STC INSISO LTD

COMET

COMET is a configurable set of intelligent data-driven tools supported by domain expertise for incident management, investigation, root cause analysis, audit, and supply chain assurance. A consistent and structured approach,  with integration to EHS systems, and with AI enhancements to give you real risk intelligence to see the previously unseen.

Features

Incident investigation root cause analysis including Human Factors
Audit and inspection capability including root cause analysis
Predictive alerts using AI/ML to learn from previous incidents
Efficient Supply Chain risk analysis tool
Incident Management tool that uniquely builds in root cause analysis
Unique coded taxonomy to help understand the bigger picture
Ability to study PowerBI to understand at macro level
Ability to API into broader other cloud based EHS systems

Benefits

Understand the true root causes of your incidents
Create appropriate corrective actions
Understand the why behind failed audits, not just the what.
See the unseen using latest AI/ML and big data
Tried and test in various sectors and industries
Work towards eliminating repeat failure in a serious manner
No other platform builds Human Factors into their investigation software
eliminates human bias, unconscious or otherwise
Over 400 years of combined investigation experience
Is used for H&S, Quality, Business, Security, Environment, Equipment

£41,400 a licence a year

Free trial available

Service documents

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at euan.henderson@stcinsiso.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

Contact

STC INSISO LTD Euan Henderson
Telephone: +447795805225
Email: euan.henderson@stcinsiso.com

Service scope

Software add-on or extension: No
Cloud deployment model: Private cloud
Service constraints: No
System requirements: Software is accessed via the web

Stable bandwidth

User support

Email or online ticketing support: Email or online ticketing
Support response times: Within 24 hours
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: None or don’t know
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: No
Onsite support: Yes, at extra cost
Support levels: We provide a complete helpdesk with support based on a service level agreement, customers raise a ticket which is attributed a level of priority within our helpdesk system. The support team will assign the ticket and address as required providing updates as per the agreed cadence of the service level agreement. Typically each client also has an account manager/contact within the organisation for general issues.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: COMET is simple to use but we do offer training courses for those using the Investigation and Assured Modules. Training can be delivered face to face or virtually depending on the buyers preference. User guides can be found in the software where applicable.
Course descriptions and costs can be found in our pricing matrix.
Service documentation: Yes
Documentation formats: PDF

Other
Other documentation formats: Video
End-of-contract data extraction: Users can extract their data using the COMET API or alternatively a request to the support desk for a complete extract in flat file format of their data.
End-of-contract process: Any services out with the provision of client data at the end of a contract would result in an additional cost however all decommissioning of services and provision of data extracts is included.

Using the service

Web browser interface: Yes
Supported browsers: Internet Explorer 11

Microsoft Edge

Firefox

Chrome

Safari

Opera
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: Our Incident Management module is a mobile first platform where users can log incidents, near misses and observations in real time.
Service interface: No
User support accessibility: WCAG 2.1 AAA
API: Yes
What users can and can't do using the API: Our API capability is there to move data to/from COMET and show it in the clients full EHS system, such as Intelex or Synergi Life. If the client creates an incident in their overall EHS platform, this data can be moved to COMET and will show the created incident number and other details already created. The API functionality can also be used to move data to the users internal PowerBI dashboards for example.
We will set this functionality up for the client where they procure the API feature and would make any changes during the term of the contract.
Provided the data transfer is between COMET and a cloud based platform there are no limitations.
API documentation: Yes
API documentation formats: PDF
API sandbox or test environment: Yes
Customisation available: Yes
Description of customisation: All COMET modules can be fully configured to meet the buyers requirements. At initial role out we would have configured the base level for them along the lines of what the client requires. Users, with admin rights, can then do further configuration on their own without having to engage with us. This includes the ability to create their own templates for audits, tags for different types of incidents, risk assessment matrix within the supply chain module and so forth.

Scaling

Independence of resources: As COMET is cloud based there is no issue with accessibility as demand grows. Indeed, COMET is geared towards scalability as our clients requirements grow.

