Bit Zesty

Echo Incident - incident management

EchoIncident is an incident management platform that helps tech-driven businesses manage incidents from the initial alert to post-mortem analysis and beyond, ensuring smooth operational continuity

Features

• Manage incidents from alert to post-mortem for operational continuity.
• Dedicated incident response team with specialized Slack channel.
• View a comprehensive timeline of all incident events.
• Update and track incident status to inform all stakeholders.
• Facilitate team and stakeholder communication during incidents.
• Generate post-mortem reports to document and share incident learnings.
• Conduct review meetings to analyze trends and enhance response processes.
• Access a dashboard displaying incident status and severity.
• Receive incident notifications through email and Slack.
• Monitor real-time incident impacts with dynamic tracking tools.

Benefits

• Enhances response efficiency with streamlined incident management processes.
• Reduces downtime by quickly addressing and resolving incidents.
• Improves team coordination with dedicated communication channels.
• Offers comprehensive visibility with an incident event timeline.
• Keeps all stakeholders updated through real-time status settings.
• Enables detailed learning from incidents with post-mortem reports.
• Facilitates continuous improvement through regular incident reviews.
• Provides centralized monitoring with an intuitive incident dashboard.
• Ensures timely alerts with customizable notification options.
• Offers flexibility with self-hosting capabilities to control data security.

£20 a user a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@bitzesty.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

590811039862822

Contact

Matthew Ford
+44 20 8164 1027
gcloud@bitzesty.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Slack
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: Self-hosting requires a docker image.
• System requirements:
  • Browser
  • Slack (optional)

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Within 2 hours during the week.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Keyboard Accessibility: Slack provides a list of keyboard shortcuts that allow users to navigate through different areas of the platform quickly. This feature is particularly useful for those who prefer using the keyboard or have difficulty with a mouse. Screen Reader Compatibility: Slack supports the use of screen readers, which are essential for visually impaired users. Screen readers enable users to navigate conversations, read messages, and access information in the Slack desktop app or Slack in a web browser. Commands for Navigating Slack Faster: Slack offers commands that allow users to quickly access different parts of the application, which can be beneficial for those who need to navigate through various channels and conversations efficiently. Animation Preferences: Slack allows users to adjust their animation preferences, which can help reduce visual distractions or discomfort for users with sensory sensitivities. Inclusive and Accessible Communication: Slack emphasizes the importance of inclusive and accessible communication within the platform, ensuring that all users can participate and communicate effectively.
• Web chat accessibility testing: Slack behaves more like an application than a web page. We recommend that: NVDA and JAWS users primarily navigate around in focus/forms mode instead of browse mode. All screen reader users use Slack’s desktop application rather than a web browser if possible.
• Onsite support: Yes, at extra cost
• Support levels: 9am – 6pm business days: 4 hours response time for normal priority issues and 1 hour for critical issues. A technical support manager will be assigned to you, as well as an account manager and cloud support engineers. 24/7 support is available at £10,000 per month.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Training can be provided
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Request a data extraction, if self hosting take a backup of the database
• End-of-contract process: The service becomes unavailable. Data extraction can be requested.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Reduced interface
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: A web interface and a slack interface
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Testing with screen readers
• API: Yes
• What users can and can't do using the API: Create and manage incidents
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Anything can be customised, by anyone as long as the licencing terms are met.

Scaling

• Independence of resources: We have autoscaling, and customers can self host.

Analytics

• Service usage metrics: Yes
• Metrics types: Uptime
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: SQL or JSON
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • SQL
  • JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats: JSON

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Availability between 99.0% and 99.5% – you will receive a 5% service credit; Availability between 98.0% and 99.0% – you will receive a 10% service credit; Availability below 98.0% – you will receive a 20% service credit
• Approach to resilience: Available on request
• Outage reporting: A public dashboard; an API; email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: Echoincident implements strict access restrictions in management interfaces and support channels through role-based access control (RBAC) systems. Access to sensitive functions and data is limited to authorized personnel based on their role and job requirements. Multi-factor authentication (MFA) is mandatory for all users accessing these interfaces, ensuring an additional layer of security. Regular audits and compliance checks verify adherence to access policies. These measures prevent unauthorized access and ensure that only credentialed staff can interact with management and support systems, safeguarding customer data and maintaining the integrity and security of our operational processes.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Currently undergoing ISO/IEC 27001 certification
• Information security policies and processes: Currently following ISO7001, Cyber essentials Plus security policies

