RH Environmental Limited

The Noise App

The Noise App is a triage tool for users (public or professional) to capture noise nuisance and report it safely and securely to their service provider. It is a smart tool for professionals investigating complaints about noise and makes it easier for everyone involved to resolve them.

Features

• Authenticated mobile data collection
• API back office integration
• On or off-line user data capture
• Secure cloud case management platform for investigators
• GPS mapping and multiple format audio files
• Secure data sharing and multi agency collaboration
• Customise data retention periods
• Instant message residents
• Filter user access
• Automated email updates

Benefits

• Reduce unnecessary spend on staff and equipment deployment
• Cut Response times for complaints
• Assign cases to investigating officers
• Map noise nuisance hot spots
• Analyse noise nuisance data
• Improve data quality and improve noise investigation outcomes
• Data suitable as evidence for legal proceedings
• Reduce paper working
• Remote access
• Empower citizens and improve community engagement

£240 to £16,278 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@rheglobal.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

995134504306655

Contact

RHE Global
0117 403 3584
info@rheglobal.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements:
  • A modern browser (Chrome, IE, Firefox, Safari)
  • Version IE10
  • IE11+

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: A response will be provided within 48 hours and there is limited service on the weekend.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Free support is provided through phone and email for subscribing organisation. ; ; On-site support can be provided at extra cost. This would include half day training and hardware and/or software examination for compatibility issues.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onsite training can be held for an extra cost, otherwise an over then phone walkthrough will be given for both the website and app. We also supply supportive material for implementation and advertising.
• Service documentation: No
• End-of-contract data extraction: All data submitted to your Noise App website account can be extracted by your officers.
• End-of-contract process: Once a renewal has not been taken up your account will be deactivated at the end of your last contracted date. After this we will store data for 1 month, to allow the opportunity to gain data that might have been missed when extracting or if you would like to re-take up the subscription. After this 1 month, all data is permanently wiped.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile app for iOS and Android is for residents to submit noise complaints. ; ; The website management portal is used to manage these complaints and is only used by investigating officers.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Users must contact the sales and support team to initiate the API account process. API clients are given a walkthrough in a sandbox environment and subsequent credentials to authenticate with which provides a limited set of HTTP endpoints they can access. Static and interactive documentation is given to the API customer which enables them to test the endpoints interactively in the browser.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: The senior development team actively monitor the server statistics on a daily basis and report any potential infrastructure requirements to the management team at scheduled, bi-monthly software strategy meetings. API request throttling is in place to prevent a single user maliciously or accidentally initiating a DoS attack. In addition to this, our AWS server arrangements allow for single-click scaling of hardware which can be provisioned immediately using our automated configuration management (ansible). As the application grows we will investigate the use of a load balancer to reroute traffic.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Submitted metadata can be exported in XLS or PDF.; ; Noise recordings can be exported in .MP3 and .WAV
• Data export formats: Other
• Other data export formats:
  • PDF
  • XLS
  • MP3
  • WAV
• Data import formats: Other
• Other data import formats: None

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We outsource our servers and rely on third party SLA’s for availability. We currently use Amazon Web Services, Digital Ocean, Kingston Communications (KCom) and Helastel. ; ; Contractually we do not guarantee availability unless specifically required due to factors beyond our control.; ; We have had a handful of < 1 hour service interruptions in the past 2 years. ; ; Our server hosts guarantee approximately 99.9% uptime, with service credits if they fail.; ; https://aws.amazon.com/s3/sla/; ; https://www.digitalocean.com/help/policy/
• Approach to resilience: Information available on request.
• Outage reporting: Email alerts are sent to all customers concerned. Outage messages may be circulated around social media, and dashboards will fall into maintenance mode with a reason for downtime.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: We have dedicated two senior team members in sales and development who are the gatekeepers of the management and support channels. Access to administration panels for user maintenance is restricted to these key personnel.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We use industry standards to operate our data security management. This includes a named Data Security Manager and data security training provided to all Development and Sales staff that deal in customer data. The Noise App had its own data security policy which is available on request.
• Information security policies and processes: We review our information security policy annually. The whole company is registered with the IASME Cyber Essentials programme. Information Security is a standing item on the Company Management Team agenda. The information security policy is the responsibility of a Board Level Director, who receives reports from the Information Security Officer who is also supported by a Business Analyst in the Software Solutions team.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Software code and assets are tracked and versioned in Git. ; ; Releases are versioned and deployed through the Jenkins Continuous integration platform allowing for one-click rollback if required.; ; Server software packages are managed with ansible which automates provisioning. ; ; Any code changes are reviewed by the Senior Development team and released to the staging server for testing before being released to production. ; ; Server software package changes between development machines, staging and production are all managed via ansible which ensures the environment is replicable. ; ; Feature changes require approval from sales, the business analyst and senior development team before coding begins.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We assess potential threats via our automated vulnerability scanner, OpenVAS, which runs weekly. We monitor for unusual activity that may indicate a system defect being exploited. Areas of the application that involve handling of secure information are prioritised. If a third-party library is used, the development team will research the issues to assess whether there are known flaws which could affect our systems. We receive alerts from the National Cyber Security Centre regarding the latest threats which are forwarded to the development team if relevant. Patches are prioritised and tested on our staging server before released to production.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The senior development team monitor server data and statistics which shows a current and historical overview of the platform. Unusual activity (spikes or behaviour not typical to that time of day) are investigated by analysing the logs. Potential compromises can also be identified during testing on the staging server. Any issue would be raised with the development team and prioritised in the backlog before changes are made to production. In addition to manual testing, there is also some automated test-coverage across the application. Failed tests would indicate a potential flaw in the application and would be prioritised immediately.
• Incident management type: Supplier-defined controls
• Incident management approach: Dedicated support team who respond to incidents.; Incident call raised by the "incident commander" who assembles relevant people to action the incident.; Incident logged in an issue tracking system.; Post-mortem with follow up actions to help detect and mitigate similar issues in the future.; Use of a common post-mortem template so we can analyse where the majority of issues stem from. Users report incidents either through the app, or via the support page on the website. The support team then react to this and notify the incident commander.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Covid-19 recovery:

  Covid-19 recovery

  The Noise App allows for services to be retained during lockdowns and can assist with remote working.

Pricing

• Price: £240 to £16,278 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We currently offer a 4-week free trial on the entire service.
• Link to free trial: http://www.thenoiseapp.com/#/account/register

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@rheglobal.com. Tell them what format you need. It will help if you say what assistive technology you use.