Technical, Security and Resilience

Crises Control is wholly owned by Transputec, a privately owned limited company. Transputec is an established IT services and solutions company with over 35 years of innovation, managed IT services and excellent customer service.

Crises Control is hosted on Microsoft Azure in Europe (Germany West Central and France Central) for high availability and geographical redundancy. Microsoft Azure runs in datacentres managed, monitored and administered by highly experienced Microsoft operational staff. Azure datacentres are compliant with key industry standards, such as ISO/IEC 27001:2013 and NIST SP 800-53. Crises control has implemented Microsoft Defender for Cloud to manage security across virtual networks, data, apps and other resources.

Crises Control is also an approved supplier on the G-Cloud 11 platform that supports hundreds of digital programs across the UK public sector. It is hosted with UKCloud, ISO 27001/27017/ 27018/20000/9001 accredited data Centre providing high security platform for Government and Public Sector clients.

Our Middle East and Africa cloud is hosted with Oman Data Park. Established in 2012, Oman Data Park is the Sultanate’s premier IT Managed Services provider offering superior Managed Data Centre, Cyber Security and Cloud Services utilising our locally hosted Tier 3 certified Data Centres. Oman Data Park serves over 500 local and international corporates ranging from large, mid-tier to small companies and Government sector organisations.

Our partner in Saudi Arabia, Oracle Cloud Infrastructure (OCI)  is one of the leading data centres in KSA with multiple highly available Data Centres in Saudi Arabia, a responsive 24/7/365 support, and high security accreditation standards. OCI offers an extended network which covers most of the major cities in the Kingdom. 

In the United Arab Emirates, Crises Control is hosted on Azure Cloud, a Microsoft solution launched in 2010. It is a Cloud Service Provider (CSP) trusted by many different customers across the Middle East and is known for delivering on privacy and security commitments in a compliant and transparent manner.

Crises Control data storage has high levels of security built into the architecture, we use MS SQL security framework to encrypt the data at rest.

Our service is a SaaS model as standard which has no touch points with a client’s own network. There is SSL encryption for traffic between the client device and the Crises Control application servers.

Our data is backed up every 10 minutes and replicated to the fail over data centre.

Crises Control provides GDPR compliance security for our customers by taking the necessary steps to protect data at all points from secure hosting, encryption of data both at rest,  and SSL data encryption in transit.  Learn more

No payment data, such as client’s bank account details, is held on the Crises Control systems. All credit card payment processing is done by our banking partner Worldpay. Worldpay’s secure online payment gateway provides:

  • Advanced fraud protection
  • Accept all major credit and debit cards as well as PayPal
  • Secure your payments with our fraud screening to help protect you and your customer
  • Manage your invoices and transactions with our simple online reporting tools
  • Set up recurring payments and subscription-based payment plans for your customers
  • Accept payments in over 116 currencies
  • Our payment processing systems are compliant with PCI DSS industry security standards

Crises Control uses WorldPay, who process any credit card payments. Crises Control does not hold any credit card information, all credit card transactions are processed throught WorldPay gateway.

Crises Control system has no touch points with the client operating environment and so will not breach your PCI compliant zone boundaries.

WorldPay are PCI compliant, Worldpay is a global leader in payments processing technology and solutions for our merchant customers.

We partner with different major telecom companies around the world to meet the specific needs of our clients.

Our primary messaging partner for SMS and voice calling is Twilio which is a leader in the industry.  Twilio maintains redundant inbound and outbound connectivity with dozens of network carriers around the world. Their real-time systems dynamically route each call or message via the carrier with the best connectivity at any point in time, responding automatically to carrier availability and reliability.

Other partners include CM.com and  Unifonic in the Middle East region

We partner with Apple, Google for PUSH notice alerts.

We partner with Microsoft and AWS for hight volume Email alerts.

Crises Control is available on the UK government digital service framework G-cloud. This service is operated from two distinct environments to provide public sector consumers with choice and price flexibility, dependent upon their information assurance requirements.

Our standard offering is hosted on a Government Community Cloud platform suitable for information assurance needs up-to “OFFICIAL” and is only connected to the public internet. Our secure offering is hosted on a Government Community Cloud platform which holds pan-government accreditation for information up-to and including the “OFFICIAL-SENSITIVE” impact level, with connections to GSI, PSN, N3 and PNN networks as well as the Internet.

We have carefully designed our infrastructure to minimise points of failure and ensure high availability, maximising the resilience of our platform. By leveraging our secure and scalable cloud environment, you can confidently rely on Crises Control to deliver uninterrupted services and support during critical situations. We do not offer on premise hosting for customers who wish to have their own private installation of the Crises Control software.

