ISARR

Higher Education Institutes - Incident Management, Logging & Reporting

A bespoke solution for the HEI sector to support the delivery of the student experience for safety, security and wellbeing. The software ensures consistent reporting standards and secure sharing of information to improve risk management and situational awareness across departments. Reporting dashboards support analysis across all categories including crime trends

Features

• Bespoke, coherent and consistent report forms
• Secure and discrete sharing of reports with departments and stakeholders
• Full date/time stamp audit trail of all reports and actions
• Situational awareness at all levels from routine to major incidents
• Upload CCTV or video and other images and documents
• Reporting dashboard for analysis and information for senior management
• Charts and graphs to support operations and crime trend analysis
• Link Business Continuity Plans and SOPs to specific locations
• Intuitive, user friendly and simple to use
• Single Sign On and API to connect to other systems

Benefits

• Enhance and demonstrate student safety, security and wellbeing
• First evidence standard for Criminal, HSE or Coroner’s Court
• Data to support resource justification
• Fast and professional management reports and analysis
• Minimise the training burden and improve adoption
• Do more for less - reducing costs & increasing efficiency
• Information Management & Collaboration with a wide range of stakeholders
• Fulfil multiple requirements and capabilities, all from a single platform
• Post incident/event, operational learning, debriefing and continuous improvement
• Meets all GDPR and data retention requirement

£18,000 to £250,000 a licence a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at solutions@isarr.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

619241577472021

Contact

ISARR - Intelligence, Security and Risk Resilience
+44 (0) 203 4750 753
solutions@isarr.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No. ISARR supports all main Mobile Operating Systems, Desktop Operating Systems and Browsers. It utilises any available data network and IT infrastructure.
• System requirements:
  • Modern internet browser
  • Internet connectivity

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Two Support options; Standard: - Monday to Friday 0900 - 1730 GMT Priority: - 24/7 on call Detailed within the SLA Agreement
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Support response times Two Support options; Standard: - Monday to Friday 0900 - 1730 GMT Priority: - 24/7 on call with escalation to Cloud Engineer Detailed within the SLA Agreement
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onsite consultation, configuration, training and ongoing support. Optional custom support documentation (branded to the client and including client specific procedures) Ongoing product training, knowledge transfer that informs the development roadmap so clients influence the direction of features and services.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Interfaces are available via the administration web pages to export data. In addition, full database exports are available via support requests.
• End-of-contract process: Various procedures are supported at the end of the contract inline with the clients specific data retention policies including repatriating/transitioning or destroying data all subject to GDPR / Data Protection Laws.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Same experience and features presented in mobile form factor utilising the browser application (no additional download required)
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Users with appropriate permissions have access to the admin interface. Permissions levels are granular and can be configured with different permission templates during setup and configuration. General configuration of the software, service and user admin can be conducted through this interface.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: Testing in exercises with blind users
• API: Yes
• What users can and can't do using the API: Full REST API
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The HEI Incident Logging and Reporting module has a comprehensive set of customisation and administration permission options that are configured bespoke to the organisation whilst leveraging previous experience and best practice from existing HEI sector clients. Configuration options include; 1. Incident categories and taxonomies 2. Conditional report forms that step the operator through the specific details for the report type selected 3. Present client operation specific steps and instructions based on the incident 4. Add custom location profiles to include risks, business continuity and any other custom data point for bespoke information management and filters 5. Custom Groups and sharing structure 6. Custom user permission profiles 7. Custom files for useful resources 8. Custom tags 9. Organisations logo and colours; The core customisation is configured during the initial setup but the ISARR support team are on hand to support any further changes - These do not incur any additional costs and are covered under the licence. ; Nominated client Administrators can also be given permissions to make some custom changes as well

Scaling

• Independence of resources: Cloud infrastructure provides load balanced services for high availability, with resource monitoring and horizontal and vertical scaling

Analytics

• Service usage metrics: Yes
• Metrics types: Self hosted and secure web analytics (like Google Analytics for websites) Provides activity tracking for reports on application usage including end user configurable reporting and graphical dashboards
• Reporting types:
  • API access
  • Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Interfaces are available via the administration web pages to export data (CSV and PDF). In addition, full database exports are available via support requests
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99.95% uptime
• Approach to resilience: Available on request
• Outage reporting: Clients can nominated key contacts to be added to private resource monitoring service which creates email alert updates. This includes a resources graphical dashboard.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Username and long complex passwords, requiring multi factor authentication over a dedicated VPN. Server level access also incorporates SSH For support channels SAML 2.0 with multi factor authentication All of the access controls are reviewed and managed within the Access Management Register
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: IASME Cyber Assurance Level Two Audited (third party, independent audit)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: IASME Cyber Assurance Level Two Audited; - The highest IASME level of certification (3rd party, independent audited)
• Information security policies and processes: We have fully documented Policy, Standards, Guidance and Tools Information Assurance & Security Framework. This is Audited via an independent 3rd party assessor as part of the IASME Cyber Assurance Level Two Audited standard. A copy is available on request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All development is managed and controlled using software development tools including Gitlab,locally hosted and secured All software releases follow a thorough release process which includes QA testing and documentation (for internal and external use) and includes the testing of back end and user GUI elements. Once completed, this is deployed to a staging environment for client testing and familiarisation, followed by a planned release discussed and agreed with the client
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Available on request
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Available on request
• Incident management type: Supplier-defined controls
• Incident management approach: Available on request

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Wellbeing

  Fighting climate change

  ISARR are committed to fighting climate change. We do this through our Ecologi Zero partnership (https://ecologi.com/) ; Ecologi Zero helps ISARR track our carbon emissions - Scope 1, 2 and 3.; ISARR also take proactive action and are committed to funding climate offset activities with every contract including, Habitat restoration, Reforestation, Carbon avoidance.

  Covid-19 recovery

  The ISARR platform is a digital first, online platform that can be accessed securely from any location with an internet connection, delivering capacity and capability for organisations to implement, maintain and sustain work from home and other hybrid working practices inline with recommended guidelines.

  Tackling economic inequality

  Increase supply chain resilience and capacity:; The ISARR platform supports collaboration and interaction across the supply chain including staff, suppliers and key stakeholders, to build more effective risk triggers so that all partners remain more resilient to supply chain disruption through the faster, more informed response to potential risks. This builds a more collaborative, agile and resilient supply chain and proactive disruptive event mitigations.

  Wellbeing

  Improve health and wellbeing:; The ISARR platform provides reporting and management capability to enhance physical and mental health and wellbeing in the workplace, with the ability to securely and rapidly communicate across key stakeholders to ensure the timely identification and mobilisation of appropriate interventions and support services.; ; Improve community integration:; The ISARR platform can facilitate information sharing, engagement and collaboration across diverse communities and stakeholders in order to better engage and communicate information at all levels, and importantly, provide the ability for collaboration and the harnessing of shared resources and interventions that will help build community cohesion, spirit and resilience.

Pricing

• Price: £18,000 to £250,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at solutions@isarr.com. Tell them what format you need. It will help if you say what assistive technology you use.