ZEBSOFT
ZEBSOFT compliance management system.
ZEBSOFT incorporates modules for managing,
Auditing (Programme & CAPA Management, Checklist Auditing, Auditor Management),
Assets & infrastructure,
Risk & Environmental Register,
Legislation,
Document Control & Signing,
GDPR (DPIA, Information Records & Asset tracking),
Processes,
Suppliers & Contractors,
Contingency Planning,
Reporting & Feedback,
Tasks & Meetings
Features
- Multiple ISO standards ISO9001, ISO14001, ISO22301, ISO27001, ISO45001,
- CAPA - Nonconformity and corrective action management
- Organisation Roles, Responsibilities, Authorities
- Risk Management - monitor risks/set alerting reviews and assign ownership
- Planning System - set goals/KPIs/interested parties and legal register
- Document Management - control of revision, authorisation and user signing
- GDPR Management, DPIA, Information Records Assets,
- Auditing, Audit Programme Management, Checklists
- Strategic Planning and Management Review
- Asset Management - logs tests, maintenance, inspections, calibrations
Benefits
- Control of GRC requirements
- Web based cloud software
- Comprehensive all-in-one system
- UK Based hosting with 2FA authentication
- Continual improvement methodology of operation
- Centralised process and compliance auditing platform
- Control over multiple sites
- Cascades compliance throughout the organisation
- Ownership and accountability within organisation
- Allows for real time data entry, update and monitoring
Pricing
£5 to £40 a user a month
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
5 7 8 9 0 4 2 7 5 7 3 1 3 3 9
Contact
ZEBSOFT PRODUCTIVITY SYSTEMS LIMITED
Steven Bloomfield
Telephone: 0333 222 9070
Email: steve@zebrasoftware.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Public cloud
- Private cloud
- Hybrid cloud
- Service constraints
- No known constraints.
- System requirements
-
- Modern Web Browser
- Internet Connection
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
4 Hours
9am-5pm Monday to Friday - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Yes, at an extra cost
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- Limited to questions & answers. Only available to logged in users.
- Web chat accessibility testing
- No tests carried out yet.
- Onsite support
- Yes, at extra cost
- Support levels
-
Standard support included
2 hours per week by email through ticketing system.
Enhanced support - £1500 per month plus £1 per user per month
Includes a Dedicated phone number and account Manager
Additional support services.
Onsite support & training available at £600 per half day plus expenses - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Zebra Software can provide onsite training or remote training via Zoom or Teams.
There are online training videos available within the App.
User documentation for the system is also available within the App. - Service documentation
- Yes
- Documentation formats
-
- HTML
- ODF
- End-of-contract data extraction
- Users may output their data to reports at any time. They also may request the data from Zebra Software in spreadsheet format at extra cost.
- End-of-contract process
-
The subscription covers the cost for users to access the main system.
Disposable/deletion of data etc are additional costs.
Organisations have the option to pay a nominal charge to continue with read only access to data.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
-
Mobile is designed for users who require access to the system when away from a Laptop or PC.
This is very useful for onsite checklist auditing, users can easily add photographic evidence or use the voice typing to enter information.
The Web App is installable as a Progressive Web App. - Service interface
- No
- User support accessibility
- None or don’t know
- API
- Yes
- What users can and can't do using the API
-
The ZEBSOFT platform is a multi faceted system and many areas are not designed to be accessed via an API.
The API is limited to simple functions such as User management, obtaining results from checklists & audits, feedback & reporting, asset management, tasks and notifications.
Full details available upon request. - API documentation
- Yes
- API documentation formats
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
The system can be customised during the setting up process and Zebra Software will provide consultancy to assist with this if necessary.
Bespoke development & customisation is available from Zebra Software at extra cost.
Scaling
- Independence of resources
-
ZEBSOFT is hosted by AWS and covered by their SLAs.
All services are monitored by our technical team.
ZEBSOFT can be provided on dedicated infrastructure at additional cost.
Analytics
- Service usage metrics
- No
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Supplier-defined controls
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Reports are the most common way that users export their data.
- Data export formats
-
- CSV
- ODF
- Other
- Other data export formats
- Data import formats
-
- CSV
- ODF
- Other
- Other data import formats
-
- Jpg
- Doc
- Xls
- Open office
- Microsoft Office
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- Other
- Other protection between networks
- A VPN can be setup & configured at extra cost.
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- 99.99% uptime
- Approach to resilience
-
AWS EC2 front end
RDS database (hourly snapshots)
S3 file storage (private) - Outage reporting
-
Email alerts
twitter alerts
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Username or password
- Access restrictions in management interfaces and support channels
-
The super administrator defines roles which determines what a user can see and do.
Each user login defines what users have access to, what they can see and what they can do. Users can enable 2FA or a system administrator can enforce adoption of 2FA. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- UK National Certification Limited
- ISO/IEC 27001 accreditation date
- 03/04/2020
- What the ISO/IEC 27001 doesn’t cover
- Zebra Software Limited adopted all annex A controls in its' current statement of applicability dated 23rd March 2020.
- ISO 28000:2007 certification
- Yes
- Who accredited the ISO 28000:2007
- Self determined self declaration
- ISO 28000:2007 accreditation date
- No
- What the ISO 28000:2007 doesn’t cover
- Design & installation of security equipment
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
-
- ISO 27001
- ISO 22301
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
We manage ISO27001 & GDPR utilising our ZEBSOFT platform with automated reporting.
ZEBSOFT includes document controls to ensure staff read and understand our policies.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
ZEBSOFT employs full version control.
Testing is carried out on development/staging servers before being released to production.
ZEBSOFT is developed using the AGILE methodology. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
We carry out daily checks of log files.
Server maintenance is carried out weekly on a pre-defined window.
Service affecting emergency security patches are carried out within an hour once identified. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Daily checks of log files and twitter feeds.
Isolate, analyse & act. - Incident management type
- Supplier-defined controls
- Incident management approach
-
We have predefined plans kept within our software system ZEBSOFT. Users can report within our software system or via email ticketing system.
Incident reports are emailed to the ZEBSOFT main account contact.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
ZEBSOFT is a cloud based software system that offers an alternative to onsite auditing and facilitates online meetings and collaboration.
By removing the need for onsite audits we have eliminated unnecessary travel and improve efficiency of management of auditing.
As a cloud based system we have also eliminated the requirement for on-premises servers and the environmental impact of running servers.
Zebra Software operates and encourages remote & home working for employees. - Equal opportunity
-
Equal opportunity
Zebra Software is an equal opportunities employer. Our infrastructure is setup to enable homeworking, flexi-time & part-time working. - Wellbeing
-
Wellbeing
"Work how you want, when you want", this is Zebra Software's employee philosophy. We like happy employees and to make it fun to work at Zebra Software.
We have weekly meetings at our office in Knutsford, Cheshire and organise many social events.
With homeworkers we operate a "Virtual Office" and have a continuous teams session open so people can talk and operate as if in a physical office.
Pricing
- Price
- £5 to £40 a user a month
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- Full system is available for a trial period of 1 month to 3 months depending on the project size.