Zinc Digital Business Solutions Ltd

ZINC 'SYNAPSE'

ZINC 'SYNAPSE' is a intuitive solution crafted for organisations navigating high-risk and complex environments, safeguarding public safety, personnel, brand and assets. With features spanning incident management, mass communications, health and safety oversight, compliance activities, and security patrols, SYNAPSE consolidates operations into a unified platform.

Features

• Incident management & Investigation for any type of event
• Automate & orchestrate processes, standard/emergency operating procedures, tasks and notifications.
• Mass notifications & emergency communications
• Web and mobile applications with remote access
• Compliance activities & proof of presence - audits, checks, patrols
• Organisational structure, access levels, data permissions, language and authentication
• Data query, mapping and visualisation through dashboards & reports
• Public API's
• Workplace Health & Safety Management
• Configurable workflow management and process automation

Benefits

• Reduces risk by acting faster and smarter to critical events
• Increases people safety
• Enhances business continuity & organisational resilience
• Effective communication and collaboration between teams and third parties
• Secure, rapid and user friendly
• Simplifies and automates complex processes
• Collates and centralises data for improved decision-making
• Complete records provide defence and reduce claims
• Full audit trail making users fully accountable for their actions
• Unified solution reducing cost and silo'd systems

£15,000 an instance a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sophie.malone@zinc.systems. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

915317229133244

Contact

Sophie Malone
01604 59 89 99
sophie.malone@zinc.systems

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Per Service Agreement
• System requirements:
  • AWS hosted environment
  • Apple iOS installable mobile app (latest 3 versions supported)
  • Android installable mobile app (latest 3 versions supported)
  • Chrome browser (latest 3 versions supported)
  • Firefox browser (latest 3 versions supported)
  • Edge browser (latest 3 versions supported)
  • Safari browser (latest 3 versions supported)
  • Other browsers (custom compatibility available on request)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: P1 LEVEL (Crash) - Complete loss of service (Hosting) - Entire platform not accessible (Platform) Expected Response (ERT): 1 hour Targeted Completion (TCT): 4 hours P2 LEVEL (High) - Security risks - Platform wide errors - Crashing of sections/modules - Impacts preventing multiple users from operating ERT: 4 working hours TCT: Next working day P3 LEVEL (Medium) - How-to/assistance - Data/configuration adjustments - 3rd party service faults/queries - Low-risk errors ERT: 8 working hours TCT: Next fortnightly sprint releases P4 LEVEL (Low) - Design/UI amends - Performance statistics - Training - Enhancements ERT: 24 working hours TCT: Estimated on assessment
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Support Packages included:; Essentials - Online ticketing system, business hours, ; Professional - Telephone, online ticketing system, Business hours, 4 hrs of technical assistance per month; Enterprise - Online ticketing system, customised assistance package & customer success.; Business hours is provided 9am-5pm, Monday through Friday excluding Public Holidays. Service levels are defined in the associated Service Definition document.; ; Additional Support can be added to your package; ; Technical Support Manager - £125 p/h; 5 hrs Bundle: Technical Support - £500; 10 hrs Bundle: Technical Support - £1000; The Service Desk covers a range of support services including incident management, issue resolution, release & update management, application management, infrastructure management, security and user access management.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: As a SaaS solution setting up a new customer is easy and straight forward. A Zinc project team is designated providing remote or onsite consultation, configuration, training and ongoing support. Online user guides, webinars, and client community sessions ensure our users get the most from their platform and share ideas. The technical support team is also available for any queries or questions during the setup period.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: The data module allows you to export data at a global level or module by mobile level in universally recognised formats. The data can be filtered and data ranges applied if required. If customers have access to the API continuous data extraction process is available.
• End-of-contract process: There are no additional costs with regards to standard format data extraction; Various services are available covering data migration and extraction, knowledge and document transfer and decommissioning of the platform, including closure of Zinc's internal access and data storage.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The platform is accessible on major browsers and the installable mobile app is compatible on Apple iOS and Android devices. The browser-based and installable app platforms are responsive in design and operate on smart phones, tablets, screens and video walls allowing for easy adoption on existing hardware and for bring-your-own-device (BYOD) users. Certain features of the installable mobile app operate both online and offline, with an integrated smart sync feature when internet is temporarily not available.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Zinc provides a full range of integration services where there is a need to involve differing applications and data sources to ensure seamless data interchange and integration of business rules. Zinc's public documentation portal provides full instructions on how third parties can integrate with synapse. We have a breadth of APIs that are both public and some are private. Those that are available for public consumption are: Authentication, Event/incident import (Create, update), Events/incident export, Users/staff (create, update and delete), Response forms export and our File service which will allow you to upload and manage your files within Synapse. For any other areas of Synapse where you may want to leverage API integrations, Zinc can expose private API’s publicly where applicable. Zinc will provide API access and setup for clients or 3rd parties upon request.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Configuration tools are embedded into the platform to enable the tailoring of solutions to meet specific operating needs. Pre-configured solutions mean our software can be up and running in virtually no time, while built-in configuration tools afford the flexibility required to ensure optimal alignment with any visual branding and workflow needs. ; ; Synapse is highly configurable from its data sets, forms and workflows to user interfaces. The platform has been built in a way to enable you to configure the system at ease, with no requirement for technical expertise or additional resources. The design itself is high in usability, with a clean, modern design that can also be easily branded and fit to all types of devices. Configurable aspects include: ; ; Access Levels and User Permissions; Notification Types, Recipient Rules, and Content; Incident Categories, Types and Outcomes; Incident Reporting & Management Workflows; Dynamic Forms and Questions; Incident Severity and Priority Levels; Response Forms; Management of Objects (people, users, assets, activities); Dashboards & Reports; Task & Activity Workflows; Risks (impacts, threats, vulnerabilities etc.)

