Riskaware Ltd.

MarineAware

MarineAware supports oil spill response at sea and the analysis of future risks, through accurate modelling, presented in a flexible data visualisation platform. It combines dispersion modelling and source identification capabilities with an intuitive web-based UI.

Features

• Decision support
• Oil slick source identification
• Oil slick dispersion modelling and prediction
• Scenario analysis
• Simple and responsive user interface
• Customisable and automatic oil spill notifications
• Identification of candidate vessels responsible for spillage
• APIs for integration with third-party functionality

Benefits

• Users can mitigate oil spills quickly and effectively
• In-built product flexibility means customers pay for what they need
• Common information platform for optimising stakeholder collaboration
• Consultancy available to provide in-depth investigations into specific events

£5,000 to £100,000 a unit a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at opportunities@riskaware.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

730514917785691

Contact

Simon Agass, Business Development Director
0117 9291058
opportunities@riskaware.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: The software is currently deployed on a commercial cloud hosting service, with a local deployment used for development and testing. The deployment is scalable and customers only pay for what they need.
• System requirements:
  • Access to met ocean forecast provider services over the internet
  • Access to AIS ship tracking providers over the internet
  • Access to web mapping services, such as Open Street Map

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Email support. Response time Next working day. For customers who require a faster response, we partner with a 24/7 response company.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Support levels are offered in alignment with customer needs. For example, the platform’s deployment for the Malaysian government utilised in-country partners for front line support, whilst more technical support is provided directly by the Riskaware team.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: MarineAware’s user manual is provided within the platform in pdf format, as well as tool tips within the user interface. Additionally, one-to-one training can be provided on request.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Data extraction can be arranged on request.
• End-of-contract process: At the end of a contract, a users' account will be removed and they will no longer have access to the system.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Both mobile and desktop services are provided through an internet browser. The page layout has been designed to support a full range of screen sizes found on phones, tablets and computers.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Users can operate the modelling service directly through the API, rather than through the web user interface. This allows integration with other third party systems. For example, for deployment in Malaysia a satellite detection service was integrated with the system through the API to add a oil spill monitoring capability.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: Each customer would have their own deployment container with it's own dedicated resources. In the event of abnormally high loads, modelling simulations are queued, with users alerted by email when they're complete.

Analytics

• Service usage metrics: Yes
• Metrics types: The last login of each user is tracked. Some deployments use Google Analytics for more detailed usage analysis.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: Data is hosted on the cloud, but within its own separate container. The container is not accessible outside the internal container network. Multiple roles are used to ensure each service has minimal privileges. Riskaware are a certified Cyber Essentials Plus accredited organisation.
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be exported for users on request.
• Data export formats: CSV
• Data import formats: Other
• Other data import formats:
  • KML files
  • GeoJSON

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: To be agreed via Service Level Agreement.
• Approach to resilience: Available on request.
• Outage reporting: Email alerts are sent to a list of in-house developers in the event of any down time or unexpected modelling failures. All scheduled outages have to be officially approved by the Riskaware board and users are informed.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: The bespoke nature of the service means that customers can request management and support services via email and therefore do not have direct access to such interfaces.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Essentials Plus
  • ISO 9001:2015 TickITplus

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: Riskaware has in place the ISO 9001:2015 TickITplus standards and is working towards obtaining ISO 27001.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Riskaware is a certified ISO 9001:2015 TickITplus company. All of its products and processes conform to these standards. In order to ensure these QA processes are adhered to, MarineAware uses issue-tracking tools, such as Jira, which is used to track work against requirements and to ensure high standards of work through peer review.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Riskaware is an accredited Cyber Essentials Plus company. All of it's systems and online products have been judged by assessor to be secure. The process of obtaining this accreditation, involves tracking, monitoring and mitigating vulnerabilities by Riskaware's in house ICT Team. ; ; Additionally, the ICT team proactively monitor threats. Patches are deployed almost immediately and most of our systems are configured to automatically update. Threat information is collated from industry leading experts by the ICT team.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: The server that hosts the application has a virus scanner and a fire wall, and all network traffic to and from the server is centrally logged. Riskaware's ICT team regularly monitor new and emerging threats via government and leading industry security sites & produce a monthly report for internal awareness.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Users can report incidents via email to the Riskaware development team. All incidents will be responded to within 24 hours, with progress tracked internally using our development management software, Jira. Our incident tracking processes adhere to the ISO 9001:2015 TickITplus standards.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  MarineAware is provide detection and monitoring of oils spills at sea along with mitigation planning tools to minimise the potential impact of an oil spill on diverse and valuable costal and marine ecosystem.

Pricing

• Price: £5,000 to £100,000 a unit a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Free trial available on request as part of negotiations.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at opportunities@riskaware.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.