SeverityCriteriaSLATarget Achievement
1A fault exists that results in a total loss of service or functionality affecting a whole site (sites), or whole system or services.15 minutes to respond.
4 working hours to resolve.
95% of all Severity 1 Incidents will be resolved within the SLA
2A fault exists which results in partial loss of service or functionality affecting multiple users.15 minutes to respond.
8 working hours to resolve.
95% of all Severity 2 Incidents will be resolved within the SLA.
3A fault exists which results in loss of service or functionality for a single user.15 minutes to respond.
24 working hours to resolve.
95% of all Severity 3 Incidents will be resolved within the SLA.

Crises Control has several implementation partners worldwide. It shares ownership with Transputec Limited and Transputec is one of its leading implementation partners.

Transputec and other partners adheres to the following standards:

  • Transputec is fully certified to the ISO 9001:2015 standard.
  • Transputec is fully certified to the ISO 27001:2013 standard.
  • Transputec in the process of achieving ISO 14001:2013 standard.
  • Transputec is fully Cyber Essential certified.
  • Click here for Transputec accreditations.

Crises Control is a Corporate Partner of the Business Continuity Institute and Continiuity Forum. The Business Continuity Institute (BCI) is the world’s leading institute for business continuity. Established in 1994, the BCI has established itself as the leading membership and certifying organisation for Business Continuity professionals worldwide.

Huawei phones, which run on the Android operating system, have encountered some challenges related to app downloads and usage due to a series of events that unfolded in 2019 and beyond. Here's a summary of the situation:

US Government Restrictions: In May 2019, the United States government placed Huawei on a trade blacklist, effectively prohibiting US companies from doing business with Huawei without special permission. This action was taken due to concerns about national security and Huawei's alleged ties to the Chinese government.

Google Services and Play Store Access: As a result of these restrictions, Huawei's newer phones, such as those released after May 2019, lost access to Google services, including the Google Play Store. This meant that users of these phones could not access the official Google Play Store to download apps like they normally would on other Android devices.

Huawei has been actively working on finding solutions to these challenges, and the availability of apps on Huawei devices might have improved or changed.

If you're using a Huawei device and facing issues with app downloads, it's a good idea to check the current state of Huawei's app ecosystem, any updates from Huawei on this matter, and online forums or communities where users might share their experiences and workarounds.

Systems Integrations

You can use Crises Control from your desktop, laptop, tablet or mobile phone anywhere in the world. All you need is an internet connection or mobile data to receive emails and push notifications, and phone signal to receive SMS and phone calls.

Crises Control offers the incident manager up to 5 communication channels: email, SMS, push notification, telephone call and web alert. Any combination of channels can be used to deliver the message to users. 

Messages can be cascaded with time gaps between channels to avoid spamming users and optimise reach and cost control.

There is no limit to the number of recipients an alert can be sent to.

  • Active Directory Integration
  • Azure Active Directory Provisioning (SCIM)
  • Single sign on (SSO) Azure AD/Okta
  • Open APIs
  • Fire detection systems
  • CCTV monitoring systems
  • Security monitoring systems
  • Cyber threat monitoring systems
  • Service desk systems
  • IT alerting systems
  • CRM systems
  • HR systems
  • Server monitoring systems
  • Ticketing systems (ITSM)

We can support single-on via Centrify  and OKTA  cloud identity service providers for single sign-on. The Crises Control application and API use SAML for integration with Centrify Identity Manager.  Additional service providers may be considered for future integration.

Notifications & Alerts

There can be several reasons why you may not receive emails. Here are some common factors to consider:

  1. Incorrect Email Address: Double-check if the email address provided to the sender is correct. Even a minor typo can result in emails being sent to the wrong address.
  2. Spam or Junk Folder: Check your spam or junk folder in your email client or webmail interface. Sometimes, legitimate emails can be filtered as spam and end up in these folders. Marking such emails as "not spam" can help avoid this in the future.
  3. Email Filtering: Spam filters are customisable and can block emails containing specific words, and some networks or organisations have strict rules that automatically block, or mark messages sent outside of their whitelist. Review your email settings to ensure they are not set to reject or filter out specific senders or types of emails.
  4. Full Mailbox: If your email account has reached its storage capacity, new emails may not be delivered. Ensure that your mailbox has sufficient space to receive new messages.
  5. Email Delivery Issues: Occasionally, there may be temporary issues with the sender's email server or your email provider's server that can result in delayed or failed email delivery. In such cases, it's advisable to wait and see if the issue resolves itself.
  6. Network or Connectivity Issues: Connectivity problems on your end, such as internet outages or firewall restrictions, can prevent you from receiving emails. Ensure that your internet connection is stable and that any network or firewall settings are properly configured.
  7. Whitelist Domains & IP Blocks: It is quite common for organisation’s firewalls to block access to traffic except for certain whitelisted. Your network administrator should check this and *.Crises-Control.com and *.Vimeo.com to the whitelist.  Please Note: - The asterisk (*) is a wildcard used to account for any subdomains we use. The last item in the list is for Vimeo, which we use to host video tutorials and training materials.

