Zebra Software Ltd

ZEBSOFT

ZEBSOFT compliance management system.

ZEBSOFT incorporates modules for managing,
Auditing (Programme & CAPA Management, Checklist Auditing, Auditor Management),
Assets & infrastructure,
Risk & Environmental Register,
Legislation,
Document Control & Signing,
GDPR (DPIA, Information Records & Asset tracking),
Processes,
Suppliers & Contractors,
Contingency Planning,
Reporting & Feedback,
Tasks & Meetings

Features

• Multiple ISO standards ISO9001, ISO14001, ISO22301, ISO27001, ISO45001,
• CAPA - Nonconformity and corrective action management
• Organisation Roles, Responsibilities, Authorities
• Risk Management - monitor risks/set alerting reviews and assign ownership
• Planning System - set goals/KPIs/interested parties and legal register
• Document Management - control of revision, authorisation and user signing
• GDPR Management, DPIA, Information Records Assets,
• Auditing, Audit Programme Management, Checklists
• Strategic Planning and Management Review
• Asset Management - logs tests, maintenance, inspections, calibrations

Benefits

• Control of GRC requirements
• Web based cloud software
• Comprehensive all-in-one system
• UK Based hosting with 2FA authentication
• Continual improvement methodology of operation
• Centralised process and compliance auditing platform
• Control over multiple sites
• Cascades compliance throughout the organisation
• Ownership and accountability within organisation
• Allows for real time data entry, update and monitoring

£5 to £40 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at steve@zebrasoftware.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

578904275731339

Contact

Steven Bloomfield
0333 222 9070
steve@zebrasoftware.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: No known constraints.
• System requirements:
  • Modern Web Browser
  • Internet Connection

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 4 Hours; ; 9am-5pm Monday to Friday
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Limited to questions & answers. Only available to logged in users.
• Web chat accessibility testing: No tests carried out yet.
• Onsite support: Yes, at extra cost
• Support levels: Standard support included; 2 hours per week by email through ticketing system.; ; Enhanced support - £1500 per month plus £1 per user per month; Includes a Dedicated phone number and account Manager; ; Additional support services.; Onsite support & training available at £600 per half day plus expenses
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Zebra Software can provide onsite training or remote training via Zoom or Teams.; ; There are online training videos available within the App.; ; User documentation for the system is also available within the App.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: Users may output their data to reports at any time. They also may request the data from Zebra Software in spreadsheet format at extra cost.
• End-of-contract process: The subscription covers the cost for users to access the main system.; ; Disposable/deletion of data etc are additional costs.; ; Organisations have the option to pay a nominal charge to continue with read only access to data.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile is designed for users who require access to the system when away from a Laptop or PC. ; ; This is very useful for onsite checklist auditing, users can easily add photographic evidence or use the voice typing to enter information.; ; The Web App is installable as a Progressive Web App.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: The ZEBSOFT platform is a multi faceted system and many areas are not designed to be accessed via an API.; ; The API is limited to simple functions such as User management, obtaining results from checklists & audits, feedback & reporting, asset management, tasks and notifications.; ; Full details available upon request.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The system can be customised during the setting up process and Zebra Software will provide consultancy to assist with this if necessary.; ; Bespoke development & customisation is available from Zebra Software at extra cost.

Scaling

• Independence of resources: ZEBSOFT is hosted by AWS and covered by their SLAs.; ; All services are monitored by our technical team.; ; ZEBSOFT can be provided on dedicated infrastructure at additional cost.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Reports are the most common way that users export their data.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats: PDF
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • Pdf
  • Jpg
  • Doc
  • Xls
  • Open office
  • Microsoft Office

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: A VPN can be setup & configured at extra cost.
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.99% uptime
• Approach to resilience: AWS EC2 front end; RDS database (hourly snapshots); S3 file storage (private)
• Outage reporting: Email alerts; twitter alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: The super administrator defines roles which determines what a user can see and do.; Each user login defines what users have access to, what they can see and what they can do. Users can enable 2FA or a system administrator can enforce adoption of 2FA.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: UK National Certification Limited
• ISO/IEC 27001 accreditation date: 03/04/2020
• What the ISO/IEC 27001 doesn’t cover: Zebra Software Limited adopted all annex A controls in its' current statement of applicability dated 23rd March 2020.
• ISO 28000:2007 certification: Yes
• Who accredited the ISO 28000:2007: Self determined self declaration
• ISO 28000:2007 accreditation date: No
• What the ISO 28000:2007 doesn’t cover: Design & installation of security equipment
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO 27001
  • ISO 22301

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We manage ISO27001 & GDPR utilising our ZEBSOFT platform with automated reporting.; ; ZEBSOFT includes document controls to ensure staff read and understand our policies.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: ZEBSOFT employs full version control.; ; Testing is carried out on development/staging servers before being released to production.; ; ZEBSOFT is developed using the AGILE methodology.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We carry out daily checks of log files.; ; Server maintenance is carried out weekly on a pre-defined window.; ; Service affecting emergency security patches are carried out within an hour once identified.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Daily checks of log files and twitter feeds.; ; Isolate, analyse & act.
• Incident management type: Supplier-defined controls
• Incident management approach: We have predefined plans kept within our software system ZEBSOFT. Users can report within our software system or via email ticketing system.; ; Incident reports are emailed to the ZEBSOFT main account contact.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  ZEBSOFT is a cloud based software system that offers an alternative to onsite auditing and facilitates online meetings and collaboration.; ; By removing the need for onsite audits we have eliminated unnecessary travel and improve efficiency of management of auditing.; ; As a cloud based system we have also eliminated the requirement for on-premises servers and the environmental impact of running servers.; ; Zebra Software operates and encourages remote & home working for employees.
• Equal opportunity:

  Equal opportunity

  Zebra Software is an equal opportunities employer. Our infrastructure is setup to enable homeworking, flexi-time & part-time working.
• Wellbeing:

  Wellbeing

  "Work how you want, when you want", this is Zebra Software's employee philosophy. We like happy employees and to make it fun to work at Zebra Software.; ; We have weekly meetings at our office in Knutsford, Cheshire and organise many social events.; ; With homeworkers we operate a "Virtual Office" and have a continuous teams session open so people can talk and operate as if in a physical office.

Pricing

• Price: £5 to £40 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Full system is available for a trial period of 1 month to 3 months depending on the project size.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at steve@zebrasoftware.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.