BlackBerry UK Limited

BlackBerry AtHoc Critical Communication & Event Management

BlackBerry® AtHoc is trusted by 2000+ organizations globally to unify their crisis communications. It offers a whole new level of protection for your people and gives leaders the information they need to make critical safety decisions.

Features

• Critical Event Management Platform providing end to end incident management
• Unified Networked Mass Notification over multiple channels
• Connect seamlessly to other organisations
• Easy to use single interface (on desktop or mobile)
• Implemented in UK Secure Cloud as SaaS based platform
• 24/7/365 Technical support
• Scalable, resilient & redundant infrastructure with 99.95% uptime
• Integration with open APIs into existing systems
• Fully GDPR Compliant
• Full system implementation delivery

Benefits

• Quickly communicate consistent message across multiple channels and delivery devices
• Simplify your business continuity, critical communications and disaster recovery
• Prepare for incidents with step by step incident plans
• Target communications by organisation, department, role, location & skill set
• Full Auditing, reporting and analytics for incident communications and events
• Collaborate in real-time via the web or mobile app
• Automates the process of accounting for the safety of people
• Bridges the communication gap between organizations during these events
• Gain greater awareness to make better decisions from situational information

£12.00 to £25.00 a user

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at kholyome@blackberry.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

616813596748259

Contact

Keiron Holyome
0744 22 77 888
kholyome@blackberry.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: N/A
• System requirements:
  • Administrators require an internet enabled device
  • Users need an SMS, Email, Voice or Data capable device

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Low Severity - 8 hours; Medium Severity - 4 hours; High Severity - 2 hours; ; 24/7 365 days per annum
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Each Account has an Account Manager, and a Technical Support Manager; ; Premium Support: Named Contacts can engage BlackBerry AtHoc Technical Support analysts via telephone or submit issues; electronically through the BlackBerry AtHoc Customer Support Portal twenty-four (24) hours-a-day, seven (7) days a week.; ; Severity High Technical issues submitted via the telephone or the BlackBerry AtHoc Customer Support Portal will be routed to; the highly skilled technical experts and will be given the highest priority in the response queue. Critical (Severity High) technical issues will have a Response Time Target of two (2) hours. ; ; Onsite support is also available at an extra cost.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: -Hosted on one of the AtHoc Cloud instances:; -Organizations fully configured with logo, greeting, time zone, User Authentication; - Telephony, SMS, Email, Mobile Notifier (May include Networking Alerting Solution - Desktop popup - if purchased); - 2 Operator Accounts created per Organization; - Initial creation of up to 5 Enterprise Custom Attributes, 3 additional ones per Sub Organization; - Initial creation of up to 3 Distribution lists per Organization; - Initial creation of up to 5 Enterprise scenarios, 3 additional Scenarios per Sub Organization; - Initial Org Hierarchy creation for Sub Organizations – up to 20 nodes per Organization; - Initial End User upload - 1 CSV upload for each Sub Organization and AD Synch or CSV import; tool as required; - Access to our on-line Learning Management System, Quick Start Video, weekly “Ask the Trainer” sessions; - Training: Four 4-hour instructor led online sessions (additional training delivered as purchased).; Meetings -; - 2 Hour External Kickoff (EKO) – Remote; - 4 Hour Ops / Config Survey; - 4 Hour for NAS support (Desktop Software Packaging and Setup, if purchased); - 1-4 Hours for each Add-on purchased; - Post Implementation – World Class Support delivered by BlackBerry’s Customer Support; Organization.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Customers have access to all their data during their contract. During which they have the ability to export it. Exports can be made at any time via PDF or CSV
• End-of-contract process: Customers will lose access to the account, the account is deleted and purged from the BlackBerry platform and all data is securely removed after 90 days.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: All features of BlackBerry AtHoc are available on the mobile and desktop service. Advanced Administrator functions may be easier to access via the desktop browser version.
• Service interface: No
• User support accessibility: WCAG 2.1 AAA
• API: Yes
• What users can and can't do using the API: BlackBerry AtHoc provides a suite of portable HTTPS and XML-based APIs to facilitate integration of the BlackBerry AtHoc system with external systems, and provides content synchronization, group and distribution list synchronization, and publishing of alerts. All API access is security controlled via positive authentication and can be further restricted by source IP.; ; The integration API covers the following integration functions –; • Personnel data synchronization for user profile updates; • Alert and scenario activation; • Alert content retrieval; • Alert tracking and reporting retrieval; • Subscription updates ; • Distribution list updates; • Local configuration
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: BlackBerry AtHoc personnel will work with a designated functional administrator (or designated representative) to customize the system by creating distribution lists and alerts that match organization processes and procedures.; The Desktop Notifier includes several notification templates out-of-the-box, and each can be customized by the Operator and saved or copied for use in other templates or notifications – including controlling the alert size (cover a portion of the screen or the entire screen), color, border, fonts, and appearance.

