Initsys Ltd

Initsys Merlin Neon Edition

Merlin NEON edition is a system of automation, statistical analysis, and critical pathways that combine to enable any risk or plan to be scripted, tested, and reviewed It builds on the Ai from previous editions to include robotic incident handling. Comprising Incident, Audit, Compliance Modules.

Features

• Convert all Risks/Process into Actionable Scripts
• Manage Users, Responders and Volunteers
• Incident Logging/Handling/Audit and Compliance in one system
• All reporting logged, with change management.
• Geoplanning and Worldwide Capability including Time Zones.
• Responder Mapping to trace resolution.
• Trigger by app, electronic signal, human intervention, Environment.
• Automated Risk Matrix Analysis and Threat Escalation
• All Risk Monitoring
• Advanced Workflow and Automation

Benefits

• Reliably action Incidents without making mistakes
• Audit and Compliance Checks
• Manage Users/Groups and Responders (engineers/security).
• Trigger Incidents and Call Groups of Responders
• Plot Incidents on Maps and Distribute Information
• Connect to almost all CCTV, alarms, IoT devices.
• Secure Logged Communications Channel (like Whatsapp)
• Machine Learning Incident Threat Console
• Enter Multi-Media Information from Incidents
• Fully Managed Service

£450.00 a virtual machine a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at aberry@initsys.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

386688238448037

Contact

Adam Berry
08453301445
aberry@initsys.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: None
• System requirements: Requires connection to Initsys Media Gateway

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response is 24/7
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Fully tested with the main browsers and application auto readers. ; ; Logging feature tested with assisted Voice to Text applications (Application will be tested by Q4, 2022)
• Onsite support: Onsite support
• Support levels: This is a fully managed service, including 24/7 support for tickets raised as urgent or priority.; ; Plan to Script work is charged at £275 a day. ; ; Each client is assigned a technical support person.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Each delivery begins with five days of consultancy built into the managed service costs and a further six spread over a year. ; ; The system is very easy to use as the actionable scripts are built by our engineers who have experience of this work. ; ; User documentation is provided by a Wiki.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: By requesting a data dump. This is provided as a CSV file.; ; Up to six months of incident data can be downloaded on demand.
• End-of-contract process: The service is charged quarterly in advance. Continuation of service will carry forward on payment of the fee. ; ; Users can request data from the database up to six months after the last period.

Using the service

• Web browser interface: No
• Application to install: Yes
• Compatible operating systems: Other
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: App Stream is AWS application service for remote users of Initsys Merlin
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Initsys has tested the Interface with many assistive technology users in actual use of the product.
• API: Yes
• What users can and can't do using the API: The API has full two way interaction with third party databases/applications. This allows the injection of incidents/user creation/documents and comments.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: All Incidents can be customised or used "out of box". ; ; Incident colours, user details, names etc can be customised.; ; All screen layouts can be altered and remembered based on user preferences.

Scaling

• Independence of resources: The service is self scaling based on the number of incidents and users logged in.

Analytics

• Service usage metrics: Yes
• Metrics types: Response Times; Incident Status; User Status; Responder Location; Video Wall
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data can be exported in many formats and is included in the API.; ; The database can also be queried using SQL constructed by Initsys Engineers.
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats: XLS

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We guarantee a 99.999% uptime provided by three separated datacentres and two providers. ; ; We provide a per diem discount for each four hours of downtime.
• Approach to resilience: Datacentres are provided by AWS and or GCP.
• Outage reporting: Outages are reported by a public dashboard with an automatic incident report generated by GMS (Global Management System) with email after fifteen minutes of the service being unavailable and a clearance after fifteen minutes of RTN.

Identity and authentication

• User authentication needed: Yes
• User authentication: Other
• Other user authentication: Users are authenticated by use of passwordless Web3 onboarding (no seed phrases) and authentication using magic links (similar to Slack and Medium).
• Access restrictions in management interfaces and support channels: Management users are access controlled using the same passwordless blockchain security method used for day to day users with the addition of working hour login protection (auto logout), incident and ticket response as well as two personnel authentication (one user authorises the other before access is given to either).
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Other
• Description of management access authentication: Web3 passwordless access with 2 user authentication.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: FSQS (Financial Services Qualification System)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: GDPR Policy; Access control Policy which is governed by the use of IAM (Identity and access management); Security Awareness and Training Policy; Incident Response Policy; Vendor Management Policy; Password Creation and Management Policy; Data Retention and Encryption Policy

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Initsys has a fully managed change management process which is outsourced. Each release of software is logged for changes and benefits allowing rapid rollback in the event of an issue. Security implications are taken into account and signed off by the technical support team before deployment. Database and associated third party tools are included in this process.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our threat management service is outsourced. This process includes all third party and OS applications and is complete with an SLA.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We have a compliant compromise process that includes real time monitoring of users activity, login time and address and that will lock the user out pending a OTP check. ; ; If the system is compromised we immediately inform all clients.; ; Response is considered instant and is provided by a third party supplier.
• Incident management type: Supplier-defined controls
• Incident management approach: Initsys uses a third party service for compliance to threat management. Users can report an incident at any time using the ITIL ticketing system which will cause immediate notification to all senior management personnel. ; Incident reports are provided every six hours until the incident is cleared.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Police National Network (PNN)
  • Joint Academic Network (JANET)
  • Other
• Other public sector networks:
  • OSint
  • OSdata (Met Office, Home Office)

Social Value

• Fighting climate change:

  Fighting climate change

  Local Resilience uses all the tools available, including live data, historic risk and user data to provide a number of pre-built incidents that users and volunteers can respond to. Whether that is responding and providing prompts to elderly and infirm in the case of environment risk such as extreme hot weather/flooding or providing proactive warnings to councils and education about the potential for them to be involved in an environment hazard.
• Covid-19 recovery:

  Covid-19 recovery

  Local-Resilience was used by a number of public bodies to build pandemic solutions and pre-planning prior to Covid 19. This instance highlighted the need for products such as Local-Resilience where complex plans needed to be implemented quickly.
• Tackling economic inequality:

  Tackling economic inequality

  Not Applicable
• Equal opportunity:

  Equal opportunity

  Local-Resilience is a platform that can be used by everyone.
• Wellbeing:

  Wellbeing

  Local-Resilience ensures the well being of the population by giving access to plans and process that can be automatically dedicated to volunteer groups such as https://jcac.org.uk/ or local employees dedicated to the task. Any incident can be planned and managed using Local-Resilience

Pricing

• Price: £450.00 a virtual machine a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: The demo Initsys Merlin service allows the testing of basic incidents as well as incident response and testing of communications structure.; ; It requires a login .

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at aberry@initsys.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.