REGRISK TECHNOLOGY LIMITED

RISKGRID

To provide an online platform to build, maintain, manage and share risk assessment matrices for health & safety, educational, financial, cybersecurity and many other business verticals.

Features

• Risk Management
• Near-Time
• Auditable
• Risk Assessment
• Reporting
• Multi-User
• Configurable
• Forward Planning
• Template Solutions

Benefits

• Easy to build and maintain Risk Assessments
• Fully Auditable
• Simple to use, configure, and customise
• Simple User Interface
• Easy to share across multiple users

£100 to £3,000 a unit a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at colin.woodford@regrisktech.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

833484785814982

Contact

Colin Woodford
07809838839
colin.woodford@regrisktech.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: None.
• System requirements: Web Browser Access.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 2 hours, Monday - Friday, 9am - 6pm; Outside of regular UK business hours available at additional charge.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: For enterprise level we provide and individual support contact for each account included in the regular pricing.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: There is a simple online training available on the site.; We provide onsite / video training for enterprise subscriptions.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Users can extract data in .csv format if required.; For more complex requirements (SQL export or in format for another system) this can be provided at additional cost.
• End-of-contract process: Only additional cost is if data extract is required in non .csv format.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Access is via the regular website interface which while not specifically designed for mobile devices is fully functional, although smaller screens will naturally cause issues where large risk amounts of data are looked at.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: All labelling, colours, tags can be fully customised by users.; We provide a full white labelling service for Enterprise level subscriptions.

Scaling

• Independence of resources: We auto-scale the application in Azure to ensure that user demand is met for both database and compute. For enterprise subscriptions the users will operate on a fully segregated database and application instance away from the main user portal.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Via the application into .csv (Excel) format.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Pdf
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: None. We rely on MS Azure for SLA and for enterprise subscriptions we are happy to provide higher level SLA if required (as run on separate instances)
• Approach to resilience: Use of MS Azure resiliency features.
• Outage reporting: None.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: For enterprise level we can provided limited IP access via a VPN if needed.
• Access restrictions in management interfaces and support channels: RBAC in the application.
• Access restriction testing frequency: Less than once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Managed by CTO.
• Information security policies and processes: Managed and led by CTO. Audited within Microsoft Azure on regular basis using Defender.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Releases fully managed by lead developer and CTO or equivalent overseeing change process.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Software stacks are managed within Azure application and database environment and patches are applied automatically. We review on a regular basis potential threats.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Use Microsoft Azure Defender to monitor threats and breaches.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents can be reported via the website portal or email.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  Help ensure employee well-being by providing functionality such as accurate and up to date Health & Safety Risk Assessments on the workplace.

Pricing

• Price: £100 to £3,000 a unit a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Full access to the portal service for a month, or longer if required on request.
• Link to free trial: Portal.risk-grid.com

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at colin.woodford@regrisktech.com. Tell them what format you need. It will help if you say what assistive technology you use.