Technical, Security and Resilience
Transputec is a UK-based IT services provider with over 35 years of industry experience. They are ISO 27001, ISO 1400 and ISO 9001 certified, ensuring high standards in information security and quality management. As the parent company of Crises Control, Transputec provides the technical infrastructure, cybersecurity expertise, and operational support required to deliver a robust and reliable platform.
Crises Control is hosted on Microsoft Azure, a global cloud computing platform known for its high availability and security. Specifically, Crises Control data is stored in Azure data centers located in in USA, EEC, UAE regions, ensuring data residency compliance for UK, EU and USA clients. Azure offers advanced physical security, continuous monitoring, and automated threat protection.
Crises Control leverages Microsoft Azure’s enterprise-grade cloud infrastructure to ensure data security. Data is encrypted both at rest and in transit using advanced encryption standards. Access is governed by strict authentication and authorization protocols, and the platform adheres to ISO 27001 and GDPR compliance requirements.
Crises Control does not store or process any credit card or financial data directly. All transactions are handled via trusted third-party payment providers that are PCI DSS compliant. This ensures that payment information is protected according to the highest standards in the industry.
Crises Control uses WorldPay, who process any credit card payments. Crises Control does not hold any credit card information, all credit card transactions are processed through WorldPay gateway.
Crises Control system has no touch points with the client operating environment and so will not breach your PCI compliant zone boundaries.
WorldPay are PCI compliant, Worldpay is a global leader in payments processing technology and solutions for our merchant customers.
We partner with different major telecom companies around the world to meet the specific needs of our clients.
Our primary messaging partner for SMS and voice calling is Twilio which is a leader in the industry. Twilio maintains redundant inbound and outbound connectivity with dozens of network carriers around the world. Their real-time systems dynamically route each call or message via the carrier with the best connectivity at any point in time, responding automatically to carrier availability and reliability.
Other partners include CM.com and Unifonic in the Middle East region.
We partner with Apple, Google for PUSH notice alerts.
We partner with Microsoft and Amazon SES for high volume Email alerts.
Crises Control is available on the UK government digital service framework G-cloud. This service is operated from two distinct environments to provide public sector consumers with choice and price flexibility, dependent upon their information assurance requirements.
Our standard offering is hosted on a Government Community Cloud platform suitable for information assurance needs up-to “OFFICIAL” and is only connected to the public internet. Our secure offering is hosted on a Government Community Cloud platform which holds pan-government accreditation for information up-to and including the “OFFICIAL-SENSITIVE” impact level, with connections to GSI, PSN, N3 and PNN networks as well as the Internet.
We have carefully engineered our infrastructure to minimize potential points of failure and ensure high availability, thereby maximizing the resilience of the Crises Control platform. By leveraging a secure, scalable cloud environment, we provide reliable, uninterrupted service and support during critical situations.
While Crises Control is primarily offered as a cloud-based solution, on-premise deployment is not available as a standard option. However, for government agencies and enterprise clients with specific security requirements, a private installation may be considered following a comprehensive security assessment.
Severity | Criteria | SLA | Target Achievement |
---|---|---|---|
1 | A fault exists that results in a total loss of service or functionality affecting a whole site (sites), or whole system or services. | 15 minutes to respond. 4 working hours to resolve. | 95% of all Severity 1 Incidents will be resolved within the SLA |
2 | A fault exists which results in partial loss of service or functionality affecting multiple users. | 15 minutes to respond. 8 working hours to resolve. | 95% of all Severity 2 Incidents will be resolved within the SLA. |
3 | A fault exists which results in loss of service or functionality for a single user. | 15 minutes to respond. 24 working hours to resolve. | 95% of all Severity 3 Incidents will be resolved within the SLA. |
Crises Control has several implementation partners worldwide. It shares ownership with Transputec Limited and Transputec is one of its leading implementation partners.
Transputec and other partners adheres to the following standards:
- Transputec is fully certified to the ISO 9001:2015 standard.
- Transputec is fully certified to the ISO 27001:2013 standard.
- Transputec is fully certified to the ISO 14001:2013 standard.