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Echoincident manages its service components through a comprehensive configuration and change management process. Each component is detailed in a configuration management database (CMDB) for tracking through its lifecycle. Changes begin with a proposal outlining potential impacts and undergo rigorous security reviews, including static code analysis and risk assessment. Successful changes are tested in pre-production, then gradually rolled out in production with continuous monitoring. A post-deployment review assesses the change's effectiveness. This methodical approach ensures that all updates enhance system integrity, maintain high security standards, and minimize risks.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Echoincident's vulnerability management process involves continuous assessment of potential threats through automated scanning tools and subscription to leading security advisories. Vulnerabilities are prioritized based on severity, and patches are typically deployed within 24 to 72 hours, depending on the threat level. We source threat intelligence from trusted security databases, industry alerts, and partnerships with cybersecurity firms. This proactive approach ensures rapid response to emerging threats, keeping our services secure against the latest vulnerabilities. The process is integral to maintaining the integrity and resilience of our systems, providing robust protection for our users' data.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Echoincident's protective monitoring processes employ continuous real-time surveillance technologies to identify potential compromises through anomaly detection and behavior analysis. Upon detecting a potential compromise, our incident response team is alerted and responds within minutes. The team assesses the severity, contains the threat, and initiates remediation procedures to mitigate any impact. Our rapid response capabilities ensure that potential compromises are managed swiftly and effectively, minimizing downtime and safeguarding data integrity. This vigilant monitoring and immediate response are central to our commitment to maintaining robust security and operational resilience.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Echoincident employs a structured incident management approach with pre-defined processes for common events, ensuring efficient and consistent responses. Users can report incidents through a dedicated online portal, via email, or directly through our customer support hotline. Upon receiving an incident report, our team logs it in our management system, categorizes the severity, and initiates the appropriate response protocol. Post-resolution, we provide comprehensive incident reports to the users detailing the nature of the incident, the steps taken to resolve it, and measures implemented to prevent future occurrences. This approach fosters transparency and continuous improvement in our incident management practices.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Remote Work and Sustainability: At Bit Zesty, we recognise the urgency of the climate crisis. We've leveraged our remote-first organization structure as a fundamental strategy to reduce our carbon footprint. This approach not only diminishes traditional commuting and office emissions but also aligns with modern workforce needs, enhancing our ecological contributions and reinforcing our role as a climate-conscious leader in the industry. Carbon Neutrality and Continuous Improvement: Bit Zesty is proudly a carbon-neutral organization. We go beyond merely offsetting emissions. We are committed to a rigorous process of measuring and actively reducing our environmental impact. This includes supporting our employees’ individual and collective climate actions and continuously seeking innovative ways to further our sustainability goals. Innovative Approaches to Sustainability: Spearheaded by our Climate Action Group, our initiatives reflect a proactive stance on ecological issues. By fostering a remote work culture, we significantly reduce the environmental costs associated with traditional business operations, promoting a balanced and health-conscious work environment. Partnerships and Future Goals: We partner with Ecologi to fund significant carbon reduction and tree-planting projects to tackle emissions we cannot directly eliminate. These efforts are integral to our strategy of contributing actively to environmental restoration. Looking forward, Bit Zesty is excited to announce our intention to apply for B Corp certification in 2024, formalizing our commitment to accountability and sustainability that considers all stakeholders, including the planet, in our business decisions. Our Pledge: Bit Zesty remains steadfast in our commitment to the planet. We understand that true sustainability is an ongoing effort, requiring continuous improvement and a dedicated commitment to ecological stewardship.

  Covid-19 recovery

  As we navigate the recovery from the Covid-19 pandemic, the health and well-being of our team and clients remain our top priority. Recognising the challenges posed by the pandemic, we have proactively implemented comprehensive measures to ensure a safe, supportive, and resilient work environment. Adapting to New Work Norms: In response to the pandemic, we transitioned to full remote working, not only to comply with health guidelines but to sustain our commitment to excellent service delivery without disruption. This shift also supports our ongoing commitment to sustainability through reduced commuting and the implementation of travel solutions that minimise environmental impact. Supporting Our Team's Well-being: We have fortified our support for both the physical and mental well-being of our staff. Initiatives include providing the necessary equipment for effective home working, continuing full-time wages during lockdowns. Maintaining Flexible and Safe Working Conditions: As restrictions have eased, we have carefully reopened our shared office, maintaining flexible working practices that allow our team to choose their working arrangements optimally. We continue to leverage collaborative tools to minimise the need for physical contact, adhering to all social distancing guidelines. Continuous Evaluation and Support: We are committed to continually assessing and adapting our policies and practices. This includes exploring innovative work methods, supporting local businesses, and ensuring uninterrupted service delivery to our clients. Our approach is designed to not only respond to current needs but also to strengthen our resilience against future challenges.

