RISKHUB SAAS LIMITED

Riskhub Resident Hub

The Resident Hub provides residents and third-parties with essential documentation, including a Fire Risk Assessment, within a single, easily accessible portal. The Resident Hub serves as a user-friendly platform that enhances communication and transparency with residents. Users can conveniently access vital documents and obtain valuable information related to their property.

Features

• Remote Access
• Real-time Reporting
• Share documentation with residents and third parties
• Effortless data sharing
• Self-service portal
• Data confidence
• Monitor and gain insights on usage

Benefits

• Data confidence
• Easily share critical fire safety information with your residents
• Self-service portal
• 24/7 remote access
• Empower residents to stay informed
• Enhance transparency and keep residents informed.
• Provide critical information, including evacuation strategies and emergency contacts
• Ensure full transparency and accountability regarding your programme of work.
• Boost resident engagement
• Monitor and gain insights

£1 to £1,000,000 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at success@riskhub.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

384625356763797

Contact

Jasmine Pearce
020 8819 1398
success@riskhub.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: The Riskhub Client Portal can be used as an extension of the Riskhub Resident Hub. The Client Portal allows clients to track and act on property compliance performance. Inspections, such as a fire risk assessment, can also be completed using the Riskhub product suite.
• Cloud deployment model: Public cloud
• Service constraints: Occasional weekend maintenance, communicated in advance.
• System requirements: A supported version of Chrome, Edge or Firefox

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Priority 1 - All tickets will be responded to within 2 business hours and resolved within 4 business hours (after initial response).; ; Priority 2 - All tickets will be responded to within 4 business hours and resolved within 2 business days (after initial response). ; ; Priority 3 - All tickets will be responded to within 12 business hours and resolved within 7 business days (after initial response). ; ; Priority 4 - All tickets will be responded to within 24 business hours and resolved during the next release on the platform
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: All customers will have access to the Riskhub Support team, via email, phone or our CRM platform. Tickets will be worked on across a Priority 1 - Priority 4 structure. ; Priority 1 - All tickets will be responded to within 2 business hours and resolved within 4 business hours (after initial response); Priority 2 - All tickets will be responded to within 4 business hours and resolved within 2 business days (after initial response); Priority 3 - All tickets will be responded to within 12 business hours and resolved within 7 business days (after initial response); Priority 4 - All tickets will be responded to within 24 business hours and resolved during the next release on the platform ; ; Clients are not required to pay additional costs for service levels. When required, the Support team will engage the technical engineers to help troubleshoot and resolve issues. ; ; We are committed to reviewing ticket trends and identifying root causes of incidents to ensure repeat incidents do not occur.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our onboarding process ensures a seamless transition for clients onto our platform. The Customer Success team will serve as their primary point of contact throughout their onboarding journey and contract. Regular touchpoints will take place with the clients, as well as comprehensive training sessions, with our training manager, tailored to the client's needs. These sessions will run both face-to-face and virtually depending on the clients request. ; ; Clients will also gain access to our extensive Knowledge Hub, comprising of articles and instructional videos explaining our product suite. ; ; Following onboarding, clients will continue to benefit from ongoing support and guidance. Regular touchpoints with the Customer Success team will continue throughout the contract, and the team will be on hand to support with all queries.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: During off-boarding, clients will have access to the Riskhub Client Portal for an agreed period of time. All data on Riskhub can be downloaded into an excel or CSV file. The Customer Success team will work with clients to extract this information from the portal to ensure a smooth offboarding. All data is also stored on the Riskhub server for an agreed period of time following contract closure.
• End-of-contract process: At the end of the contract, if a client has opted to terminate their contract, the Customer Success team will work with the client to understand what data is required by the client. The client is then advised how to collect this data from the portal. There is no additional cost for this service. ; ; If the client requests a bespoke report from Riskhub, additional costs may be included which will be discussed on a case by case basis with the client. This would include requests such as extracting all photos related to actions from Riskhub.; ; The Customer Success team will be on-hand to support the client during their offboarding process.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Riskhub have an open API framework with the ability to link into any other system. Any changes to the API or endpoints should be directed to Riskhub and will be managed with the Riskhub user group.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: The Riskhub Platform is highly available across multiple data centres and is designed with sufficient capacity for extremely large spikes.