Scaling

• Independence of resources: Multi tenanted hosting is included as standard. This contains auto-scaling capability which ensures customers are not impacted by demands of other users. This means that in times of higher concurrent usage the infrastructure will scale up to ensure the application is not compromised and remains performant.

Analytics

• Service usage metrics: Yes
• Metrics types: The reporting suite provides simplified reporting templates and real-time dashboards to enable at-a-glance intuition and knowledge to the analysts. The comprehensive reporting suite provides realtime access to data and dashboard can be customised to specific users and roles. Automated reporting packs can be setup providing management information in an efficient timely manner.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: AES-256 is used to encrypt the data.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: If customers have access to the API, continuous data extraction process is available. In addition, the Data module is installed for all customers. This tool is a web based platform providing complete control over the reporting and export of data from the modules you have installed on the platform. You can extract data by date periods, by location and various filtering relating to the data submitted within your application. Data can be exported in a number of universally recognised formats (i.e. CSV).
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • JSON
  • CSV
  • PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats: JSON (API)

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: SaaS Hosting SLA.; 99.9% Network Uptime guarantee. Managed data backups and restores, DDoS mitigation (Optional), Managed security services (Optional), Encrypted backups (Optional), Server virus scanning (Optional), On-demand Support Team consultations, Guaranteed response times for support requests, ; Advanced system performance and device monitoring, trend performance.
• Approach to resilience: Available on request.
• Outage reporting: Live status page available (status.zinc.systems). Outage reports are available either by email alerts (if subscribed).

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Authentication uses the MD5 message-digest algorithm is a widely used cryptographic hash function producing a 256-bit (32-byte) hash value.; ; Passwords & PINS: The Laravel Hash facade provides secure Bcrypt hashing for storing user passwords. It will take care of verifying the Bcrypt password against the un-hashed version provided by the user.; ; App Authentication: JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between the App and the server as a JSON object. This information is then verified and trusted with a digitally signed secret private key (HMAC algorithm).
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: ACM-CCAS Limited
• ISO/IEC 27001 accreditation date: 24/8/2021
• What the ISO/IEC 27001 doesn’t cover: Not covered will be 3rd party SaaS solutions that we use. A full statement of applicability covered by ISO 27001 is available on request.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO 27001
  • Follow OWASP best practice
  • Secured By Design

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials; Secured By Design
• Information security policies and processes: Zinc follows the ISO 27001 reporting structure.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Zinc adopts an agile approach to change management utilising a Scrum methodology and product backlog strategy. This approach is utilised across the business and contains contents of the product backlog and will vary to reflect evolving requirements. A Zinc technical project team is responsible for prioritising work. Current iteration is taken off the top of the backlog by the team at the start of each sprint through the sprint planning activity. This ensures the team is working in priority order, thereby making it very easy for stakeholders to define new requirements and refocus existing ones.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Zinc deploy a number of outsourced tools for both our software and our internal endpoint devices:; -For our software, we use Rootshell to carry out vulnerability scanning and report on critical to low vulnerability with recommendations for patching; -We use AWS Cognito AV package on the system; -Logz.io is used to log failed log-in attempts to the system and recently implemented SIEM package in Q1 2022; -We use ESET for end-point virus scanning ; -We use Tenable.io for vulnerability scanning on end points; -We use Ninja RMM solution for remote installation and patch management
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: With the uptake of cloud computing and the advancements in browser technology, Zinc's web applications and web services are constantly monitored using a wide range of internal and 3rd party industry leading applications allowing the Service Desk team to easily generate a wide variety of technical and compliance reports for our development team to review and resolve. SLA response times are implemented based on the severity of potential vulnerabilities raised.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Zinc has an incident management process that all staff are trained to follow at induction and annually. It determined that information security incidents will be handled properly, effectively and in a manner that minimises adverse impact to the business; and the risk of data loss, be it business, personal or research data. The process has a flowchart that leads staff through identification of events and incidents, investigation by the Information Security Group, escalation to the Board, root cause analysis and remediation, communication with stakeholders and reporting to the ICO if necessary.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Zinc Systems is committed to its ambitious carbon reduction plan targets, aiming to achieve net zero emissions by 2050. Through sustainable practices and effective management of its sustainable energy supplies, carbon reduction is an important element of our corporate social responsibility aims and objectives.; The following measures successfully led to this decrease by reducing the overall reliance on the Zinc head office and travel:; Zinc adopted home working using VOIP, Google Workspace and secure remote working policies to allow staff to work remotely; ; Having realised the productivity benefits from this, Zinc’s head office has now become a meeting hub for our teams and clients to collaborate only when required to meet in person; ; Zinc has adopted a paperless working environment. Staff are discouraged from printing documents unless absolutely necessary;; Zinc has serviced the air conditioning system to ensure it is operating efficiently and deactivated units in areas of the building less frequently used;; Zinc installed a smart metre in October 2022 to assist our understanding of where usage takes place and optimise energy usage.; ; Zinc promotes its approach to carbon reduction with its clients and encourages its suppliers to invest in its benefits by sharing our carbon reduction plan directly and via our website - https://www.zinc.systems/wp-content/uploads/2024/02/Carbon-Reduction-Plan_Zinc-Systems-2023_24-1-1.pdf. Zinc will look towards implementing environmental standards, namely ISO1401 and currently holds the Ecovadis standard for ethical, environmental and sustainable business practices.