If you have ruled out these common reasons and are still not receiving emails, it may be worth contacting our support team Support@crises-conttol.com  for further assistance.

Yes. If you are not receiving them, make sure your phone number is correct on My Account, and the Phone and Text channels are enabled.

Learn more about SMS and phone call charges here.

Yes. To receive push notifications, you must download the Crises Control app and log in to your account on your device.

Emails and push alerts are free. More information about calls and SMS text charges can be viewed here.

No. The app cannot override your phone settings.

Yes, as long as the phone can receive phone calls and SMS messages. However, you will not receive push notifications.

To use the mobile app, your device will need to be Android 10.0+ or iOS 10.0+.

In spite of its popularity and ease-of-use across the world, SMS delivery is not always guaranteed, and several factors influence the successful delivery of sent messages. The top factors affecting SMS delivery are:

Phone number validity

  • Incorrect/non-existing phone number
  • Recipient phone number inactive
  • Incorrect international country code
  • Sending a message to a landline

Filtering content

  • Incorrect sender ID
  • Keyword filtering
  • Repeated messages

Routing factors

  • Using cheap routes
  • Portability issues

Other Factors
Message delivery can also be affected for reasons such as a full inbox, a frozen messaging application, roaming limitations, and errors on the operators’ SMS servers.

Some phones cannot accept some types of messages, such as WAP push messages, binary text messages, or texts with special characters.

Different operators and countries stipulate different SMS encoding standards. So, when a text message fails to send, it could mean the wrong encoding was used. For example, some carriers in Europe will not deliver messages sent in Unicode characters.

You can view if messages have failed to send on the Message Delivery Report, where you can download the failed report to find out why messages failed.

Crises Control will alert the relevant stakeholders when an incident is closed. This alert, like all other alerts, will require the user to acknowledge it. However, if you do not wish to alert users when closing an incident this can be disabled.

It only takes a few seconds. Within 10 seconds the user will have received the alert. In some cases, the phone call can take a little longer based on the volume of calls.

Currently the behaviour is dependent on the location of the recipient, some countries have the ability convert SMS message text into voice, if that service is enabled

When sending a message to a landline number in the US, Canada and the UK:

Crises Control will not check whether the number is a landline and will attempt to send it to our carrier for delivery. Some carriers (especially the ones in the UK where the landline numbers are text-enabled) will convert the SMS into text-to-speech messages via voice calls. This is normal operation and Crises Control will charge your project for the SMS.

When sending a message to a landline number in other countries:

The Crises Control REST API will throw the error below, and the message will not appear in the logs and your project will not be charged.

"code": 21614, "message": "To number: +86XXXXXXX, is not a mobile number", "more_info": https://www.twilio.com/docs/errors/21614, "status": 400


Yes, the Crises Control solution offers a Windows Desktop App that can be downloaded and installed from the Microsoft Store. This app provides a seamless and user-friendly experience for Windows users, allowing them to engage with Alerts received from the Crises Control platform. Click here to download.

The Crises Control Desktop App leverages PUSH notifications to alert users of important updates and alerts, even when they are offline. These push notifications are a powerful means of communication, ensuring that users are promptly informed of any critical information or actions required during a crisis. When a new alert is generated, a push notification will be delivered directly to the Windows Desktop App, serving as a prompt for users to log in to the Crises Control portal or their mobile app for comprehensive engagement with the crisis at hand. This functionality enables users to stay connected and informed, facilitating effective crisis management and response. Click here to download.

Yes, Crises Control does support two-way notification between the system and recipients via email. This means that recipients can not only receive notifications via email but can also respond or interact with the system through email. The user can also reply to the alert using any of the other channels like PUSH, Voice Call, SMS, allowing for effective communication and collaboration during crisis situations.

Our system is flexible and scalable, the throughput of voice calls can be configured to meet your requirement. There are a number of factors to be considered when determining the max and min voice call throughput that would be selected.

As a standard, we have the capacity to process voice calls at a rate of 600 segments per minute in aggregate. Our system is designed to scale to higher volumes if required. However, it's important to note that the exact number of voice calls delivered may vary depending on factors such as network conditions and the length of each voice call, phone device availability etc. Call us today to discuss your requirement.

As a standard, Crises Control can execute 15,000 emails per minute in aggregate. This provides a high level of efficiency and ensures timely delivery of email notifications. However, it's important to note that our service is highly scalable, meaning that we can easily increase this capacity to meet your specific requirements. Whether you need to send a larger volume of emails or require faster delivery, we have the flexibility to accommodate your needs.

