CriticalArc Ltd

SafeZone

Critical Arc, a global tech innovator, designs and delivers a distributed command and control solution, SafeZone™, which is revolutionising the way organisations manage day-to-day safety and security operations. SafeZone provides response teams with complete operational awareness, to enhance the protection of dispersed people, facilities, and assets, while delivering efficiency savings.

Features

• Unified Safety, Security, Wellbeing and Emergency Management System
• High Risk and Lone Worker Management
• Real time team co-ordination and Emergency Response
• International and Domestic Travel Security
• Real time response coordination
• Mentalhealth and Wellbeing
• Active Threat Management
• Indoor Positioning
• Mass and Targeted Communications
• Tip Reporting

Benefits

• Unified Solution reducing cost and silo'd systems
• Reduces costs & increases efficiency
• Eliminate capital costs
• Enhances Security & Business Continuity
• Improves Incident Response
• Optimises Resources & Assets
• Increases Staff Safety
• Enables Collaboration
• Ultra-Fast, Reliable and Highly-secure

£18,900 an instance

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at dcs@criticalarc.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

807610951491149

Contact

Darren Chalmers-Stevns
07787410860
dcs@criticalarc.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Per service agreement
• System requirements: Web browser Interface

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: SLA's are listed within the SafeZone Security Software Agreement; ; Two support offerings:; ; Standard - Monday to Friday 9-6; Premium - 24/7 (20% additional cost on the support / maintenance costs); ; Both options include remote and onsite services at no additional cost aligned to our SLA and KPI's.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Two support offerings:; ; Standard - Monday to Friday 9-6; Premium - 24/7 (20% additional cost on the support / maintenance costs); ; Both options include remote and onsite services at no additional cost aligned to our SLA and KPI's.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onsite consultation, configuration, training and ongoing support.; ; Full marketing campaign/templates provided to customers at no additional cost; ; Ongoing product training, knowledge transfer from other users and an annual conference bringing together all customers for best use case sharing of ideas and vision for the platform
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Videos
• End-of-contract data extraction: Interfaces are available via the administration web pages to export data. In addition, full database exports are available via support requests.
• End-of-contract process: Various services are available at the end of the contract for repatriating/transitioning or destroying data all subject to GDPR / Data Protection Laws.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Fully mobile optimised. Omniguard, SafeZone and SafeTrans apps are all smartphone applications, and the SafeZone web service is also designed to work on mobile.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Users with appropriate permissions have access to the admin interface. General configuration of the software, service and admin can be conducted through this interface.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We undergo regular VPAT testing to ensure all components of or solution are accessible and remediate as necessary. In addition to VPAT testing, we regularly engage members of our SafeZone community who use assistive technologies
• API: Yes
• What users can and can't do using the API: We operate both a fully documented and supported API and SDK for the solution.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Features, functions, and workflows are customizable by specific users with appropriate permissions/training.

Scaling

• Independence of resources: Via automated tools using our Microsoft Azure infrastructure allowing for scaling to meet demand and load balancing to ensure continuity of service.

Analytics

• Service usage metrics: Yes
• Metrics types: Real time server stats and history; Alert, users and performance real time and historical
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Interfaces are available via the administration web pages to export data. In addition, full database exports are available via support requests.
• Data export formats:
  • CSV
  • Other
• Other data export formats: API
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • REST API
  • XLS

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We offer a 99.9% up time aligned to Microsoft Azure's up time SLA. We have a structured support and maintenance agreement which provides SLA and KPI's to include penalties for non performance.
• Approach to resilience: SafeZone utilizes the Microsoft Azure cloud platform for its Command, Web, Messaging and Database components as well as data backups. Each geographical region has a primary datacentre where data is processed, stored and served for the region, as well as a secondary datacentre where backups are persisted. Architecture within the primary datacentre is redundant, with any hardware failure having no impact on uptime. The secondary datacentre can be promoted to primary during a disaster recovery scenario. Customers are assigned to a region based on both their regulatory data protection requirements and geography. All sensitive and personally identifiable information is kept within region except in cases where expressed permission is given by the customer to allow data to be transferred out of region.
• Outage reporting: Email alerts and a public dashboard shows real time and historical service status: http://status.criticalarc.com/; ; API available also

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: Numerous tools, at a basic level user name and passwords, in addition two factor authentication and single sign on (we have standardised on SAML 2.0), this is flexible and can support other types of identity management systems.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Best Practice Certification PTY Ltd
• ISO/IEC 27001 accreditation date: 19/09/2023
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: CTO responsible for day to day management and enforcement of policies / procedures with CEO providing scrutiny and assessment reporting to the board