- Transputec is fully Cyber Essential Plus certified.
Click here for Transputec accreditations.
Crises Control is a Corporate Partner of the Business Continuity Institute and Continuity Forum. The Business Continuity Institute (BCI) is the world’s leading institute for business continuity. Established in 1994, the BCI has established itself as the leading membership and certifying organisation for Business Continuity professionals worldwide.
Huawei phones, which run on the Android operating system, have encountered some challenges related to app downloads and usage due to a series of events that unfolded in 2019 and beyond. Here's a summary of the situation:
US Government Restrictions: In May 2019, the United States government placed Huawei on a trade blacklist, effectively prohibiting US companies from doing business with Huawei without special permission. This action was taken due to concerns about national security and Huawei's alleged ties to the Chinese government.
Google Services and Play Store Access: As a result of these restrictions, Huawei's newer phones, such as those released after May 2019, lost access to Google services, including the Google Play Store. This meant that users of these phones could not access the official Google Play Store to download apps like they normally would on other Android devices.
Huawei has been actively working on finding solutions to these challenges, and the availability of apps on Huawei devices might have improved or changed.
If you're using a Huawei device and facing issues with app downloads, it's a good idea to check the current state of Huawei's app ecosystem, any updates from Huawei on this matter, and online forums or communities where users might share their experiences and workarounds.
Crises Control is fully GDPR compliant and can support other regional privacy laws such as CCPA through appropriate data handling practices. Customer data is stored securely, access is tightly controlled, and we never sell or share personal information with third parties.
Upon service termination, customer data is retained for a limited period as per our data retention policy, after which it is permanently deleted. Customers can also request immediate deletion of data, in compliance with GDPR and other privacy regulations.
Yes, Crises Control offers customers the ability to choose the primary data residency region from supported Microsoft Azure locations. This allows compliance with local data sovereignty laws and company policies.
We conduct regular internal and third-party security audits, including annual penetration testing, to identify and address potential vulnerabilities. These assessments are critical in maintaining a robust and secure environment.
Yes, Crises Control supports Single Sign-On (SSO) through integration with popular identity providers such as Azure Active Directory, Okta, and others using SAML 2.0 and OAuth protocols.
Crises Control leverages Microsoft Azure’s high-availability infrastructure and implements monitoring, redundancy, and failover mechanisms to ensure maximum uptime. We offer a service level target of 99.9% availability.
Yes, Crises Control maintains comprehensive disaster recovery and business continuity plans. Regular backups, replication, and recovery testing ensure service resilience and minimal downtime in case of incidents.
Crises Control benefits from Azure’s built-in DDoS protection, web application firewalls, and continuous monitoring to detect and mitigate cyber threats in real time.
Yes, administrators have access to detailed audit logs and activity reports via the Crises Control dashboard. These reports help with compliance, security monitoring, and internal reviews.
Systems Integrations
You can use Crises Control from your desktop, laptop, tablet or mobile phone anywhere in the world. All you need is an internet connection or mobile data to receive emails and push notifications, and phone signal to receive SMS and phone calls.
Crises Control offers the incident manager up to 5 communication channels: Email, SMS, Push notification, Telephone call, and Web alert. Any combination of channels can be used to deliver the message to users. Messages can be cascaded with time gaps between channels to avoid spamming users and optimise reach and cost control.
There is no limit to the number of recipients an alert can be sent to.
- Active Directory Integration
- Azure Active Directory Provisioning (SCIM)
- Single sign on (SSO) Azure AD/Okta
- Open APIs
- Fire detection systems
- CCTV monitoring systems
- Security monitoring systems
- Cyber threat monitoring systems
- Service desk systems
- IT alerting systems
- CRM systems
- HR systems
- Server monitoring systems
- Ticketing systems (ITSM)
Yes, Crises Control can be integrated with collaboration platforms such as Microsoft Teams and Slack. This allows notifications and alerts to be delivered directly into your team's communication channels for immediate visibility and response.
Yes, Crises Control offers a RESTful API that allows external systems to trigger incidents programmatically. This is useful for integrating with monitoring tools, building automation workflows, or linking with custom business systems.
