Boomalert Ltd

SMS alerting

Critical alerting software that automates incident communication. Customers can build bespoke communication workflows, to meet requirements for critical events. boomAlert is an ideal bolt-on for M2M messaging workflows, IT monitoring applications and business continuity communications. Incident management software that handles alerts efficiently. ISO-27001, Cyber Essentials and Cyber Essentials Plus accredited

Features

• real-time reporting of incident management
• Bulk two way SMS text messaging

Benefits

• Initiate emergency plans while on the move
• Build multiple workflows to be triggered at will

£0.03 a unit

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at michael.green@boomcomms.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

461243814227803

Contact

Michael Green
+44 207 224 5555
michael.green@boomcomms.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Nil
• System requirements: Must have access to the internet

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The standard response time is; Premium support can be bought separately and is as follows:
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AAA
• Web chat accessibility testing: Nil
• Onsite support: Onsite support
• Support levels: Standard:; Premium:
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Training and guidance is provided by Boomerang Account Managers assigned to the account. Training can be delivered on sight, over the phone or on-line. The interactive help topics, throughout the user interface assist with training also.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Users have the ability to download and extract their data (in csv format) at the end of the contract, or it can be requested from Boomalert, as a managed service.
• End-of-contract process: Customers must fulfil the minimum contract period agreed. Service cancellation requests are to be submitted in writing and will be subject to the agreed cancellation period. The service will remain active up to the agreed cancellation date, thereafter, will be decommissioned. All subsequent requests to access the service will be blocked. The customer will be obliged to pay any outstanding monies for subscriptions or message transactions that have not already been invoiced. The service account (although not active) will be retained for a further period before being fully deleted from Boomerang’s systems (after which no account data will be retrievable). Data uploaded by the customer can be modified or deleted as required during the contract period or notice period. The deletion of data involves full hashing over.; Early termination of the contract will incur termination fees if the termination is not result of a material breach.; Any transactional message data processed during use of the services will be held for the standard retention period of 13 months from point of processing.; Where additional services have been purchased that are still within their contract period (e.g. dedicated or shared inbound short code services), the terms of those agreements remain in place.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Boomerang offers an intuitive API builder, within the User Interface. Integrations can be saved, amended and stored in the UI library nd called upon when required.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: The user defined customisable settings are accessed through the system settings. The user interface can be 're-skinned' if required. Users with the required permissions can make changes to the customisable options

Scaling

• Independence of resources: Capacity and performance have been considered during the original design and evolution of our services, to ensure they are able to meet expected demand and customer service levels. Our cloud based environment allows for rapid deployment of additional resources where required, without disruption to production services. Cloud instances have also been configured to use an auto-scale set of resource limits, within which additional resources are utilised as demand is increased.

