LABRYS TECHNOLOGIES LTD

Axiom

Axiom is a secure communications and task management platform that organisations use to communicate, coordinate, and compensate globally dispersed teams.

Features

• Encrypted Messaging with reverse translation
• Task Management: create, assign and approve tasks
• User Geolocation and Mapping
• Digital Payments
• Verified Media and Document Submission
• User Verification: Biometric user enrolment and secure device checks

Benefits

• Securely communicate with your teams in 133+ languages
• Easily co-ordinate and track project execution
• Visualise the location of your teams on a single map
• Pay your global teams in USD pegged stablecoins
• Ensure the validity and security of user submitted content
• Automated identity and device verification for your teams

£60,000 to £60,000 an instance a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at rob@labrys.tech. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

567522393924499

Contact

Robert Barrie
+447436573334
rob@labrys.tech

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Users access the service through the installed Android application which is compatible with Android operating systems that are officially supported by Google Mobile Services (GMS) and we guarantee support and product compatibility for devices that are running on Android operating system versions that are no more than three major releases behind the latest Google officially supported Android operating system release.
• System requirements:
  • Internet access
  • Android devices (GMS) within 3 releases of latest Google release

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We respond to user support requests within 1 business day
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We have an online customer support team which will respond to support tickets within one business day. The support help desk is serviced between 9am - 6pm UTC Monday - Friday.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide user documentation as standard, onsite and remote training subject to charge.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Labrys Technologies Axiom C2 admin users can manually export their data from the platform. Bulk data extraction for customers will be subject to cost charged as per G Cloud 14 SFIA rate card
• End-of-contract process: At the end of the contract the customer has the option to renew or cancel the contract. If the customer chooses to cancel the contract, their data can be bulk exported subject to charge as per SFIA G Cloud 14 rate card.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Axiom does not offer a desktop application currently, but can be accessed on a desktop computer via a web application.; ; The web application does not capture granular location data or perform user tracking, as the mobile services do. The web application is also not able to perform the same level of device checks as the mobile application.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Users can interface with the service using the dedicated GUI for Axiom, either in the browser or via the mobile application.
• Accessibility standards: None or don’t know
• Description of accessibility: The user interface is designed to meet accessibility requirements for colour-blind and visually impaired individuals; ; The application has not been tested for interoperability with assistive technology.
• Accessibility testing: None
• API: Yes
• What users can and can't do using the API: API integration is a custom feature that needs to scoped out directly with the customer during contracting.
• API documentation: No
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Feature requests and custom development are considered and quoted on a case by case basis

Scaling

• Independence of resources: We have designed and tested our application backend to ensure that it is performant under load and scalable.; ; In our standard tenancy model, each customer workspace is powered by isolated and distinct infrastructure (own kubernetes deployment), ensuring isolation between tenants.; ; Other hosting options (Private Cloud, On-Premises Deployment) with higher degrees of isolation are available. These deployment models are custom configurations that will require additional scoping and quoting with the customer based on the project length at additional cost as per the SFIA rate card. See Service Definition document for more details

Analytics

• Service usage metrics: Yes
• Metrics types: We show Axiom C2 enterprise clients the number of executive users they have licensed. The Axiom C2 clients can monitor their onboarded Axiom Communicator users and Labrys Technologies monitors the number of Axiom Communicator biometrically enrolled users enrolled into each client's workspace.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Permissioned users of the Axiom C2 platform can export their data by choosing different data end points. ; Users of the Axiom Communicator and Axiom C2 platform can also download and share files they have been been sent or given access to. ; Large scale data migrations will require specialist support from the Labrys Technologies team and will come at an additional cost as per SFIA G Cloud 14 rate card
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • JSON
  • JPG
  • GPX
  • PNG
  • PDF
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • PNG
  • JPG
  • CSV
  • TXT
  • PDF
  • GPX

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: All data collected through the Axiom C2 and Axiom Communicator applications are secured in transit between the device and the GCP or chosen cloud environment by using TLS 1.2 encryption. Data in transit within GCP is secured using service-mesh mutual TLS (mLTS) encryption.

Availability and resilience

• Guaranteed availability: Subject to the other provisions of the SaaS Order Form, Labrys shall provide the Platform for use by the Customer on a best-effort basis. We aim to provide 99.5% uptime each month throughout each SaaS Extension Term (except for): ; ; Upgrades: implementation of version updates, upgrades, modifications, enhancements and/or revisions (which may take place at any time). ; ; Planned Maintenance Windows which will be carried out between 10.00 pm and 2.00 am (UK time zones). Labrys will provide the Customer with no less than two (2) Business Days’ notice of Planned Maintenance Windows. ; ; Unscheduled Emergency Maintenance which will be carried out (wherever possible) outside Normal Business Hours. Labrys will use reasonable endeavours to give the Customer at least six (6) Business Hours’ notice in advance of Unscheduled Emergency Maintenance.
• Approach to resilience: Available on request
• Outage reporting: Known outages are reported to customers by the Labrys Technologies support team via phone or email.