Crises Control can integrate with HR systems for automated contact syncing. This ensures that user information is always up to date and that critical communications reach the right people at the right time.
Yes, Crises Control offers integration options and templates for widely-used platforms like ServiceNow and Salesforce. These enable seamless incident management workflows and ensure consistent communication across your ecosystem.
All integrations with Crises Control are secured using industry-standard authentication protocols such as OAuth 2.0 and API keys. Communication is encrypted using HTTPS, and access controls ensure only authorized systems can connect.
Yes, Crises Control supports webhooks that can be configured to send notifications to external systems when specific events occur. This enables real-time updates and tight integration with operational tools.
Absolutely. Crises Control can integrate with IT monitoring tools like SolarWinds, Nagios, or Microsoft System Center to automatically send alerts when certain thresholds or conditions are met.
Our technical support team provides full assistance during integration setup. This includes access to documentation, implementation guides, and hands-on support from solution architects if required.
Yes, Crises Control can integrate with third-party emergency notification and physical security platforms. These integrations help consolidate alerting and enhance situational awareness across your organization.
Notifications & Alerts
There can be several reasons why you may not receive emails. Here are some common factors to consider:
- Incorrect Email Address: Double-check if the email address provided to the sender is correct. Even a minor typo can result in emails being sent to the wrong address.
- Spam or Junk Folder: Check your spam or junk folder in your email client or webmail interface. Sometimes, legitimate emails can be filtered as spam and end up in these folders. Marking such emails as "not spam" can help avoid this in the future.
- Email Filtering: Spam filters are customizable and can block emails containing specific words, and some networks or organisations have strict rules that automatically block, or mark messages sent outside of their whitelist. Review your email settings to ensure they are not set to reject or filter out specific senders or types of emails.
- Full Mailbox: If your email account has reached its storage capacity, new emails may not be delivered. Ensure that your mailbox has sufficient space to receive new messages.
- Email Delivery Issues: Occasionally, there may be temporary issues with the sender's email server or your email provider's server that can result in delayed or failed email delivery. In such cases, it’s advisable to wait and see if the issue resolves itself.
- Network or Connectivity Issues: Connectivity problems on your end, such as internet outages or firewall restrictions, can prevent you from receiving emails. Ensure that your internet connection is stable and that any network or firewall settings are properly configured.
- Whitelist Domains & IP Blocks: It is quite common for organisations' firewalls to block access to traffic except for certain whitelisted. Your network administrator should check this and *.Crises-Control.com and *.Vimeo.com to the whitelist. Please Note: The asterisk (*) is a wildcard used to account for any subdomains we use. The last item in the list is for Vimeo, which we use to host video tutorials and training materials.
If you have ruled out these common reasons and are still not receiving emails, it may be worth contacting our support team [email protected] for further assistance.
Yes. If you are not receiving them, make sure your phone number is correct on My Account, and the Phone and Text channels are enabled.
Learn more about SMS and phone call charges here.
Yes. To receive push notifications, you must download the Crises Control app and log in to your account on your device.
Emails and push alerts are free. More information about calls and SMS text charges can be viewed here.
Yes, The Alert sound plays even when your mobile device is switched to silent mode. This feature is compatible with both Android and iOS platform.
Yes, as long as the phone can receive phone calls and SMS messages. However, you will not receive push notifications.
To use the mobile app, your device will need to be Android 10.0+ or iOS 10.0+.
In spite of its popularity and ease-of-use across the world, SMS delivery is not always guaranteed, and several factors influence the successful delivery of sent messages. The top factors affecting SMS delivery are:
Phone number validity
- Incorrect/non-existing phone number
- Recipient phone number inactive
- Incorrect international country code
- Sending a message to a landline
Filtering content
- Incorrect sender ID
- Keyword filtering
- Repeated messages
Routing factors
- Using cheap routes
- Portability issues
Other Factors
Message delivery can also be affected for reasons such as a full inbox, a frozen messaging application, roaming limitations, and errors on the operators’ SMS servers.
Some phones cannot accept some types of messages, such as WAP push messages, binary text messages, or texts with special characters.