Analytics

• Service usage metrics: Yes
• Metrics types: "Live" analytics can be viewed on the User Interface's dashboard via the portal. Consolidated reports can be downloaded or sent via email automatically, in CSV format. Reports can be delivered via dashboard, email or API.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Data can be exported at any time by users or request that the data be exported by Boomalert staff, in csv format.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: IPsec or TLS VPN gateway
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Customers are entitled to Service Credits based on a failure to meet the monthly System Availability of 99.99%. Where Boomalert fails to meet this target in respect of any calendar month, subject to the paragraph below, Boomcare Premium customers will be entitled to claim a Service Credit of 10% of the monthly value of the service subscription paid in respect of the Service affected (being one twelfth of the total annual amount paid). Service Credits are not provided against any other annual or monthly charges (including but not limited to message credits) nor in respect of any other metrics or performance measurements. A Customer is not entitled to Service Credits if it is in breach of its agreement with Boomalert, including without limitation where the Customer is not up-to-date with its payments when the relevant Outage occurred or Service Credits are claimed
• Approach to resilience: Network devices, including firewall and other boundary devices, are in place to monitor and control communications at the external boundary of the network and at key internal boundaries within the network. These boundary devices employ rule sets, access control lists (ACL), and configurations to enforce the flow of information to specific information system services. ACLs, or traffic flow policies, are used to manage the flow of traffic. ; A wide variety of automated monitoring systems are utilised to provide a high level of service performance and availability. These monitoring tools are designed to detect unusual or unauthorized activities and conditions across network usage, port scanning activities, application usage, and unauthorised intrusion attempts. The tools have the ability to set custom performance metrics thresholds for unusual activity.
• Outage reporting: Planned maintenance; Planned maintenance covers scheduled activities that are required to keep the services and infrastructure supporting them secure, error free and optimal. All planned maintenance scheduled where possible to minimise customer inconvenience and the maximum notice period possible is provided (a minimum of one week is mandatory). Notifications containing details of the maintenance schedule are issued to designated contacts before and on completion of the work.; Unplanned maintenance; Unplanned maintenance is undertaken to prevent service related issues or degradation of services that would otherwise affect customers’ use of the service. ; Emergency maintenance; Emergency maintenance is carried out to address any issues affecting availability, provision or performance of the service.; Although Boomalert will provide as much information as possible during unplanned and emergency maintenance, it may not always be possible to provide prior notice, due to the nature and urgency of the work being carried out.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: The Access Control Policy sets out a comprehensive range of access controls to safeguard customer data. Internal access to company systems and networks holding or processing customer data, is granted on the basis of least privilege. Procedures are in place to ensure that access to systems is formally authorised. Every system user is identified by a unique Id and key activities carried out by a user and is logged with the date and time the activity was performed. Asset owners are assigned to company information assets which includes carrying out regular reviews of system access.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 17 October 2019
• What the ISO/IEC 27001 doesn’t cover: Nil
• ISO 28000:2007 certification: Yes
• Who accredited the ISO 28000:2007: British Assessment Bureau
• ISO 28000:2007 accreditation date: 17 October 2017
• What the ISO 28000:2007 doesn’t cover: Nil
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Essentials
  • Cyber Essentials Plus
  • ISO 27001:2017

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Boomalert currently complies with requirements, policies and controls, including Cyber Essentials, NCSC Cloud Security Principles and operates to security level IL3 . It is ISO 27001:2017 accredited. The following tools, policies and frameworks have been implemented: an information security management system (ISMS), risk assessment and management following ISO 27002 code of practice, regular staff awareness training, including an HR security lifecycle that covers recruitment, induction, in life management and exit, governance of the ISMS through performance evaluation, other policies and controls in line with ISO 27002 to address risks and requirements in the areas of: asset management, access control, cryptography, physical and environmental security, operations security, communications security, system acquisition, development and maintenance, supplier selection and management, including a robust segmented approach to supplier work, information security, incident management (including EU GDPR compliance). information security for business continuity planning and disaster recovery.; Additionally, Boomalert's approach to information assurance includes processes and tools for managing aspects of EU GDPR such as: Subject Access Requests (SAR) and notifying ICO and individuals affected data incidents. The organisation has invested in capability for undertaking privacy impact assessments (PIA) and working in line with both EU GDPR and ISO 27001:2017 for information security in projects.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Changes to any system components, configurations, software and system code are regulated and controlled via a structured change management process to minimise the impact of any changes upon service users. Changes are recorded and evaluated according to their priority, risk and their impact upon availability of services and changes must be formally approved prior to implementation.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Network devices, including firewall and other boundary devices, are in place to monitor and control communications at the external boundary of the network and at key internal boundaries within the network. These boundary devices employ rule sets, access control lists (ACL), and configurations to enforce the flow of information to specific information system services. ACLs, or traffic flow policies, are used to manage the flow of traffic. ; Automated monitoring systems are utilised to provide a high level of service performance and availability. These monitoring tools are designed to detect unusual or unauthorised activities and unauthorised intrusion attempts.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Network devices, including firewall and other boundary devices, are in place to monitor and control communications at the external boundary of the network and at key internal boundaries within the network. These boundary devices employ rule sets, access control lists (ACL), and configurations to enforce the flow of information to specific information system services. ACLs, or traffic flow policies, are used to manage the flow of traffic. ; Automated monitoring systems are utilised to provide a high level of service performance and availability. These monitoring tools are designed to detect unusual or unauthorised activities and unauthorised intrusion attempts.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Boomalert maintains a strategy for reacting to, and recovering from, adverse situations which is in line with senior management’s level of acceptable risk; Maintaining a programme of activity which ensures the company has the ability to react appropriately to, and recover from, adverse situations in line with the business continuity objective; Maintaining appropriate response plans underpinned by a clear escalation process; Maintaining a level of resilience to operational failure in line with the risk faced, the level of negative impact which could result from failure and senior management’s level of acceptable risk.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Boomerang is committed to safeguarding the environment and believes businesses are responsible for achieving good environmental practice and operating in a sustainable manner.; We are committed to managing our environmental impact and improving; our environmental performance as an integral and fundamental part of our business strategy and operations.; It is our priority to encourage our employees, customers and suppliers; to do the same. Not only is this sound commercial sense ; it is also a matter of delivering on our duty of care towards future generations. Boomerang is committed to promote and achieve these objectives:; 1. Comply with or exceed the requirements of current environmental legislation and codes; of practice;; 2. Minimise waste and increase and promote recycling where possible;; 3. Work with companies that offer secure disposal and recycling of IT equipment;; 4. Minimise energy and water usage in processes and day-to-day operations in work premises in order to conserve supplies, and minimise our consumption of natural resources, especially non-renewable ones;; 5. Apply the principles of continuous improvement in respect of air, water, noise and light pollution from our premises and reduce impacts from our operations on the environment and community;; 6. As far as possible purchase products and services that do the least damage to the environment and encourage others to do the same;; 7. Assess the environmental impact of any new processes or products we intend to introduce in advance;; 8. Promote suitable training and ensure all employees understand the; environmental policy and conform to the high standards it requires applying them to day-to-day operations;; 9. Evaluating supplier credentials in regard to environmental sustainability and working with suppliers that are aligned to our approach;; 10. Aim at reaching targets defined in this Policy, related to reducing energy consumptions, improving staff training on recycling and reduce emissions.
• Covid-19 recovery:

