ALERT CASCADE LIMITED

Alert Cascade Critical Communication Suite

Alert Cascade sends multi-channel alerts in seconds, with rapid, real-time feedback via live reports. Optional modules include information hotlines, automated workflows, document storage, and on call alerting. Communicate quickly, track outcomes, and recover from incidents faster, by closing the communication loop with Alert Cascade.

Features

• Resilient 1 and 2-way critical communication platform with optional add-ons
• Clean simple interface for occasional users, minimal training requirements
• Multiple communication paths: voice, SMS, email, push notification, Teams, Slack
• Targeted mass notifications via unlimited static and dynamic groups
• Simple import wizards, data syncs, and self-registration options
• Proven security, resilience, and scalability – minimum 99.999% service uptime
• Permission based access to data, modules, and individual features
• Secure incident reporting and information hotlines with unlimited capacity
• On demand conference service and secure document vault
• 24/7/365 UK based support with Alert Cascade technical experts

Benefits

• Cost effective critical communications; simple onboarding with minimal training needs
• Modular communication suite; configure to suit your specific needs
• Target recipients by skill, role, attribute, location, department, or organisation
• Reduce manual workloads (and errors) with automated alerting processes
• Mitigate impacts using actionable insights about people’s status/safety
• Leverage the same simple dashboard for multiple use cases
• Activate alerts anywhere via SMS, phone call, email, or web
• Intuitive import wizard options save hours of administrative time
• Full self-service audit capability, including assistance with DPIAs
• Ongoing account management and support from UK based experts

£1.00 to £11.00 a user a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at rachel.spencer@alertcascade.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

459115297400735

Contact

Rachel Spencer
01733 785999
rachel.spencer@alertcascade.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No - Alert Cascade is Software as a Service, meaning that users automatically connect to the latest version via an internet connection. Scheduled maintenance, security updates, and new feature releases are made available to users without any interruption to their services.
• System requirements:
  • Recipients need an SMS, Voice, Email, or Data capable device
  • Administrators need an internet enabled device
  • Senders need an internet, SMS, Voice, or Email capable device
  • Access via the internet requires an up to date browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 24/7/365 UK based email and telephone support. Response times are graded by criticality, with general questions usually being responded to within 4 hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We offer a single support plan - all customers have access to 24/7/365 customer support at no extra cost. Our UK based support staff are experts in the Alert Cascade solution suite, and work with customers across multiple sectors - they provide technical support, best practice guidance, and work with you via screenshare to help you get the best out of your service.; ; All customers have a dedicated Account Manager who will meet with you regularly via screenshare to ensure you are meeting the goals you want to achieve with Alert Cascade. They also liaise with our Product Development specialists on your behalf if needed.; ; On-site support is available from your Account Manager and/or specialist support staff, subject to extra costs as defined in our pricing documentation.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our implementation and migration teams deliver comprehensive online training to administrators and other authorised users, tailored to specific customer needs and use cases. Training sessions are broken down per role, and recorded so they can be shared internally.; ; Each Alert Cascade service provides access to the online Help and Support Centre, with detailed documentation, best practice guidelines, "how to" articles, and training videos. Our release note process includes emails to relevant users with user instructions and short training videos on new/improved features, and adding the new videos and documentation to the "Latest News" section in the Help and Support Centre.; ; Our 24/7/365 UK-based support team is available to answer questions, share our experience of "best practice", and support you in getting the best results possible.; ; Our on-site training teams and Account Managers are cleared to DBS Enhanced level and hold current security clearance to attend site at critical national infrastructure, policy, and military establishments, enabling you to benefit from our experience face to face as well as by phone, email, and web screenshare.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Alert Cascade users have the ability to download data from their service at any time during the contract period. This includes contact data, user data, message reports, message templates, audit logs, files stored in the Document Vault, and database settings and preferences. All data with the exception of Document Vault files are exported in either .csv of PDF format. Document Vault files are exported in the format used by the customer at upload.; ; Customer's can also create custom reports at any time from within the web dashboard and download these as Excel, .csv, or PDF files.
• End-of-contract process: 30 days prior to contract expiry, Alert Cascade's support team will reach out to account admins to confirm the final date that access will be available to the services, and to outline the options available for extracting data prior to this date. Upon request, the support team will also offer assistance in downloading data via a web screenshare at no additional cost. ; ; Upon contract expiry, the account is disabled and access is no longer available to customers. Disabled accounts are retained for 30 days, and then permanently purged - a certificate of data destruction is automatically provided once all data is successfully purged. ; ; Following contract expiry, no further support is available - Alert Cascade will not engage with any migration process to an alternative provider. However, such support should not be necessary given that customer admins have the requisite access to extract all data in a common human and machine-readable format prior to contract expiry.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: All Alert Cascade service features are available on any internet-enabled device, regardless of screen size. All services have been designed to be render correctly (and legibly) based on screen size rather than having a specific mobile and desktop version. ; ; Data maintenance via file may be easier to perform on a device with a larger screen size due to limitations with viewing large Excel files on mobile screens.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Secure, permission dependent, web dashboard, accessible on any internet enabled device. Q&A style wizards guide users through core tasks including message sending, telephony configuration, data maintenance, reporting, document management, and security/audit logs. Drag and drop functionality and keyboard shortcuts are fully supported in relevant modules.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: We use a range of automated and manual testing strategies, including using the Mozilla Accessibility Inspector and the accessibility features in Chrome DevTools. ; ; We have tested with a combination of screenreaders and screen magnifiers across a variety of browsers, including Chrome, Edge, Firefox, Safari, and Opera.
• API: Yes
• What users can and can't do using the API: Alert Cascade provides a RestfulAPI that allows external applications to manage contact data, create messaging groups, manage user access rights, send alerts, and collect alert outcomes. Our application-agnostic Web Services also allow customers to work with our Technical Service Team to create bespoke integrations - custom integrations are priced in line with our pricing document.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Alert Cascade is fully customisable, and our migration and implementation teams work with you to configure your initial account set up - this will include porting existing phone numbers to your Alert Cascade service, where applicable. Fields for storing and processing contact data and other contact/user information are bespoke per customer based on their specific needs and the data available in their source data system (usually an HR service). Customer-chosen default settings for data imports and message sending can be removed from screen to prevent accidental changes, or can be left accessible (permission dependant). ; ; Each service has dedicated SMS sender names, SMS sender numbers, voice call phone numbers, and email sender addresses, chosen by the customer. Security policies are configured by Alert Cascade on written instruction from appropriately authorised customer users. Distribution lists for system alerts, changes to the bespoke data fields, welcome audio for conference services, on call rotas, and merge fields are configured by the customer via the secure dashboard. Self sign-up registration pages are customised with individual URLs, branding, font, colours, logos, and content.

