Switchstance

Fire Risk Assessment - Application

Streamlining the process for auditing premises for Fire Risk Assessments, that produces reports which are compliant with current fire health and safety legislation.

Features

• Management of Fire Safety
• Fire Hazards and Dangerous Substance assessment
• Photo storage
• Remote Access
• Online and Offline Application
• Reporting
• Admin dashboard and user management
• Data collection and storage

Benefits

• Easily accessible - Online & Offline
• Improved business efficiency
• Automatically generated report
• Automatically generated action plans

£150 a licence

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hello@switchstance.agency. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

719724267082509

Contact

Angela Stead
0114 3456 700
hello@switchstance.agency

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: N/A
• System requirements:
  • Internet access
  • Software licenses

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Email support - will be answered within 24 hours Monday to Friday 8.30am - 5pm.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support levels are subject to specific SLAs, determined at the point of contract. ; ; Specific costs are dependent on numbers of users.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onsite and/or online training can be provided.
• Service documentation: No
• End-of-contract data extraction: The specifics of the data extraction policy are determined at project commencement, however we provide the option for full CSV data extraction as a minimum.
• End-of-contract process: The possibilities are broad and varied, dependent on the contract. Customer's requirements are discussed individually.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: In some instances functionality may be reduced on smaller devices where practically necessary.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: Questions for the Fire Risk Assessment can be added or removed, by request.; ; Branding for dashboard, app and reports available.

Scaling

• Independence of resources: The system will be scalable which means resources will be adjusted in order to prevent performance issues caused by quantity of information held within the system. We periodically verify system performance to assure system performance is not affected.

Analytics

• Service usage metrics: Yes
• Metrics types: Available upon request.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: On request, we will provide full export of the database as SQL files (from MySQL database), CSV and XLS(X) files.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection between networks: Whitelisting or blacklisting IP addresses or ranges as additional security measures.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Specific SLAs would be determined at the point of contract. ; ; Our general are:; ; Backup of data and off site storage plan:; All databases are backed up daily and back-ups are then kept for 14 days (this can be changed upon request).; All data is stored in manned Data Centres, which are backed up every day.; Additional cross-server backups performed intermittently.; ; Recovery:; Recovery of data is performed following the identification of which backup point is required by the client. Latest backup point (as outlined above) is always used where any data restore is required.; Restore of previous backup points due to user error must be discussed individually to ascertain an approach acceptable by representatives for each party and may incur additional costs based on required solution.; Recovery of system files is performed using the latest live version of the system.; Any emergency recovery activity is performed to the shortest feasible timeframe, that is, resource will be applied to any issue as soon as it arises.; ; Support:; Support requests received will receive a response within 24 hours. The clock is stopped over the weekend.
• Approach to resilience: Available on request.
• Outage reporting: We would report any service outages through email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: We manage our infrastructure through AWS Console using AWS Identity and Access Management providing enhanced security. Communication between our computers and AWS Console is performed through secure connection (HTTPS). Every authorised employee has own IAM account protected with 2 Factor Authentication. Connections to our servers through port 22 (SSH) and 3306 (MySQL) are allowed only for whitelisted IPs, connections from other IPs are rejected by firewall.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: ISO 27001, self accessed.
• Information security policies and processes: We have various documents detailing our Information Security Policy that are available upon request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Components are managed via locked packaged files, these inform the system what version of components are being used. We receive notifications from services about potential issues and we assess whether to upgrade. Most use Semver (semantic versioning) - the system only upgrades necessary system upgrades and we assess others.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: All systems (including infrastructure hosting those systems) are scanned for vulnerabilities on regular basis. Any issues reported during a scan are fixed immediately. We're monitoring CVE (Common Vulnerabilities and Exploits) database maintained by NIST for any new vulnerabilities and verify if they affect our systems. Patches to software affected by new vulnerabilities are applied within 24 hours.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: For our systems we have audit trail logging every action. When user logs in from unknown IP notification is sent to our team. If we suspect this might be a potential compromise we block traffic from that IP on firewall and start investigating the source of compromise. Actions are performed immediately after receiving the notification. We also monitor changes to core files of our systems and notify the team when it happens, so we can action immediately in case of malicious actions. The rest of our process is available upon request, including monitoring AWS Console access and monitoring servers.
• Incident management type: Supplier-defined controls
• Incident management approach: Users have the ability to report incidents, which we will then create a ticket in the system for, categorise and set a priority level for. The tickets will then be dealt with accordingly. Once issue has been resolved, we will contact the client via telephone or email explaining the issue and how we resolved this.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Digitisation of documents providing environmental benefits, boosting energy-efficient resource consumption.

Pricing

• Price: £150 a licence
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: It is a test version of the system in order to get a better feel for the software.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hello@switchstance.agency. Tell them what format you need. It will help if you say what assistive technology you use.