  Covid-19 recovery

  As we aim to beat COVID-19, we hope our communication solutions help businesses around the world adapt to working remotely and communicating during an unprecedented time. Internally we are protecting the health and well-being of our employees and anyone affected by our work. We have developed a proactive plan designed to minimise the impact of COVID-19 within our workplace. We require all employees to protect themselves and their co-workers from a potential coronavirus infection. If an employee has cold symptoms, such as cough/sneezing/fever (above 37.5 °C), or feel poorly, they will stay at home and advise their line manager. If an employee has a positive COVID-19 diagnosis, they are to inform their manager and cannot return to the office until they have fully recovered.
• Tackling economic inequality:

  Tackling economic inequality

  Boomerang’s communication solutions allow organisations of all sizes to grow efficiently by saving costs on their communications internally and externally. We provide cost-effective tools to help manage various workflows. Our patented technology allows companies to be communicating in real time, in a clear and efficient manner. Boomerang’s technology is designed to empower staff across all sectors of an organisation, making everyday jobs simpler to manage and in turn will reduce employee turnover.
• Equal opportunity:

  Equal opportunity

  The Company is committed to a policy of equal opportunities and its intention is to fully comply in all aspects of appropriate and current legislation. This policy will apply in respect of recruitment and selection procedures, career development, promotion, training, payment practices, and all other terms and conditions of employment. It is the responsibility of each employee at every level to promote Equal Opportunities and to pursue non-discriminatory policies and practices in employment and through behaviour language, attitude and actions so that no discriminatory practices occur.; ; It is our policy to promote Equal Opportunities throughout the company and to ensure that no employee or job applicant is less fairly treated or suffers any harassment because of discrimination whether directly, indirectly, through victimisation or harassment. Failure of any employee to observe the principles laid out in this policy will become subject to the company disciplinary procedure and may result in breaches of the law.
• Wellbeing:

  Wellbeing

  Boomerang recognises the protection of health and the promotion of wellbeing as important factors in sustaining attendance at work and supporting job satisfaction and career success and progression. Boomerang is committed to providing a working environment for its staff which minimises risk to health and promotes positive wellbeing.

Pricing

• Price: £0.03 a unit
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: A trial service is provided, containing full access to service functionality. Trials are provided free of charge, include some free message credit and are active for a period of 14 days. Trial accounts are created directly from the Boomalert website, requested via the website or requested by contacting Boomalert directly.
• Link to free trial: Www.boomalert.com

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at michael.green@boomcomms.com. Tell them what format you need. It will help if you say what assistive technology you use.