Analytics

• Service usage metrics: Yes
• Metrics types: Clients can request a bespoke report to track usage on the Resident Hub. This report provides an overview on who has accessed the portal and when. This available on request.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: The Resident's Portal is designed to allow residents to access information from their housing provider
• Data export formats: Other
• Other data export formats: PDF
• Data import formats: Other
• Other data import formats: None

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Riskhub shall provide the Platform to at least 99.5% uptime service availability level during normal business hours. This availability refers to an access point on Riskhub hosting provider's backbone network. It does not apply to the portion of the circuit that does not transit the hosting provider's backbone network, as the Customer is responsible for its own internet access. The Platform shall not be treated as unavailable for these purpose during the course of Maintenance Events. If availability falls below the Uptime Service Level, as agreed in the clients contract, in a given calendar month, Riskhub shall credit the Customer's account by an amount calculated as the product of the total cumulative downtime (expressed as a percentage of the total possible uptime minutes in the month concerned) and the Platform Licence Fee owed for that month (Service Credit). A Service Credit shall not be payable unless the Customer requests it within 30 Business Days of the service-affecting event(s). The maximum Service Credit allowable in a given month is limited to an amount equal to the Platform Licence Fee owed by the Customer for that month.
• Approach to resilience: Riskhub uses multi-data centre database and compute clusters in AWS for resilience, benefiting from AWS' extremely high standards for resilience.
• Outage reporting: The Riskhub Support team will send an alert to all customers and users should there be a service outage. During the outage, the team will continue to inform clients on the progress of the resolution.

Identity and authentication

• User authentication needed: No
• Access restrictions in management interfaces and support channels: The user must know details about their residence, including details from their property management company. Alternatively, the user can access the site through a QR code physically located in their building.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Riskhub uses a risk-based approach to security, following secure development principles, ensuring that vulnerabilities are patched quickly, and using respected cloud providers such as AWS and Okta for server and user management along with a fine-grained user permissions model. Riskhub conducts regular staff training sessions and performs CRB checks on all staff
• Information security policies and processes: Riskhub follows the System Security Policy, Secure Development Life Cycle, Business Continuity Plan and Business Impact Assessment. Policies are reviewed and updated at least yearly with the CTO being accountable for policies being followed.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes are code reviewed and automatically scanned, with any failures forced to be fixed before a change can be implemented. Changes are tested by both automated and manual means. All changes are tracked in a project management tool and all code changes are individually tracked in version control with all changes and all application versions stored indefinitely.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Threats are identified through code review, and regular automated scans of code, libraries, operating systems, files and applications. Logs are stored in a read-only manner for analysis for at least a month. Threats are assessed via CVEs with patches deployed depending on criticality.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Compromises are identified though comprehensive logging of events occurring on the Riskhub Platform. A potential compromise is a severity one incident and is responded to instantly.
• Incident management type: Supplier-defined controls
• Incident management approach: Riskhub has a Support team who are responsible for managing and resolving client support tickets. Users can raise incidents via our CRM platform, Hubspot. A Chat Bot is also available on our Knowledge Hub, and if an article is not available to the user, they can raise a support ticket. Users can also email or phone the support team to raise a service incident. Incident reports are provided to clients during regular Customer Success meetings. Reports can also be requested on an ad hoc basis by clients or via Riskhub's automated detection and alerting processes.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Riskhub is passionate about the environment and as part of our annual volunteering and CSR efforts, we donate to charities such as the Ocean Cleanup and Only One. We also recruit locally and encourage our employees to use public transport where possible. ; ; We have partnered with Planet Mark to gain an understanding of our carbon emissions with an aim to reduce the impact we have on the environment. ; ; We have a Electric Vehicle scheme for employees who are required to travel for their jobs.

  Tackling economic inequality

  We are committed to being a good corporate citizen in all aspects of our work. We hold ourselves accountable for the social, environmental and economic impacts we have on the people and places we affect. ; ; The London and Real Living Wages are paid as an absolute minimum to all of our staff and consultants. ; ; We encourage all employees to volunteer with our charity partners, such as local schools and educational institutions.

  Equal opportunity

  Riskhub are committed to promoting equal opportunities for all individuals, both within our organisation as well as to those living within the local communities where we work. ; ; Continuous training is offered to all employees to ensure ongoing skill development and learning. ; ; Riskhub also collaborates closely with local schools and educational institutions, actively volunteering to share our expertise and skills within the community. Committed to fostering growth and opportunity, we extend employment opportunities to individuals within the regions we serve, dedicated to developing, training and empowering everyone that we engage with.

  Wellbeing

  At Riskhub, we prioritise the health and well-being of our employees. We understand that a healthy workforce is essential for productivity and overall happiness. To ensure the well-being of our team, we promote and have implemented the following policies. ; ; We foster a supportive and inclusive workplace culture where employees feed valued, respected, and appreciated by their colleagues. We also encourage open and transparent communication channels where employees can feel comfortable discussing concerns, providing feedback, and seeking assistance if and when needed. ; ; We organise regular health, wellbeing and social events for our employees to socialise with colleagues within the work environment. We foster a supportive and inclusive work environment where employees can connect with colleagues, build relationships, and access peer support networks. ; ; Employees are also encouraged to give back to the local communities, and we partake in regular and in-person volunteering activities each month, including volunteering at childrens charities, working with environmental charities and engaging in gardening days, and working with homeless shelters to provide food to those in need.

Pricing

• Price: £1 to £1,000,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Riskhub are committed to working with clients to ensure the product is correct for them. We will run a pilot with clients on the service to test out the compliance software with a handful of properties. This will be reviewed on a case by case basis.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at success@riskhub.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.