Scaling

• Independence of resources: Alert Cascade uses multiple geo-dispersed EU and UK data centres in mirror image hot standby mode to ensure capacity can be ramped up when required. We use multiple resilient carriers for all communication channels, allowing us to use elastic capacity and scale up and down with carriers to avoid localised demand issues and ensure speedy delivery of our services. We conduct regular load balancing tests to ensure that our infrastructure is equipped to deal with the scenario of critical incidents affecting all customers at once.

Analytics

• Service usage metrics: Yes
• Metrics types: Standard service metrics include:; • Activity log of all actions taken in the account by all users over a given timeframe; • Individual audit trail and monthly trend reports for all alerts sent, responses received, and outcomes against "Response Time" KPI set by customer; • Average delivery and response time over given period or per alert; • Usage - voice call minutes used, SMS sent, alerts sent, conference bridges initiated, document storage used; • Service uptime, time to respond, and time to fix (rolling 12 monthly); ; Additional security reports are available from the support team on request.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data exports are permission dependent for data privacy reasons. Exports are initiated via the secure web dashboard; available formats are .csv, PDF, or XLSX as standard for all accounts.; ; JSON and XML formats are available by request as a bespoke option, subject to additional pricing.; ; Customers have the option to allow contacts to manage their own data instead of managing centrally. For this use case, contacts additionally have the ability to log in and print a copy of their own data via their browser's PRINT function.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • XLSX
  • PDF
  • JSON
  • XML
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats: JSON