Different operators and countries stipulate different SMS encoding standards. So, when a text message fails to send, it could mean the wrong encoding was used. For example, some carriers in Europe will not deliver messages sent in Unicode characters.
You can view if messages have failed to send on the Message Delivery Report, where you can download the failed report to find out why messages failed.
Crises Control will alert the relevant stakeholders when an incident is closed. This alert, like all other alerts, will require the user to acknowledge it. However, if you do not wish to alert users when closing an incident this can be disabled.
It only takes a few seconds. Within 10 seconds the user will have received the alert. In some cases, the phone call can take a little longer based on the volume of calls.
Currently the behaviour is dependent on the location of the recipient, some countries have the ability convert SMS message text into voice, if that service is enabled.
When sending a message to a landline number in the US, Canada and the UK:
Crises Control will not check whether the number is a landline and will attempt to send it to our carrier for delivery. Some carriers (especially the ones in the UK where the landline numbers are text-enabled) will convert the SMS into text-to-speech messages via voice calls. This is normal operation and Crises Control will charge your project for the SMS.
When sending a message to a landline number in other countries:
The Crises Control REST API will throw the error below, and the message will not appear in the logs and your project will not be charged.
"code": 21614, "message": "To number: +86XXXXXXX, is not a mobile number", "more_info": Twilio Errors, "status": 400.
Yes, the Crises Control solution offers a Windows Desktop App that can be downloaded and installed from the Microsoft Store. This app provides a seamless and user-friendly experience for Windows users, allowing them to engage with Alerts received from the Crises Control platform. Click here to download.
The Crises Control Desktop App leverages PUSH notifications to alert users of important updates and alerts, even when they are offline. These push notifications are a powerful means of communication, ensuring that users are promptly informed of any critical information or actions required during a crisis. When a new alert is generated, a push notification will be delivered directly to the Windows Desktop App, serving as a prompt for users to log in to the Crises Control portal or their mobile app for comprehensive engagement with the crisis at hand. This functionality enables users to stay connected and informed, facilitating effective crisis management and response. Click here to download.
Yes, Crises Control does support two-way notification between the system and recipients via email. This means that recipients can not only receive notifications via email but can also respond or interact with the system through email. The user can also reply to the alert using any of the other channels like PUSH, Voice Call, SMS, allowing for effective communication and collaboration during crisis situations.
Our system is flexible and scalable, the throughput of voice calls can be configured to meet your requirement. There are a number of factors to be considered when determining the max and min voice call throughput that would be selected.
As a standard, we have the capacity to process voice calls at a rate of 600 segments per minute in aggregate. Our system is designed to scale to higher volumes if required. However, it's important to note that the exact number of voice calls delivered may vary depending on factors such as network conditions and the length of each voice call, phone device availability etc. Call us today to discuss your requirement.
As a standard, Crises Control can execute 15,000 emails per minute in aggregate. This provides a high level of efficiency and ensures timely delivery of email notifications. However, it's important to note that our service is highly scalable, meaning that we can easily increase this capacity to meet your specific requirements. Whether you need to send a larger volume of emails or require faster delivery, we have the flexibility to accommodate your needs.
Crises Control GDPR Compliance
The General Data Protection Regulation (GDPR) is a sweeping new EU law that went into effect in all EU Member States on May 25, 2018. It mandates how companies can collect, store, delete, modify and otherwise process personal data of EU citizens. It applies to any company that processes personal data of EU citizens, regardless of whether it has any physical presence in the EU, or even whether it has any EU customers. Companies are also required to pass these obligations down to all of their vendors and suppliers who may also handle personal data of EU citizens anywhere in the world. Despite Brexit, the UK is committed to stay compliant with the GDPR.
Under EU law, personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. It doesn’t have to be confidential or sensitive to qualify as personal data.
Where we are the processors of your data, our obligation is to ensure that this data is processed lawfully, fairly and transparently as agreed by our clients and to maintain appropriate security controls. Processing here means maintaining the confidentiality, availability, integrity and security of the data, the servers and network where the data is held. Where it is exceptionally necessary to access a client database to investigate a client issue, we will always seek the client’s permission. We work hard to protect Crises Control and our users from unauthorised access to or unauthorised alteration, disclosure or destruction of information that we hold. In particular:
- We encrypt many of our services using SSL.