  Tackling economic inequality

  Commitment to Community and Workforce Development: We are deeply committed to addressing economic inequality through impactful community engagement and workforce development. Recognising the skill shortages in the digital sector, we have implemented a comprehensive strategy to train individuals with no prior experience in digital fields and create meaningful employment opportunities across various communities. Inclusive Hiring and Training Initiatives: Local Employment Focus: We prioritize employing local talent and reducing economic disparities in the communities where we operate. Apprenticeships and Academies: We fund places under the Modern Apprentice scheme and have established a Software Development Academy to foster interest in technology among under-represented groups. These initiatives offer long-lasting career paths within the tech sector. Economic Growth Through Job Creation: Strategic Job Creation: We have committed to creating 10 new jobs by 2025, with at least 25% of these roles filled by individuals from deprived areas. Support for Innovation: We actively support innovation and new business models within our supply chain, fostering a diverse ecosystem of start-ups and SMEs. Robust Local Ecosystems: We work closely with local businesses and stakeholders to enhance the economic vitality of our communities. Our engagement includes purchasing resources from local SMEs and promoting fair and inclusive practices throughout our supply chain. Future Commitments: B Corp Certification: Looking ahead, we are excited to announce our intention to apply for B Corp certification in 2024, further solidifying our commitment to sustainable and equitable business practices.

  Equal opportunity

  At Bit Zesty, we are dedicated to fostering diversity and eliminating discrimination in every aspect of our operations, both as an employer and as a service provider. We aim to ensure that our workforce—including employees, interns, and contractors—reflects the diverse society we serve and that every team member feels respected and is empowered to perform at their best. Comprehensive Diversity Initiatives: Tech Talent Charter Signatory: As one of the 700 signatories of the Tech Talent Charter, we collaborate with industry members to address inequality within the UK tech sector. This commitment supports our goal to not only reduce the disability employment gap but also drive inclusion across the workforce. Inclusive Recruitment and Development: We use inclusive recruitment practices, such as detailed job postings free of discouraging language and assessments by diverse panels to prevent bias. Our recruitment channels are continually diversified, and we work with partners like YSYS and Ada’s List to reach talent from non-traditional backgrounds. Training and Development: All staff members undergo Diversity, Equality, and Inclusion (DE&I) training. Flexible Work Arrangements: We offer flexible working options to accommodate various needs related to parental responsibilities, disabilities, and cultural or religious observances. Community Engagement and Apprenticeships: We create employment opportunities locally and run apprenticeship schemes to uplift underprivileged individuals. Our action-focused diversity and inclusion working group ensures these initiatives are impactful and aligned with our core values. Supportive Partnerships and Programs: Supplier Diversity: We prioritise working with sustainable, ethical suppliers and diverse small businesses, including startups and SMEs, to foster a broad technology marketplace. We are committed to preventing modern slavery in our operations and supply chains, ensuring that all partners comply with our Anti-Slavery & Human Trafficking Policy.

  Wellbeing

  At Bit Zesty, we are dedicated to fostering diversity and eliminating discrimination in every aspect of our operations, both as an employer and as a service provider. We aim to ensure that our workforce—including employees, interns, and contractors—reflects the diverse society we serve and that every team member feels respected and is empowered to perform at their best. Comprehensive Diversity Initiatives: Tech Talent Charter Signatory: As one of the 700 signatories of the Tech Talent Charter, we collaborate with industry members to address inequality within the UK tech sector. This commitment supports our goal to not only reduce the disability employment gap but also drive inclusion across the workforce. Inclusive Recruitment and Development: We use inclusive recruitment practices, such as detailed job postings free of discouraging language and assessments by diverse panels to prevent bias. Our recruitment channels are continually diversified, and we work with partners like YSYS and Ada’s List to reach talent from non-traditional backgrounds. Training and Development: All staff members undergo Diversity, Equality, and Inclusion (DE&I) training. Flexible Work Arrangements: We offer flexible working options to accommodate various needs related to parental responsibilities, disabilities, and cultural or religious observances. Community Engagement and Apprenticeships: We create employment opportunities locally and run apprenticeship schemes to uplift underprivileged individuals. Our action-focused diversity and inclusion working group ensures these initiatives are impactful and aligned with our core values. Supportive Partnerships and Programs: Supplier Diversity: We prioritise working with sustainable, ethical suppliers and diverse small businesses, including startups and SMEs, to foster a broad technology marketplace. We are committed to preventing modern slavery in our operations and supply chains, ensuring that all partners comply with our Anti-Slavery & Human Trafficking Policy.

Pricing

• Price: £20 a user a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: 30-day free trail of all plans, and a free plan limited to 8 users

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@bitzesty.com. Tell them what format you need. It will help if you say what assistive technology you use.