RISKHUB SAAS LIMITED

Riskhub Assets App

The Riskhub Assets App allows users to complete custom or bespoke Asset inspections, such as a fire door compliance inspection, on site and on the go. An Asset can be tagged and inspected, following which remedial actions will be raised and recorded on the Riskhub Client Portal for completion.

Features

• Remote Access
• Single platform to tag and inspect assets within a property
• Simplicity and accuracy
• Real-time reporting
• Audit trail of previous inspections
• API Integration
• Golden Thread of Compliance
• End-to-end visibility of the programme and remedial works

Benefits

• Remote Access
• Complete an inspection on-site on the go
• View properties that are due for inspection
• Unified approach to compliance management
• Efficient process management
• Ensure property compliance
• Golden Thread of Compliance
• Tag and complete multiple asset inspections within a property
• Opportunity for API integration with external systems
• Upload standard or bespoke question set for the asset inspection

£1 to £1,000,000 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at success@riskhub.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

454200943072663

Contact

Jasmine Pearce
020 8819 1398
success@riskhub.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: The Riskhub Client Portal, allowing Housing Providers to manage the end-to-end workflow and action management process. They gain real-time access and visibility of the compliance per property and can assign remedial actions to contractors to complete and close.
• Cloud deployment model: Public cloud
• Service constraints: Available in the Google Play Store and iOS App Store for all supported Android and iOS versions.
• System requirements:
  • Supported version of Android or iOS
  • Sufficent storage for the building information

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Priority 1 - All tickets will be responded to within 2 business hours and resolved within 4 business hours (after initial response) ; ; Priority 2 - All tickets will be responded to within 4 business hours and resolved within 2 business days (after initial response) ; ; Priority 3 - All tickets will be responded to within 12 business hours and resolved within 7 business days (after initial response) ; ; Priority 4 - All tickets will be responded to within 24 business hours and resolved during the next release on the platform
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: All customers will have access to the Riskhub Support team, via email, phone or our CRM platform. Tickets will be worked on across a Priority 1 - Priority 4 structure. ; Priority 1 - All tickets will be responded to within 2 business hours and resolved within 4 business hours (after initial response). ; Priority 2 - All tickets will be responded to within 4 business hours and resolved within 2 business days (after initial response). ; Priority 3 - All tickets will be responded to within 12 business hours and resolved within 7 business days (after initial response). ; Priority 4 - All tickets will be responded to within 24 business hours and resolved during the next release on the platform Clients are not required to pay additional costs for service levels. When required, the Support team will engage the technical engineers to help troubleshoot and resolve issues. We are committed to reviewing ticket trends and identifying root causes of incidents to ensure repeat incidents do not occur.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our onboarding process ensures a seamless transition for clients onto our platform. The Customer Success team will serve as their primary point of contact throughout their onboarding journey and contract. Regular touchpoints will take place with the clients, as well as comprehensive training sessions, with our training manager, tailored to the client's needs. These sessions will run both face-to-face and virtually depending on the clients request. Clients will also gain access to our extensive Knowledge Hub, comprising of articles and instructional videos explaining our product suite. Following onboarding, clients will continue to benefit from ongoing support and guidance. Regular touchpoints with the Customer Success team will continue throughout the contract, and the team will be on hand to support with all queries.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: During off-boarding, clients will have access to the Riskhub Client Portal for an agreed period of time. All data on Riskhub can be downloaded into an excel or CSV file. The Customer Success team will work with clients to extract this information from the portal to ensure a smooth offboarding. All data is also stored on the Riskhub server for an agreed period of time following contract closure. Clients may also request bespoke reports from Riskhub, these requests will be reviewed on a case by case basis and may incur additional cost.
• End-of-contract process: At the end of the contract, if a client has opted to terminate their contract, the Customer Success team will work with the client to understand what their specific requirements and to review what data is required from the Riskhub platform. The client is then advised how to complete these tasks and when required, collect their data from the portal. There is no additional cost for this service. If the client requests a bespoke report from Riskhub, additional costs may be included which will be discussed on a case by case basis with the client. This would include requests such as extracting all photos related to actions from Riskhub.

Using the service

• Web browser interface: No
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile app solely.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Riskhub have an open API framework with the ability to link into any other system. Any changes to the API or endpoints should be directed to Riskhub and will be managed with the Riskhub user group.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Riskhub is an adaptable system that can be developed to suit the clients needs or requirements in line with the Riskhub user group.

Scaling

• Independence of resources: The Riskhub Assets App operates on the users local device. Data is rarely required from the Riskhub Platform to operate the app and at such times the Riskhub Platform is highly available across multiple data centres and is designed with sufficient capacity for extremely large spikes.