- We offer two factor authentication (2FA) verification when you access your Crises Control Account.
- We use Cloudflare Advance Security to protect and secure the application and APIs against denial-of-service attacks, customer data compromise, and abusive bots.
- We encrypt data whilst at rest.
- We use Cloudflare for fast Global Content Delivery Network, which speeds up web page loading times. Cloudflare are certified under the EU-US and Swiss-US Privacy Shield frameworks for onward transfers of EU data to the United States. (See Cloudflare).
- We have Data Protection Addendum (DPA), which is a contractual agreement in place with Cloudflare to protect our customer’s data to EU- GDPR standards.
- We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems.
- We restrict access to personal information to Crises Control employees, contractors and agents who need to know that information in order to process it for us and who are subject to strict contractual confidentiality obligations. They may be disciplined, or their contract terminated if they fail to meet these obligations.
- We are ISO 27001, ISO 9001 certified.
- We employ certified GDPR practitioners to maintain and improve security standards.
Our Privacy Policy can be found at the bottom of the Crises Control website. Click here to view the Privacy Policy.
Yes, Crises Control is fully compliant with both UK and EU GDPR regulations. We ensure that all personal data is processed lawfully, fairly, and transparently, and provide mechanisms for users and organizations to manage their data in accordance with GDPR principles.
Crises Control collects and processes personal data such as names, email addresses, phone numbers, job titles, and location data (where necessary for emergency response). All data collection is purpose-driven and limited to what is required to deliver our services.
User consent can be requested and recorded through onboarding processes or explicit prompts within the platform. All consent activities are logged and auditable, ensuring transparency and control for data subjects.
Yes, individuals have the right to access, rectify, or request the deletion of their personal data at any time. Crises Control supports organizations in fulfilling these requests through admin tools and user data reports.
Customer data is stored securely on Microsoft Azure cloud servers located in the UK or EU, depending on client preference. All data is encrypted both in transit (TLS) and at rest (AES-256) to ensure maximum protection.
Crises Control acts primarily as a Data Processor, handling data on behalf of the customer (the Data Controller). However, for limited administrative and account-related functions, we may also act as a joint Data Controller.
Data retention periods are configurable by the customer. By default, data is retained only as long as necessary to provide the service, unless otherwise required by law or agreed in the contract.
Crises Control employs continuous monitoring, intrusion detection, and logging systems to detect potential breaches. In the event of a confirmed breach, we follow GDPR requirements for notification and reporting within the legally mandated timeframes.
Yes, organizations can define custom data retention rules, user permissions, and access controls in line with their internal privacy policies and regulatory obligations.
We assist with DPIAs by providing detailed documentation on data processing activities, technical and organizational measures, risk mitigation strategies, and data flow mappings upon request.
Billing and Upgrades
If you sign up for Crises Control, you will pay for your membership annually in advance. You can discuss this and other payment option with us by calling the sales team on +44 (0)208 584 1485 or contact us via email at [email protected].
Push notifications and Emails are free, but there is a charge for telephone calls and SMS messages sent via the Crises Control application. More information about charges for calls and SMS text can be viewed here.
Credit is purchased in advance directly from the portal using credit card or through your account manager. When your account balance is low, your account manager will be in contact to remind you to top up. You can find a statement of your transactions on the portal to track your usage and costs. A monthly detailed account statement will be available on the web portal on the 1st day of the month. Credit is purchased in advance directly from the portal using credit card or through your account manager. When your account balance is low, your account manager will be in contact to remind you to top up. You can find a statement of your transactions on the portal to track your usage and costs. A monthly detailed account statement will be available on the web portal on the 1st day of the month.
SMS messages and phone calls are charged per unit according to the price package agreed with the customer. Price packages do offer the benefit of discounts for bulk purchases. Unit price varies according to the length and geographical location. One unit is equivalent to an SMS message containing less than 160 characters, or a local phone call of under 1-minute duration. Conference call rates vary according to the destination, the duration of the call and the number of participants on the call.