Scaling

• Independence of resources: BlackBerry AtHoc Services is hosted at redundant and highly available data centers, with 99.95% uptime, which feature:; Multiple telecommunication carriers and aggregators to diversify, protect against outages, and ensure the continuity of operations during a failure – without affecting alert delivery services. Any blocked or busy trunk forces traffic to the next available carrier and carrier circuits.; N-tier architecture with redundancy at every point in the system, including server components, databases,phone carriers, SMS carriers, and Internet service providers.; Online data replication, which ensures that – should a data center become unavailable – others are available to provide service.

Analytics

• Service usage metrics: Yes
• Metrics types: Metrics are provided via reporting and dashboards relating to contacts, incidents, accountability events, responses & utilization, as well as other standard reports.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Customers can download their data at anytime via CSV or PDF.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • API
• Data import formats:
  • CSV
  • Other
• Other data import formats: API

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: BlackBerry AtHoc has numerous security and network certifications and complies with key security requirements, including:; • FISMA; • NIST SP 800-53 Rev4 IA Control Set; • Information Systems Agency (DISA) FSO Gold Standard and; applicable STIGs; • Secure PKI Digitally Signed On-Premise email delivery; • DHS Safety ACT Compliant; • NIST SP 800-53 Rev4 IA Controls at FIPS-199 Moderate Classification
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: BlackBerry AtHoc Services uses strong encryption via FIPS140-2 validated TLS in our application to ensure the protection of data-in-transit. Application databases are using FIPS 140-2 validated encryption to ensure the protection of data-at-rest and data-in-storage

Availability and resilience

• Guaranteed availability: BlackBerry AtHoc Global Cloud Services offer a minimum of 99.99% service availability. BlackBerry AtHoc consistently exceeds service-levels. This percentage includes scheduled downtime.
• Approach to resilience: BlackBerry AtHoc Cloud Services are hosted at redundant and highly available data centers, which feature:; • Multiple communication vendors to diversify, protect against outages and ensure the continuity of operations during a failure without impacting alert delivery services.; • N-tier architecture with redundancies in the system (e.g., server components, databases, management components, etc.).; • Online data replication, which ensures that – should a system or a data center become unavailable – others are available to provide service.; Our Cloud Services (SaaS) fully comply with NIST SP 800-37/53 Federal regulations and FIPS 199 Moderate classification, is ISO 27001 certified and is the only FedRAMP Authorized solution. ; ; BlackBerry AtHoc Global Cloud Services are configured with multiple logical nodes and multi-tier architecture to avoid single point of failure. In a catastrophic situation, the same configuration is maintained (“hot” and online) in a geographically separate data center in the same region. Data is replicated online to avoid data loss. Additionally, backup files are periodically copied across the protected sites within region, to support disaster recovery situations. ; Service redundancy and disaster recovery readiness are tested at least twice a year.
• Outage reporting: For planned maintenance, we give at least 14 calendar days’ notice to affected customers. ; When a service disruption is confirmed, we send out a notice as soon as possible to let affected customers know typically via email and update our support portal. Typically, the notice that there is an unplanned service disruption is sent 30 minutes or less from the time the event was detected. When service is restored, a Root Cause Analysis can be provided upon request.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: BlackBerry AtHoc supports SAML 2.0-based Single Sign-On enterprise authentication methods, as well as DoD Common Access Card (CAC) authentication and access. CAC and PIV authentication are provided with use of the Electronic Data Interchange Personal Identifier (EDIPI) for authentication either directly from the CAC client PKI certificate or from the CAC logged in on the computer. Designated central administrators can define permissions to other users (Operators) specifying their rights and privileges. The authentication and password protection comply with DoD Password Policies.
• Access restrictions in management interfaces and support channels: Underlying BlackBerry AtHoc’s Alerts Management System is a common framework of role-based Operator permission management. This framework uses a role-based permission definition, where every role is composed of objects and allowed actions (view, create/modify, publish). An operator is associated with a role in the context of a specific Virtual Private System (VPS) or multiple VPSs.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Description of management access authentication: BlackBerry AtHoc supports SAML 2.0-based Single Sign-On enterprise authentication methods, as well as DoD Common Access Card (CAC) authentication and access. CAC and PIV authentication are provided with use of the Electronic Data Interchange Personal Identifier (EDIPI) for authentication either directly from the CAC client PKI certificate or from the CAC logged in on the computer. Designated central administrators can define permissions to other users (Operators) specifying their rights and privileges. The authentication and password protection comply with DoD Password Policies.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 01/06/2019
• What the ISO/IEC 27001 doesn’t cover: All parts of our service are covered by this
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 29/09/2016
• CSA STAR certification level: Level 3: CSA STAR Certification
• What the CSA STAR doesn’t cover: All parts of the Cloud service are covered by this
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO 22301 and other business resilience standards
  • NIST SP 800-53 Rev 3 (moderate FIPS 199 classification)
  • Fully compliant with General Data Protection Regulation (GDPR)
  • Data Center Certifications: SSAE-16 SOC I Type II Certified
  • US Department of Homeland Security: DHS Directive 008-04
  • FEMA Safety law emergency plans under OSHA
  • US Department of Defense: DoDI 3001.02
  • US Department of Veterans Affairs: VA Directive 0325
  • US FEMA Guidance Directives: FCD 1
  • FedRAMP

