Initsys Merlin Neon Edition
Merlin NEON edition is a system of automation, statistical analysis, and critical pathways that combine to enable any risk or plan to be scripted, tested, and reviewed It builds on the Ai from previous editions to include robotic incident handling. Comprising Incident, Audit, Compliance Modules.
Features
- Convert all Risks/Process into Actionable Scripts
- Manage Users, Responders and Volunteers
- Incident Logging/Handling/Audit and Compliance in one system
- All reporting logged, with change management.
- Geoplanning and Worldwide Capability including Time Zones.
- Responder Mapping to trace resolution.
- Trigger by app, electronic signal, human intervention, Environment.
- Automated Risk Matrix Analysis and Threat Escalation
- All Risk Monitoring
- Advanced Workflow and Automation
Benefits
- Reliably action Incidents without making mistakes
- Audit and Compliance Checks
- Manage Users/Groups and Responders (engineers/security).
- Trigger Incidents and Call Groups of Responders
- Plot Incidents on Maps and Distribute Information
- Connect to almost all CCTV, alarms, IoT devices.
- Secure Logged Communications Channel (like Whatsapp)
- Machine Learning Incident Threat Console
- Enter Multi-Media Information from Incidents
- Fully Managed Service
Pricing
£450.00 a virtual machine a year
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
3 8 6 6 8 8 2 3 8 4 4 8 0 3 7
Contact
Initsys Ltd
Adam Berry
Telephone: 08453301445
Email: aberry@initsys.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Public cloud
- Private cloud
- Community cloud
- Hybrid cloud
- Service constraints
- None
- System requirements
- Requires connection to Initsys Media Gateway
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Response is 24/7
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), 7 days a week
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), 7 days a week
- Web chat support accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web chat accessibility testing
-
Fully tested with the main browsers and application auto readers.
Logging feature tested with assisted Voice to Text applications (Application will be tested by Q4, 2022) - Onsite support
- Onsite support
- Support levels
-
This is a fully managed service, including 24/7 support for tickets raised as urgent or priority.
Plan to Script work is charged at £275 a day.
Each client is assigned a technical support person. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Each delivery begins with five days of consultancy built into the managed service costs and a further six spread over a year.
The system is very easy to use as the actionable scripts are built by our engineers who have experience of this work.
User documentation is provided by a Wiki. - Service documentation
- Yes
- Documentation formats
-
- HTML
- ODF
- End-of-contract data extraction
-
By requesting a data dump. This is provided as a CSV file.
Up to six months of incident data can be downloaded on demand. - End-of-contract process
-
The service is charged quarterly in advance. Continuation of service will carry forward on payment of the fee.
Users can request data from the database up to six months after the last period.
Using the service
- Web browser interface
- No
- Application to install
- Yes
- Compatible operating systems
- Other
- Designed for use on mobile devices
- No
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
- App Stream is AWS application service for remote users of Initsys Merlin
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- Initsys has tested the Interface with many assistive technology users in actual use of the product.
- API
- Yes
- What users can and can't do using the API
- The API has full two way interaction with third party databases/applications. This allows the injection of incidents/user creation/documents and comments.
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
All Incidents can be customised or used "out of box".
Incident colours, user details, names etc can be customised.
All screen layouts can be altered and remembered based on user preferences.
Scaling
- Independence of resources
- The service is self scaling based on the number of incidents and users logged in.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Response Times
Incident Status
User Status
Responder Location
Video Wall - Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
-
Data can be exported in many formats and is included in the API.
The database can also be queried using SQL constructed by Initsys Engineers. - Data export formats
-
- CSV
- ODF
- Data import formats
-
- CSV
- ODF
- Other
- Other data import formats
- XLS
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
-
We guarantee a 99.999% uptime provided by three separated datacentres and two providers.
We provide a per diem discount for each four hours of downtime. - Approach to resilience
- Datacentres are provided by AWS and or GCP.
- Outage reporting
- Outages are reported by a public dashboard with an automatic incident report generated by GMS (Global Management System) with email after fifteen minutes of the service being unavailable and a clearance after fifteen minutes of RTN.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Other
- Other user authentication
- Users are authenticated by use of passwordless Web3 onboarding (no seed phrases) and authentication using magic links (similar to Slack and Medium).
- Access restrictions in management interfaces and support channels
- Management users are access controlled using the same passwordless blockchain security method used for day to day users with the addition of working hour login protection (auto logout), incident and ticket response as well as two personnel authentication (one user authorises the other before access is given to either).
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
- Other
- Description of management access authentication
- Web3 passwordless access with 2 user authentication.
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- Between 6 months and 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
- FSQS (Financial Services Qualification System)
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
GDPR Policy
Access control Policy which is governed by the use of IAM (Identity and access management)
Security Awareness and Training Policy
Incident Response Policy
Vendor Management Policy
Password Creation and Management Policy
Data Retention and Encryption Policy
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- Initsys has a fully managed change management process which is outsourced. Each release of software is logged for changes and benefits allowing rapid rollback in the event of an issue. Security implications are taken into account and signed off by the technical support team before deployment. Database and associated third party tools are included in this process.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Our threat management service is outsourced. This process includes all third party and OS applications and is complete with an SLA.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
We have a compliant compromise process that includes real time monitoring of users activity, login time and address and that will lock the user out pending a OTP check.
If the system is compromised we immediately inform all clients.
Response is considered instant and is provided by a third party supplier. - Incident management type
- Supplier-defined controls
- Incident management approach
-
Initsys uses a third party service for compliance to threat management. Users can report an incident at any time using the ITIL ticketing system which will cause immediate notification to all senior management personnel.
Incident reports are provided every six hours until the incident is cleared.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
-
- Police National Network (PNN)
- Joint Academic Network (JANET)
- Other
- Other public sector networks
-
- OSint
- OSdata (Met Office, Home Office)
Social Value
- Fighting climate change
-
Fighting climate change
Local Resilience uses all the tools available, including live data, historic risk and user data to provide a number of pre-built incidents that users and volunteers can respond to. Whether that is responding and providing prompts to elderly and infirm in the case of environment risk such as extreme hot weather/flooding or providing proactive warnings to councils and education about the potential for them to be involved in an environment hazard. - Covid-19 recovery
-
Covid-19 recovery
Local-Resilience was used by a number of public bodies to build pandemic solutions and pre-planning prior to Covid 19. This instance highlighted the need for products such as Local-Resilience where complex plans needed to be implemented quickly. - Tackling economic inequality
-
Tackling economic inequality
Not Applicable - Equal opportunity
-
Equal opportunity
Local-Resilience is a platform that can be used by everyone. - Wellbeing
-
Wellbeing
Local-Resilience ensures the well being of the population by giving access to plans and process that can be automatically dedicated to volunteer groups such as https://jcac.org.uk/ or local employees dedicated to the task. Any incident can be planned and managed using Local-Resilience
Pricing
- Price
- £450.00 a virtual machine a year
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
-
The demo Initsys Merlin service allows the testing of basic incidents as well as incident response and testing of communications structure.
It requires a login .