Identity and authentication

• User authentication needed: Yes
• User authentication: Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: Labrys Technologies secures the Axiom platform using stringent access controls:; Role-Based Access Control (RBAC) with defined roles and strict authorisation protocols.; Activity Monitoring and Auditing tracks user actions with detailed logs for security and compliance.; Regular Access Reviews to ensure access rights remain appropriate.; These measures ensure that only authorised personnel access management interfaces and support channels, maintaining the platform's security and integrity.; ; The application is managed via secondary interfaces provided by the cloud vendor, using industry best practice tools. These channels are encrypted and subject to RBAC access controls. Management access is held only on a per-job basis.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Labrys Technologies implements robust information security policies under ISO 27001. The processes include risk management, strict access controls, incident response plans, and regular audits to ensure compliance and identify improvements. Policies are managed through a well-defined reporting structure, with security responsibilities ultimately owned at Board level by the CEO but directly delegated to the acting Chief Information Security Officer (CISO) who reports directly to the board and sits as part of the management team.; Cross-functional teams ensure compliance and integration across departments, maintaining a security-focused organisational culture. Employee training programs on security best practices are routine, ensuring awareness and adherence. Performance metrics and continuous monitoring via a SOC provide real-time insights into the effectiveness of the security framework, ensuring that deviations are promptly managed and rectified.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We use versioned deployable artefacts that can be tested and deployed independently of other processes. Changes are tracked using tickets, which describe distinct pieces of work. All changes in a version are gathered on build and assembled into a changelog which is used by administrators to determine what has changed.; ; Development changes are assessed for security impact as part of development. Changes which could have an impact are evaluated by a panel including our CISO.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We use automated vulerability scanners such as Github Dependabot, Trivy and other industry standard tools. Whenever a vulnerability is discovered, it triaged for severity and patched either within the current deployment cycle, or added to a tracker.; ; We use commonly published sources for threat intelligence, such as Crowdstrike TI.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use passive monitoring and risk-based policies to identify and treat any potential compromises. All of our organization's logs are shipped to a SIEM database with 24x7 SOC monitoring team who will notify by phone call if any suspicious events are discovered.; ; If any potential compromise is found an infosec incident can be raised in line with our internal handling procedures. We respond to suspected incidents as soon as possible.
• Incident management type: Supplier-defined controls
• Incident management approach: Users can report an incident by filling in a REC 16.1A form which is hosted on the Labrys Sharepoint site.; ; Alternatively, customers and external users can report incidents by sending an email to info@labrys.tech.; ; Incident reports are stored and documented using the template form. All incidents are investigated and severe incidents are subject to a 'post-mortem' hearing.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Our partnership with the Blue Marine Foundation exemplifies our commitment to fighting climate change. By leveraging our Axiom software platform, we support marine conservation efforts, significantly contributing to the restoration of ocean health and combating the broader impacts of climate change.

  Covid-19 recovery

  Axiom enables remote operations, reducing the need for physical interactions—a crucial advantage during and beyond the Covid-19 pandemic. This capability supports organisations in maintaining continuity and resilience, facilitating recovery without compromising health and safety.

  Tackling economic inequality

  By enabling efficient resource management and support for remote communities, especially in vulnerable regions, Axiom helps bridge economic disparities. Our technology ensures that projects delivering economic support can do so more effectively and equitably.

  Equal opportunity

  Labrys Technologies promotes equal opportunity by providing tools that support diverse and inclusive participation across global projects. Axiom's reach and scalability allow people from different geographic and socioeconomic backgrounds to contribute to and benefit from global initiatives.

  Wellbeing

  Our focus extends to enhancing wellbeing through environmental conservation and sustainable practices. Projects like our collaboration with the Blue Marine Foundation not only protect natural resources but also support the wellbeing of communities reliant on these environments.; ; By integrating these social value themes into our service delivery, Labrys Technologies not only meets but also exceeds the expectations of public sector buyers, ensuring that our contributions are both impactful and aligned with the goals of the G-Cloud framework.

Pricing

• Price: £60,000 to £60,000 an instance a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We can support limited-time proof of concept deployments, whereby we work with your team to map out where Axiom can add value to existing operations and enable new capabilities.; ; All proof-of-concept exercises are limited to three months. All features are included. To qualify you must meet the minimum-order criteria.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at rob@labrys.tech. Tell them what format you need. It will help if you say what assistive technology you use.