Riskaware Ltd.

UrbanAware

UrbanAware is a next-generation CBRN/ HazMat Information Management (IM) tool for the military and emergency response users. It's component parts provide advanced decision support within emergency civil response and defence intelligence.

Features

• Leverages the latest developments in cloud computing & MSaaS
• Underpinned by Dstl's HASP Suite CBRN hazard modelling capabilities
• Automated cordon placement advice based on predicted hazard effects
• Indoor and outdoor dispersion forecasting
• Key asset identification and tracking
• Evacuation route planning
• Dynamic population density for accurate casualty estimates
• High-resolution satellite imagery to improve situational awareness

Benefits

• Flexible and cost-effective subscriptions to fit specific user needs
• Secure cloud hosting and local installation options
• Unparalleled decision support on both desktop and mobile apps
• Interoperability with existing GIS systems and external contaminant detection systems
• Interoperability with health monitoring systems
• Enhanced collaboration between key stakeholders
• Rapid deployment with near global coverage
• Seamless delivery and deployment

£5,000 to £100,000 a unit a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at opportunities@riskaware.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

437212231479157

Contact

Simon Agass, Business Development Director
0117 9291058
opportunities@riskaware.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: The software is currently deployed on a commercial cloud hosting service, with a local deployment used for development and testing. The deployment is scalable and customers only pay for what they need.
• System requirements: A range of service deployment options are available

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Email support. Response time Next working day
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Support levels are offered in alignment with customer needs. Technical support is provided by the Riskaware team.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: UrbanAware's user manual is provided within the platform in pdf format, as well as tool tips within the user interface. Additionally, one-to-one training can be provided on request.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data extraction can be arranged on request.
• End-of-contract process: At the end of a contract, a users' account will be removed and they will no longer have access to the system.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Support for mobile devices is available through a mobile specific application. The application has a different use case to the fully-featured desktop product for commanders. Users with mobile device are typically in the field and they require specific information to be shared with them by the commander. The mobile application has been designed with this in mind.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: Our service is customised by the Riskaware team to suit users' operational and language needs. Features can be added according to user requirements.

Scaling

• Independence of resources: Each customer would have their own deployment container with it's own dedicated resources.

Analytics

• Service usage metrics: Yes
• Metrics types: The last login of each user is tracked. Some deployments use Google Analytics for more detailed usage analysis.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: Data is hosted on the cloud, but within its own separate container. The container is not accessible outside the internal container network. Multiple roles are used to ensure each service has minimal privileges. Riskaware are a certified Cyber Essentials Plus accredited organisation.
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: The user interface allows an audit to be produced for analysing all the actions taken during an incident or training exercise. The audit can be viewed within the tool, or exported to a Microsoft Word file. Images can also be exported of a user's simulation outputs. A full copy of the user's data can be exported on request.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PNG
• Data import formats: Other

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: To be agreed via Service Level Agreement.
• Approach to resilience: Available on request.
• Outage reporting: Email alerts are sent to a list of in-house developers in the event of any down time or unexpected modelling failures. All scheduled outages have to be officially approved by the Riskaware board and users are informed.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: The bespoke nature of the service means that customers can request management and support services via email and therefore do not have direct access to such interfaces.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Essentials Plus
  • ISO 9001:2015 TickITplus

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: Riskaware has in place the ISO 9001:2015 TickITplus standards and is working towards obtaining ISO 27001.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Riskaware is a certified ISO 9001:2015 TickITplus company. All of its products and processes conform to these standards. In order to ensure these QA processes are adhered to, UrbanAware uses issue-tracking tools, such as Jira, which is used to track work against requirements and to ensure high standards of work through peer review.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Riskaware is an accredited Cyber Essentials Plus company. All of it's systems and online products have been judged by assessor to be secure. The process of obtaining this accreditation, involves tracking, monitoring and mitigating vulnerabilities by Riskaware's in house ICT Team. ; ; Additionally, the ICT team proactively monitor threats. Patches are deployed almost immediately and most of our systems are configured to automatically update. Threat information is collated from industry leading experts by the ICT team.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: The server that hosts the application has a virus scanner and a fire wall, and all network traffic to and from the server is centrally logged. Riskaware's ICT team regularly monitor new and emerging threats via government and leading industry security sites & produce a monthly report for internal awareness.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Users can report incidents via email to the Riskaware development team. All incidents will be responded to within 24 hours, with progress tracked internally using our development management software, Jira. Our incident tracking processes adhere to the ISO 9001:2015 TickITplus standards.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Wellbeing

  Fighting climate change

  UrbanAware provides detailed modelling and simulation of atmospheric pollutants and hazardous materials. This provides valuable insights that can be used to mitigate effects.

  Wellbeing

  UrbanAware provides detailed modelling and simulation of atmospheric pollutants and hazardous materials and their effects on the local population health and wellbeing. The addition of wearable devices to monitor responder wellbeing ensures preventative measures can be taken to safeguard both the emergency service teams and public alike.

Pricing

• Price: £5,000 to £100,000 a unit a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Free trial available on request as part of negotiations.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at opportunities@riskaware.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.