CRYSP LIMITED

Crysp

Digital compliance management system with document management, digital forms, real time compliance tracking, policy manager, contract manager and asset list.

Features

• Real-time reporting
• Dashboard
• Document management
• Digital forms
• Asset management
• Compliance management
• Policy manager
• Contract manager

Benefits

• Access to information available from anywhere
• Visibility team controls
• Never lose paperwork again
• system reminders for regulatory compliance items
• Organisational reporting
• Encrypted information
• Auditable trail

£289 a unit

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pete@crysp.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

467267902218513

Contact

Pete Mills
07719615753
pete@crysp.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Planned maintenance done out of hours.
• System requirements:
  • Internet access
  • Access to smart device

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 24-48 hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Online training and in person support right up to a full maintained service.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We offer consultation to ensure organisations have the correct implementation plan with in-person or online training. This is also supported with online help videos and PDF step by step guides
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Excel
• End-of-contract data extraction: Through downloading all content via the portal
• End-of-contract process: Organisations can either download their data free of charge or pay additional fees for the data to be downloaded and sent to them via a link.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Web based app for phones and tablets
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: All set up and site structure can be customised for the organisations requirements

Scaling

• Independence of resources: We continuously monitor usage of the portal and always ensure good site speed. If and when required we would make changes to the platform to ensure no users are affected.

Analytics

• Service usage metrics: Yes
• Metrics types: Log in data and marks when actions are completed on the portal.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Through the online portal via PDF or Excel
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats: Other
• Other data import formats: Direct into the portal

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network: Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Dependant on level of package taken we would define an SLA, if this is not followed as per our processes we would determine if a refund is required and if so what percentage of their contract this equates to. This would then be raised to the client for refund payment.
• Approach to resilience: Available on request.
• Outage reporting: We have 98.7% up time. All downtime is reported through email alerts whether this be planned or unplanned and all users are kept updated throughout.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Through user management control defined by our CTO.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Through strict policies and procedures which are regularly reviewed and acted on.
• Information security policies and processes: We follow UK GDPR along with having our own internal data processing and security policies.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We have real time auditable tracking and all actions on the system are logged and recorded for regular and unusual activity. Along with automated reporting built in.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We have automated monitoring of potential system threats, along with a 2hr response time for issues that arise. With this we have processes to follow dependant on the threat and actions to follow.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We identify potential compromises through regular testing and also automated server checks. We respond within 2 hrs to potential compromises and incidents and act accordingly with our internal processes and any statutory law to take action.
• Incident management type: Undisclosed
• Incident management approach: We have internal policies for common events with a communication framework to match dependant on the severity of the issue. Incident reports are available upon request.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Through the ability to track environmental compliance items a business can aim to reduce their carbon footprint, aiding in reaching a carbon zero.

Pricing

• Price: £289 a unit
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Two week free trial with access to all fearures
• Link to free trial: https://portal.crysp.co.uk/login

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pete@crysp.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.