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All development is managed and controlled using software development tools to include JIRA our cloud based solution. All software releases are released through a thorough release process which includes testing of back end and user GUI elements. Once completed, we typically issue a beta version to a customer who is in the beta program and then made available to all customers.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Continuous threat assessments; Patches can be deployed same day once discovered; Customers, security partners and own working knowledge (keeping up to date with local, national and international threats)
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Continuous assessments; Patches can be deployed same day once discovered; Customers, security partners and own working knowledge (keeping up to date with local, national and international incidents)
• Incident management type: Supplier-defined controls
• Incident management approach: Continuous assessments; Patches can be deployed same day once discovered; Customers, security partners and own working knowledge (keeping up to date with local, national and international incidents)

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Joint Academic Network (JANET)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  CriticalArc recognises that it has a responsibility to the environment beyond legal and regulatory requirements and this is reflected within our Environmental Policy, a copy of which is available on request. We are committed to reducing our environmental impact, fighting climate change and continually improving our environmental performance as an integral part of our business strategy and operating methods, with regular review points. We will encourage customers, suppliers and other stakeholders to do the same”.; ; Key areas around climate change in the Environmental Policy include:; - minimising the use of paper in the office and reducing packaging where possible; - seeking to buy recycled and recyclable paper products whenever possible ; - reusing and recycling all paper where possible; reducing the use of energy by switching off lights and electrical - equipment when not in use ; - evaluating if the business needs can be met with less environmental impact; - evaluating the environmental impact of any new products ; - promoting the use of travel alternatives such as e-mail or video/phone conferencing

  Covid-19 recovery

  Following the pandemic, as a business there was an obvious increased need to ensure that our employees' mental and physical health continues to be supported; thus reducing the demand on health and care services. With this in mind in August 2022 CriticalArc Ltd implemented an Employee Assistance Programme, where employees are able to access 24/7/365 telephone support for work-related and personal issues, and an online portal which provides further advice and guidance. The Qualified counsellors are Accredited by the British Association for Counselling and Psychotherapy (BACP).; ; As a business since Covid there has also been a shift to work patterns where employees do a hybrid of working from home and in the office.

  Tackling economic inequality

  CriticalArc's HR and business policies look to embed various measures to ensure economic inequality is actively addressed. These measures are implemented globally, including;; ; -Fair Wages and Benefits: Ensuring that all employees are paid fair wages that align with the cost of living. This includes offering benefits such as healthcare, pensions, and paid holiday.; Equal Pay Policies: Implement policies that ensure equal pay for equal work, regardless of gender, race, or other factors. ; Promotion and Advancement Opportunities: Create pathways for career advancement and provide equal opportunities for promotion based on merit rather than factors like gender, race, or socioeconomic background.; Diverse Hiring Practices: Implement practices that promote diversity and inclusion in the hiring process, including outreach to underrepresented communities and unconscious bias training for hiring managers.; Education and Training Programs: Offer training and development programs to help employees acquire new skills and advance in their careers. ; Employee Assistance Programs: Provide resources and support for employees facing financial challenges, such as access to financial counselling.; Corporate Social Responsibility: Engage in initiatives that address broader societal issues related to economic inequality, such as supporting community development programs, investing in education and workforce development, and advocating for public policies that promote economic and social equity.; Supplier Diversity: Encourage diversity and inclusion and good practice Social Values among suppliers and contractors.

  Equal opportunity

  Within our CriticalArc Ltd Employee Handbook under section 4.Equal Opportunities, Diversity and Inclusion our management of the risks of modern slavery including in the supply chain are outlined. Referenced from the above document re our recruitment and employment principles; ; “We abhor recruitment based on harbouring or transporting people into situations of exploitation through violence, deception or coercion. We condemn employment practices in which people are subjected to servitude or forced to work against their will. ; We embrace principles supportive of inclusion, equal treatment without discrimination and the protection of employment law”.

  Wellbeing

  Support of wellbeing is provided to all CriticalArc employees through the Employee Assistance Programme, where employees are able to access 24/7/365 telephone support for work-related and personal issues, and an online portal which provides further advice and guidance, The Qualified counsellors are Accredited by the British Association for Counselling and Psychotherapy (BACP).

Pricing

• Price: £18,900 an instance
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Full use of the solution for a 30 day period. Services are chargeable to set-up the solution / provide training.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at dcs@criticalarc.com. Tell them what format you need. It will help if you say what assistive technology you use.