Analytics

Service usage metrics: Yes
Metrics types: Clients have the ability to look at stats on reports created, and when, in most modules. In-built PowerBI charts are also available in the modules that can be used to look at various stats on usage, number of incidents recorded, audits and inspections completed. Our Investigation module also includes stats on the investigation team and where they are with their current investigations along with the root causes they finding in each investigation they complete.
Clients also have the ability to API this info into their internal dashboards.
Reporting types: API access

Real-time dashboards

Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: None

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom

Other locations
User control over data storage and processing locations: Yes
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least once a year
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Encryption of all physical media
Data sanitisation process: Yes
Data sanitisation type: Deleted data can’t be directly accessed
Equipment disposal approach: In-house destruction process

Data importing and exporting

Data export approach: Users are able to export their data either by accessing the COMET API or using the available flat file excel export features within the platform itself.
Data export formats: Other
Other data export formats: Excel

JSON
Data import formats: CSV

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability: We guarantee availability based on 99.9% uptime with dependency on Azure Datacentre uptime as well.
Approach to resilience: We have replicated and mirrored database and application services, the deployment is of a PaaS (Platform as a Service) nature such that services can be restored within seconds if required with frequent snapshots of both database and application services
Outage reporting: Communication will be via email.

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication
Access restrictions in management interfaces and support channels: For management interfaces, access is restricted based on the principle of least privilege, ensuring that only authorized personnel have access to critical functions and data. This is achieved through role-based access control mechanisms, where access rights are granted based on job responsibilities and hierarchy. Multi-factor authentication is also employed to enhance security, requiring additional verification steps beyond passwords. Additionally, audit logs are maintained to track and monitor all access activities, enabling timely detection of unauthorized access attempts.
Access restriction testing frequency: At least every 6 months
Management access authentication: 2-factor authentication

Username or password

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: User-defined
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: User-defined
How long system logs are stored for: User-defined

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: NQA Certification Limited
ISO/IEC 27001 accreditation date: 26/04/2024
What the ISO/IEC 27001 doesn’t cover: Everything is covered
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: Yes
Any other security certifications: IASME Gold

ISO 27001

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: As a SaaS company, we prioritise robust information security measures. Our policies encompass access control with role-based authentication, data encryption for both transit and storage, swift incident response protocols, continuous security monitoring, and comprehensive staff training. Regular audits ensure compliance with industry standards and regulations. These measures collectively safeguard client data, ensuring confidentiality, integrity, and availability at all times.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: Our configuration and change management processes ensure service integrity and security. Using tools like Jira, we track components from inception to deployment. During development sprints, changes undergo rigorous security assessments logged in Jira, ensuring transparency and accountability. Before deployment, releases undergo thorough testing, including automated scans and manual reviews, to identify and mitigate vulnerabilities. This approach integrates security seamlessly into our development and release cycles, balancing agility with robust protection.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: As an organisation utilising Microsoft Defender in Office 365 and Azure, our vulnerability management is proactive. We employ continuous scanning, threat intelligence, and manual analysis to swiftly assess potential threats. Patches are deployed promptly based on severity, supported by Microsoft's Security Response Centre advisories. We leverage diverse threat intelligence sources to stay ahead of emerging risks. This approach enables us to proactively identify and address vulnerabilities, ensuring the security of our services and data.
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: Utilising Microsoft Defender within Office 365 and Azure, our protective monitoring is robust. We employ real-time tools to detect potential compromises swiftly. In response, we initiate predefined procedures, isolating affected systems and conducting thorough investigations. Remediation actions are taken promptly, with priority given to critical issues. Our goal is to respond rapidly to incidents, minimizing impact on our systems and data.
Incident management type: Supplier-defined controls
Incident management approach: We utilise our internal incident management platform to log, classify and investigate incidents based on their severity whereby upon conclusion of that a report can be issued for the incident and investigation outcomes.

Secure development

Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks: No

Pricing

Price: £41,400 a licence a year
Discount for educational organisations: No
Free trial available: Yes
Description of free trial: We have the ability for a prospect to run a short, basic, trial of our various modules. We can also take a prospects past incident and put it through our software to highlight the differences COMET brings to an investigation compared to other methods of root cause analysis.

Service documents

Request an accessible format

Cookies on Digital Marketplace

COMET

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents