards, user input & view screens can be customised to show different information.
Service interface
No
User support accessibility
WCAG 2.1 AAA
API
Yes
What users can and can't do using the API
Full access via REST API
API documentation
Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
All user screens, user roles, full content and reports can be customised by administrator users

Scaling

Independence of resources
We use AWS EC2 auto scaling which gives extra resources as required.

Analytics

Service usage metrics
No

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Using the export or reporting functions
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • HTML
  • PDF
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
99% update and availability. Pro-rata time is credit back to the client if we miss this level
Approach to resilience
Information on this is available on request.
Outage reporting
A public dashboard

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication
Single Sign On
Access restrictions in management interfaces and support channels
We have a defined security policy, all management and support access is protected by Multi-factor authentication or Single Sign on using the clients Active Directory with views and privilege levels based on the users role within the business.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Description of management access authentication
Single Sign on

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Ernst and Young
ISO/IEC 27001 accreditation date
18/11/2022
What the ISO/IEC 27001 doesn’t cover
Locations outside of the data centre
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
  • ISO27001
  • Iso9001

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Security PLUS
Information security policies and processes
We have a published IT Security Policy, which is GDPR compliant and a Data Protection Policy (GDPR Compatible).
These documents provide full information and are available from our web site.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Procedures exist to provide that only authorized, tested, and documented changes are made to the system. We have a isolated testing environment to ensure all changes are fully tested before being made live.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
We perform various tests including penetration testing and vulnerability scanning. We deploy any security patches within 48 hours. Threat information is provided by the industry standard testing software.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Our servers are monitored 24/7 for any potential issues including hack attempts. If a potential security issue is discovered immediate action is taken to block the attack. Security incidents are responded to immediately.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
We have automated system to log all network events and dedicated software for users to log incidents and for them to be managed and escallated as required. All incidents have a tracking cycle to ensure the correct course of action is taken to resolve issues to a satisfactory conclusion.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery

Fighting climate change

Symbiant is an online collaborative software that reduces the need for traveling and direct meetings. Users can use the system remotely from any location with internet access.

Covid-19 recovery

Users can use the system remotely from any location with internet access. Symbiant can be accessed by users working from home

Pricing

Price
£3 to £20 a user a month
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mlong@symbiant.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.