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Customer's are able to use our SFTP connector with built in PGP encryption to securely transmit data maintenance files to their Alert Cascade services.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Alert Cascade's redundant infrastructure design allows us to contractually agree to a service availability of 99.999% or greater, measured on a calendar quarterly basis.; ; Customers are entitled to a service credit for each month that the service level is not achieved.
• Approach to resilience: We utilise multiple geo dispersed data centres, each running in mirror image hot standby mode and able to provide the full Alert Cascade Critical Communication Suite. Dynamic routing automatically routes traffic to the most appropriate data centre to avoid localised issues. Additional information is available on request.
• Outage reporting: In the unlikely event of any outage, all affected customers are informed via email initially - initial communication is to Admins and Contract Owners (who have contractual responsibility but may not be active users of the service). ; ; Depending on the nature and/or duration of the outage, Admins and Contract Owners may also be contacted by phone call/SMS text from our 24/7/365 UK based support team.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Cryptographic controls including SSL and TLS 1.2 are used at the web interface. Data is encrypted using dual layered AES-256 i.e. at the physical hardware and database level. Access is role based, with customer's controlling the roles assigned to their users; user passwords are hashed and salted, no passwords are stored in cleartext and individual random salts are used for each password. Alert Cascade support staff can only access accounts on request, using a time limited access token that can only be generated from the fixed IPs of our designated support areas using 2FA devices physically held in those areas.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: ISO Accelerator
• ISO/IEC 27001 accreditation date: 29/01/2024
• What the ISO/IEC 27001 doesn’t cover: N/A - the scope of our ISO27001 accreditation covers all of our business operations.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: NHS DPST

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials Plus; NHS Data Security and Protection Toolkit (NHS DSPT)
• Information security policies and processes: As per ISO27001 and Cyber Essentials Plus requirements at a minimum. We are accredited to both standards for all business operations and regularly audited as part of this. We also hold "standards exceeded" rating for NHS DSPT. ; ; Due to the global nature of our business, our operational security practices are also generally compliant with NIST SP 800-53 but not formally accredited.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Our change management process is mandated by our Secure Software Development Lifecycle suite of policies, which is ISO 27034 compliant. We routinely run application scans in line with OWASP on all development and staging environments prior to deployment, the results of which require documented IS team sign off prior to deployment in the production environment. ; ; We carry out the following tests:; • Manual code review; • Manual interface testing; • Static Application Security Testing (SAST); • Dynamic Application Security Testing (DAST); ; Software releases are made every 2 - 3 weeks on average
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Within our application, we use a static code analysis tool to ensure any application and infrastructure level vulnerabilities are promptly addressed. We are also subscribed to all supplier release notes and additionally scrape vendor pages daily to check for early notifications. Patch management within the application and its associated infrastructure is prioritised based on the severity of the vulnerability the patch addresses, using CVSS 3 wherever possible. Critical - within 24 hours, High - within 72 hours, Medium - within 14 days, Low - within 28 days, None - when possible.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We run firewalls protecting the server environment with Intrusion Detection System software installed preventing unauthorised access to the secure network. Each server site is protected by the combination of a firewall and a demilitarised zone to defend against various denial of service and automated web-based attacks. ; ; System logs are transmitted to our log management service, which is reviewed on a regular basis by our internal teams. If the monitoring detects anything unusual or suspicious i.e. outside of normal operating patterns, an auto alert is generated to our on call team for immediate investigation.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We have a documented IMP in place which is reviewed quarterly, with at least annual testing. The IMP includes a defined escalation matrix, including details of the incident response team, each with defined roles and responsibilities. Users can individually report incidents via our support ticket process, via email, or via phone call, and our monitoring tools also auto create incidents where appropriate. Incident information and regular updates are automatically shared with customer admins and named Contract Owners until the incident is resolved, and post incident wash ups are also provided where appropriate.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity

  Fighting climate change

  We maintain an Environmental Management System (EMS) that is compliant with ISO14001 and are aiming to achieve accreditation within the next 18 months.; ; As a SaaS company, our largest potential impact is via our data centre usage. We review our class 3 emissions and mitigate where possible - we use AWS as our hosting partner, and as part of this are able to view our emissions profile based on our usage in order to aid with reporting. AWS's sustainability information is publically available: https://sustainability.aboutamazon.com/; ; We operate a remote first methodology for all external meetings, and give due consideration to environmental issues (such as biodiversity) and energy performance in the acquisition, design, refurbishment, location, and use of buildings.; ; In all office environments, we have installed self-closing taps and where we have older WCs, have installed water hippos and have replaced older uncontrolled urinals with waterless urinals. We carry out regular maintenance to ensure water is not being lost to leaks. In terms of energy conservation, we use energy-saving bulbs with light sensors to ensure lights are not left on by mistake. Operating a paperless office means that we have also reduced our energy consumption on items such as photocopiers and printers. One of our office locations uses solar panels as part of our micro-generation project.