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
• Information security policies and processes: BlackBerry complies with various industry standards that provide an assurance of quality, reliability and security that only BlackBerry can deliver. As such, BlackBerry regularly undergoes rigorous evaluations by leading independent certification bodies. Some of the key certifications BlackBerry has obtained include: ; • ISO 9001: This standard is based on a number of quality management principles which include having a strong customer focus, organizational leadership driving quality engagement, using the process approach and continual improvement. ; • ISO 27001: ISO/IEC 27001 provides a model for establishing an information security management system (ISMS), which aligns people, resources, and controls, to create a series of measurable security practices to protect information assets. BlackBerry has an established record of integrating secure practices. ; • ISO 27018: The ISO 27018 standard intends to be “a reference for selecting PII protection controls within the process of implementing a cloud computing information security management system based on ISO/IEC 27001, or as a guidance document for organizations for implementing commonly accepted PII protection controls”. The standard is primarily concerned with public-cloud computing service providers acting as PII processors.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All updates to the BlackBerry AtHoc Services are performed following strict change control processes, as led by its Change Control Board (CCB) and including a thorough analysis of implied security impact and risk assessment. Detailed records of applied changes are carefully maintained.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: BlackBerry AtHoc will apply software patches, hotfixes, and upgrades in accordance with the AtHoc Hosted Service Agreement. Scans are updated and conducted weekly. BlackBerry has implemented a robust vulnerability and patch management process. We continuously monitor public and private sources in order to understand and respond to new vulnerabilities and methods of attack. We have close relationships with partners and receive notifications for any new security vulnerabilities to be assessed and remediated.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: BlackBerry AtHoc Services are protected through a combination of antivirus software, enhanced monitoring, redundancy, segregation, intrusion-detection, and intrusion-prevention systems. Workstations have antivirus and disk encryption software installed and host-based firewalls enabled. Blackberry uses a variety of firewall technology solutions for stateful packet inspection. User and service activity is tracked, monitored, and logged. Logs are regularly reviewed for unsuccessful logins, access violations, and privileged access.; BlackBerry AtHoc is maintaining network architecture and inventory of all components in boundary per NIST SP 800-53 Rev4 guidelines. This inventory is updated on an ongoing basis to support Continuous Monitoring"
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: BlackBerry AtHoc has incident response plans in place that meet or exceed major industry standards. BlackBerry has established a Virtual Incident Response Team (VIRT). This is a cross-functional team of experts from throughout the organization who are responsible for responding to incidents that impact, or have the potential to impact, our enterprise environment. This team is able to rapidly and effectively respond to emerging incidents and provide the guidance and tools necessary to protect our systems and devices. Procedures outlined in NIST 800-61 and are included in NIST 800-53 are standards we use.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  BlackBerry has selected the United Nations Global Compact (UNGC) as the framework for our sustainability program. The UNGC is the largest corporate sustainability initiative in the world. By collaborating on the UNGC Sustainable Development Goals, we can make a greater impact.; BlackBerry is committed to tackling the technology industry's most pressing environmental challenges, creating equal opportunities for all, and making positive impacts on our communities. Our sustainability efforts advance our mission to build a more connected and secure world for today and tomorrow.; Climate change is a global crisis and we are committed to driving meaningful climate action. We are proud to have achieved carbon neutrality, invest in carbon removal, and partner with customers to reduce their carbon footprint through our cloud-based solutions.; Water security is crucial for social, economic, and political stability and progress. To tackle the intensifying issue of water security, we are investing in carbon reduction programs, developing innovative technologies and participating in community initiatives worldwide.

Pricing

• Price: £12.00 to £25.00 a user
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at kholyome@blackberry.com. Tell them what format you need. It will help if you say what assistive technology you use.