Analytics

• Service usage metrics: Yes
• Metrics types: A 'staff activity report' is available to clients. This provides an overview to the client of who has accessed Riskhub and when the last logged in. This can be requested by the client at any point.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data within Riskhub can be exported as a CSV or Excel document. Users can download a full export or a custom export based on filtering within the portal. Full Fire Risk Assessments can be downloaded as a PDF from Riskhub. This is branded with the Clients and Service Providers logo.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • Excel
• Data import formats: Other
• Other data import formats: None

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Riskhub shall provide the Platform to at least a 99.5% uptime service availability level (Uptime Service Level) during Normal Business Hours. This availability refers to an access point on Riskhub hosting provider's backbone network. It does not apply to the portion of the circuit that does not transit the hosting provider's backbone network, as the Customer is responsible for its own internet access. The Platform shall not be treated as unavailable for these purpose during the course of Maintenance Events as described in the clients bespoke contract, Customer-caused or third party-caused outages or disruptions (except to the extent that such outages or disruptions are caused by those duly authorised third parties sub-contracted by Riskhub to perform the Services), or outages or disruptions attributable in whole or in part to force majeure events within the meaning of clause 11.
• Approach to resilience: Riskhub uses multi-data centre database and compute clusters in AWS for resilience, benefiting from AWS' extremely high standards for resilience.
• Outage reporting: Should the Riskhub Assets App experience any outages, the Support team will be in touch with all end-users to initially inform them of the outage and then to keep all clients updated on the progress of remedial works. The Customer Success team can also be contacted to keep clients informed on outages.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: The user must be logged in using their normal username and credentials.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Riskhub uses a risk-based approach to security, following secure development principles, ensuring that vulnerabilities are patched quickly, and using respected cloud providers such as AWS and Okta for server and user management along with a fine-grained user permissions model. Riskhub conducts regular staff training sessions and performs CRB checks on all staff
• Information security policies and processes: Riskhub follows the System Security Policy, Secure Development Life Cycle, Business Continuity Plan and Business Impact Assessment.; ; Policies are reviewed and updated at least yearly with the CTO being accountable for policies being followed.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes are code reviewed and automatically scanned, with any failures forced to be fixed before a change can be implemented. Changes are tested by both automated and manual means. All changes are tracked in a project management tool and all code changes are individually tracked in version control with all changes and all application versions stored indefinitely.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Threats are identified through code review, and regular automated scans of code, libraries, operating systems, files and applications. Logs are stored in a read-only manner for analysis for at least a month.; ; Threats are assessed via CVEs with patches deployed depending on criticality.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Compromises are identified though comprehensive logging of events occurring on the Riskhub Platform. A potential compromise is a severity one incident and is responded to instantly.
• Incident management type: Supplier-defined controls
• Incident management approach: Riskhub has a Support team who are responsible for managing and resolving client support tickets. Users can raise incidents via our CRM platform, Hubspot. A Chat Bot is also available on our Knowledge Hub, and if an article is not available to the user, they can raise a support ticket. Users can also email or phone the support team to raise a service incident. Incident reports are provided to clients during regular Customer Success meetings. Reports can also be requested on an ad hoc basis by clients or via Riskhub's automated detection and alerting processes.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Riskhub is passionate about the environment and as part of our annual volunteering and CSR efforts, we donate to charities such as the Ocean Cleanup and Only One. We also recruit locally and encourage our employees to use public transport where possible. We have partnered with Planet Mark to gain an understanding of our carbon emissions with an aim to reduce the impact we have on the environment. We have a Electric Vehicle scheme for employees who are required to travel for their jobs.

  Tackling economic inequality

  We are committed to being a good corporate citizen in all aspects of our work. We hold ourselves accountable for the social, environmental and economic impacts we have on the people and places we affect. The London and Real Living Wages are paid as an absolute minimum to all of our staff and consultants. We encourage all employees to volunteer with our charity partners throughout the year, such as local schools and educational institutions.; ; We offer local employment opportunities to people within our local communities, and where possible offer apprenticeship and graduate employment opportunities.

  Equal opportunity

  Riskhub is committed to promoting equal opportunities for all individuals, both within our organisation as well as to those living within the local communities where we work. Continuous training is offered to all employees to ensure ongoing skill development and learning. Riskhub also collaborates closely with local schools and educational institutions, actively volunteering to share our expertise and skills within the community. Committed to fostering growth and opportunity, we extend employment opportunities to individuals within the regions we serve, dedicated to developing, training and empowering everyone that we engage with.

  Wellbeing

  At Riskhub, we prioritise the health and well-being of our employees. We understand that a healthy workforce is essential for productivity and overall happiness. To ensure the well-being of our team, we promote and have implemented the following policies. We foster a supportive and inclusive workplace culture where employees feed valued, respected, and appreciated by their colleagues. We also encourage open and transparent communication channels where employees can feel comfortable discussing concerns, providing feedback, and seeking assistance if and when needed. We organise regular health, wellbeing and social events for our employees to socialise with colleagues within the work environment. We foster a supportive and inclusive work environment where employees can connect with colleagues, build relationships, and access peer support networks. Employees are also encouraged to give back to the local communities, and we partake in regular and in-person volunteering activities each month, including volunteering at childrens charities, working with environmental charities and engaging in gardening days, and working with homeless shelters to provide food to those in need.

Pricing

• Price: £1 to £1,000,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Riskhub are committed to working with clients to ensure the product is correct for them. We will run a pilot with clients on the service to test out the compliance software with a handful of properties. This will be reviewed on a case by case basis.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at success@riskhub.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.