Yes, calls or SMS messages sent through Crises Control may be subject to charges by your mobile or telecom network provider. These charges depend on your service plan and the location of the recipients. Crises Control offers detailed message delivery reports for monitoring usage.
For our Enterprise solution, the POC is the best way to demonstrate whether Crises Control is the right solution for your organisation. We will support you during this month-long paid trial, helping you to get set up, populating your account and testing the message and incidents functions. At the end of the trial, you will know if Crises Control is the right option for your company and can start your annual Enterprise membership.
You can add users on the web portal in Settings > Setup Users and Add User. If you exceed the contracted number of users, an alert message will appear.
To increase your user allowance, contact your account manager.
If you would like to add another module or extension, such as Task Manager, SOS or Public Alerting, to your current license plan, please contact your account manager to obtain a quote for the module to be added to your account.
If you wish to cancel your membership, contact your account manager more than 30 days before your license is due for renewal, unless you are on a free trial and you cancel before the end of the 30 day period.
You can continue to use Crises Control until your account automatically closes at the end of your current billing period.
Definitely. We’d love to have you back.
We’ll keep your organisation’s account for one year after your account closes, so if you decide to come back during that time, you can pick up right where you left off. Your data will also be saved for one year after your account closes.
Yes, Crises Control offers flexible pricing plans tailored to the size of your organization and level of usage. Whether you're a small team or a large enterprise, we can provide a solution that matches your needs and budget.
Yes, customers receive itemized invoices that include charges for platform access, user licenses, SMS and voice messages, and any additional modules. Billing statements can be sent monthly or annually based on your preference.
We offer both flexible and fixed-term plans. While most customers choose annual contracts for better value, monthly plans are available for those needing shorter commitments or proof-of-concept deployments.
Crises Control can accommodate seasonal users with flexible licensing. You can increase or decrease the number of active users as needed, and billing is adjusted accordingly.
Yes, in certain cases, we can suspend service for a defined period without full cancellation. This is useful for seasonal operations or during internal restructures. Please contact your account manager to discuss options.
If you exceed your plan limits, additional usage will be charged based on your contract’s overage rates. You’ll be notified in advance and have the option to upgrade your plan to avoid unexpected charges.
Yes, we offer volume discounts and custom enterprise packages for large organizations or multi-site deployments. Contact our sales team for a tailored quote based on your specific needs.
Yes, you can request a trial of individual modules such as the SOS Panic Button or Incident Plan Builder. This allows you to evaluate specific features without committing to the full suite.
If you upgrade during your contract term, the cost is prorated based on the remaining months. The new rate applies immediately, and adjustments are reflected in your next billing cycle.
Yes, we offer both monthly and annual payment options. Annual billing typically provides a discount, while monthly billing offers more flexibility for budgeting and cash flow.
About iSOP Wizard
iSOP Wizard is an extension of the Incident Manager module. It allows you to create your own bespoke Incident Action Plans (IAP). Each document produced has an owner, version number, review date and review frequency to allow effective version control. When complete, these documents are stored in the Media Asset Manager where they can be accessed at any time.
Yes, Standard Operating Procedures can be created in iSOP Wizard. You can fill in the sections with the details of the SOP and attach it to the related incident plan. The SOP is then stored on Media Asset Manager and users will be sent the document as an attachment to the incident alert when it is launched.
Yes, if a Standard Operating Procedure is attached to the related incident, users will receive the SOP when the incident is launched.
Yes. The Standard Operating Procedure is stored in Media Asset Manager and iSOP Wizard on the web portal and can be accessed at any time. If the SOP is attached to the related incident, any user opening that incident on their app or web application will be able to access the SOP.
When creating a Standard Operating Procedure, you must select an owner of the file and a review date. Crises Control will send reminders to the owner to review the SOP either weekly, monthly, quarterly or annually.
You can store most file formats associated with the following:
- Word, Excel and PDF documents
- Images
- Videos
- Audio files
- Hyperlinks