  Covid-19 recovery

  Create employment, re-training and other return to work opportunities for those left unemployed by COVID-19, particularly new opportunities in high growth sectors; Zinc Systems is a SaaS provider of innovative incident management products and has technology at the forefront of everything we do. Our use and understanding of technology enable us to adapt quickly to employment challenges and presented us with opportunities to recruit talent from the local community but also from further afield. This meant that individuals affected by redundancy resulting from COVID-19 were able to join Zinc and thrive in our environment by developing new skills in areas such as product development, data analysis and information security to name a few. ; We recognised colleagues who needed support with shielding, either themselves or with family members within their support bubbles and ensured they were provided the flexibility to adapt to their needs while being able to maintain a good level of productivity. In instances where those staff members needed to visit the office (in line with government guidance), special consideration was given for their social distance requirements in a manner that worked for them and gave them confidence. Further, we supported clients with additional physical and mental health challenges in coping with the impact of Covid-19 with adaptions to their working patterns and appropriate working equipment installed in their homes. ; Zinc seamlessly adapted its remote working policies, work devices and software to enable colleagues to work remotely without the need to rely on furlough and avoid redundancy. As a result, Zinc experienced growth in its workforce and enhanced its overall skills base as a result of the flexibility it could offer. Reliance on office working was reduced, which remains a legacy and has contributed to less need to travel to the office or client locations to deliver our services.

  Tackling economic inequality

  Zinc Systems recognizes the importance of economic equality by creating training opportunities in collaboration with the University of Northampton new job opportunities for their graduates. By investing in local talent and expanding its recruitment efforts to encompass a wider geographic spread, Zinc Systems is not only boosting local graduate employment prospects. We have encouraged a number of graduates to continue their education with the University of Northampton alongside their work duties and have provided an environment for UoN students to complete their dissertations within our environment. ; Zinc has a track record of recruiting candidates from diverse backgrounds and we encourage employment of candidates with disabilities by implementing inclusive hiring practices and providing support for employees with disabilities.Our workforce is 32% female, of which 62% females occupy specialist roles, and our board is 30% female. ; Zinc recognises the benefits of promoting local businesses and we prioritise local suppliers for recruitment, catering, office supplies, computer hardware and ICT services.

  Equal opportunity

  Zinc Systems recognizes the importance of economic equality by creating training opportunities in collaboration with the University of Northampton and new job opportunities for their graduates. By investing in local talent and expanding its recruitment efforts to encompass a wider geographic spread, Zinc Systems is not only boosting local graduate employment prospects. ; Zinc has a track record of recruiting candidates from diverse backgrounds and we encourage employment of candidates with disabilities by implementing inclusive hiring practices and providing support for employees with disabilities.Our workforce is 32% female, of which 62% females occupy specialist roles, and our board is 30% female. ; Zinc pays all staff above the national living wage. Our policies and recruit processes have measures to tackle modern slavery and we work with our outsourced recruiters to ensure they have similar measures in place.

  Wellbeing

  Zinc Systems is active in our local and business communities to improving health and wellbeing while promoting community integration. Our teams play leading roles in mental health charities such as the Consortium for the Prevention of Suicide and raise significant funds for our nominated charities by fundraising efforts like the London Marathon to encourage staff to partake in regular physical activity. Likewise, we encourage our customers and suppliers to take part in these activities - either by supporting fundraising activities or taking an active part.; Zinc has a mental health wellbeing ambassador to encourage staff to talk confidentially about mental health challenges and we put on regular internal networking events to promote good health.

Pricing

• Price: £15,000 an instance a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: 30 days, access to standard instance.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sophie.malone@zinc.systems. Tell them what format you need. It will help if you say what assistive technology you use.