  Covid-19 recovery

  Throughout the COVID-19 pandemic, Alert Cascade was deployed on a daily basis by organisations worldwide to keep their businesses operating whilst protecting their staff safety. During the initial onset and subsequent waves of COVID, message volumes peaked (particularly for our NHS customers who were managing staff and equipment shortages alongside high patient numbers and IT outages). During our busiest times we were contacting over 718,000 people an hour within the UK alone. ; ; During the pandemic, we supported existing customers by helping them pivot quickly to handle new use cases. For example, our UK finance sector clients needed assistance reaching out to customers to offer payment holidays for mortgages and keeping them in the loop on progress with their applications, whilst trying to balance having lower than usual staff numbers and implementing WFH. We offered bespoke support packages free of charge to all customers with this use case, helping them to import customer data for the first time, update their DPAs and DPIAs, and craft easily understood messages.; ; We offered bespoke pricing for new customers who were purchasing Alert Cascade for the first time due to coronavirus impact, and we waived overage fees for customers who exceeded their contractual headcounts or stated use cases to allow them to communicate as much as needed to mitigate the effects of COVID-19 on their organisation.; ; For staff who were/are shielding or who are otherwise vulnerable, we recognise the continuing impact of COVID-19 and remote working is available to all staff subject to suitable information security conditions.

  Tackling economic inequality

  Alert Cascade Limited pays all employees the Real Living Wage, and we do not use zero working hours contracts - we're happy to warranty to this under contract. ; ; We ensure that our products are priced in a way that is fair and accessible to businesses across different economic strata - we provide tiered pricing, and discounts for charities, educational institutions, and start ups. In some cases, we are able to provide our services free of charge - this can be something as small as providing a free information hotline to a local school, or as large as providing our critical communications platform free of charge to support humanitarian efforts in Ukraine during the ongoing war, and in Taiwan during recent earthquakes. ; ; As a business, we regularly engage with external organisations, community groups, and stakeholders to collaborate on diversity and inclusion initiatives and contribute to broader societal change. We work with local colleges to support apprenticeships, and with DWP to provide work placements, ultimately with the aim of providing people with the skills they need to sustain full time employment.; ; Our remote working policies mean that physical location is no longer a barrier to employment, and we regularly support staff to gain additional industry based qualifications.

  Equal opportunity

  Our ESG Policy Statement outlines our ESG Principles, which we successfully execute through a range of activities:; • Diverse representation in leadership and decision-making roles; • Employee Resource Groups (ERGs): We have established ERGs (affinity groups) that provide a supportive community for employees from diverse backgrounds and enables them to contribute to organisational initiatives and advocacy efforts.; • Diversity training and education: We provide regular training and educational programs on unconscious bias, cultural competency, and inclusive leadership, for all employees to raise awareness and build inclusive behaviours.; • Supplier diversity program: We have implemented supplier diversity initiatives to actively engage and support diverse suppliers, and we track spending with diverse suppliers to ensure accountability and progress.; • Recruitment and talent acquisition practices: We implement inclusive recruitment practices, such as blind resume screening, diverse interview panels, and partnerships with organisations that support underrepresented talent pipelines.; • Pay equity and fair treatment: Conducting regular pay equity audits and implementing policies and practices that ensure fair treatment and equal opportunities for all employees, regardless of their background.; • Regular monitoring and reporting: Establishing metrics, tracking progress, and regularly reporting on diversity and inclusion initiatives to ensure transparency, accountability, and continuous improvement.; • We are a Disability Confident Employer, working towards becoming a Disability Confident Leader. We use Dun and Bradstreet supplier diversity data services to determine the diversity of our vendors and how much we spend with diverse suppliers in our supplier base.

Pricing

• Price: £1.00 to £11.00 a user a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Initial web demo with an implementation specialist to discuss your specific use case, followed by access to a fully featured demo account configured based on your web demo. We support 14 and 30 day trials as standard, longer trial periods available on request and subject to use case.
• Link to free trial: https://alertcascade.co.uk/contact/

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at rachel.spencer@alertcascade.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.