Crises Control GDPR Compliance

The General Data Protection Regulation (GDPR) is a sweeping new EU law that went into effect in all EU Member States on May 25, 2018. It mandates how companies can collect, store, delete, modify and otherwise process personal data of EU citizens. It applies to any company that processes personal data of EU citizens, regardless of whether it has any physical presence in the EU, or even whether it has any EU customers. Companies are also required to pass these obligations down to all of their vendors and suppliers who may also handle personal data of EU citizens anywhere in the world. Despite Brexit, the UK is committed to stay compliant with the GDPR.

Under EU law, personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. It doesn’t have to be confidential or sensitive to qualify as personal data.

Where we are the processors of your data, our obligation is to ensure that this data is processed lawfully, fairly and transparently as agreed by our clients and to maintain appropriate security controls. Processing here means maintaining the confidentiality, availability, integrity and security of the data, the servers and network where the data is held. Where it is exceptionally necessary to access a client database to investigate a client issue, we will always seek the client’s permission. We work hard to protect Crises Control and our users from unauthorised access to or unauthorised alteration, disclosure or destruction of information that we hold. In particular:

  • We encrypt many of our services using SSL.
  • We offer two factor authentication (2FA) verification when you access your Crises Control Account.
  • We use Cloudflare Advance Security to protect and secure the application and APIs against denial-of-service attacks, customer data compromise, and abusive bots.
  • We encrypt data whilst at rest.

    We use Cloudflare for fast Global Content Delivery Network, which speeds up web page loading times. Cloudflare are certified under the EU-US and Swiss-US Privacy Shield frameworks for onward transfers of EU data to the United States. (See https://www.cloudflare.com/privacyshield/).

     We have Data Protection Addendum (DPA), which is a contractual agreement in place with Cloudflare to protect our customer’s data to EU- GDPR standards.

  • We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems.

  • We restrict access to personal information to Crises Control employees, contractors and agents who need to know that information in order to process it for us and who are subject to strict contractual confidentiality obligations. They may be disciplined, or their contract terminated if they fail to meet these obligations.
  • We are ISO 27001, ISO 9001 certified
  • We employ certified GDPR practitioners to maintain and improve security standards.

Our Privacy Policy can be found at the bottom of the Crises Control website. Click here to view the Privacy Policy.

Billing and Upgrades

If you sign up for Crises Control, you will pay for your membership annually in advance. You can discuss this and other payment option with us by calling the sales team on +44 (0)208 584 1485 or contact us via email at contactus@crises-control.com.

Push notifications and Emails are free, but there is a charge for telephone calls and SMS messages sent via the Crises Control application. More information about charges for calls and SMS text can be viewed here.

Credit is purchased in advance directly from the portal using credit card or through your account manager. When your account balance is low, your account manager will be in contact to remind you to top up. You can find a statement of your transactions on the portal to track your usage and costs. A monthly detailed account statement will be available on the web portal on the 1st day of the month.

SMS messages and phone calls are charged per unit according to the price package agreed with the customer. Price packages do offer the benefit of discounts for bulk purchases. Unit price varies according to the length and geographical location. One unit is equivalent to an SMS message containing less than 160 characters, or a local phone call of under 1-minute duration. Conference call rates vary according to the destination, the duration of the call and the number of participants on the call.

Your network service provider may charge you for receiving calls or SMS, you will need to check this with your provider in the terms of your contract. A small fee may be applied by your telecom provider when acknowledging via SMS. Check with your service provider to avoid any surprises. You will also need to check with your service provider, what charges are applied for receiving SMS and phone calls when you are abroad.

For our Enterprise solution, the POC is the best way to demonstrate whether Crises Control is the right solution for your organisation. We will support you during this month-long paid trial, helping you to get set up, populating your account and testing the message and incidents functions. At the end of the trial, you will know if Crises Control is the right option for your company and can start your annual Enterprise membership.

You can add users on the web portal in Settings > Setup Users and Add User. If you exceed the contracted number of users, an alert message will appear.

To increase your user allowance, contact your account manager.

If you would like to add another module or extension, such as Task Manager, SOS or Public Alerting, to your current license plan, please contact your account manager to obtain a quote for the module to be added to your account.

If you wish to cancel your membership, contact your account manager more than 30 days before your license is due for renewal, unless you are on a free trial and you cancel before the end of the 30 day period.

You can continue to use Crises Control until your account automatically closes at the end of your current billing period.

Definitely. We’d love to have you back.

We’ll keep your organisation’s account for one year after your account closes, so if you decide to come back during that time, you can pick up right where you left off. Your data will also be saved for one year after your account closes.

About iSOP Wizard

iSOP Wizard is an extension of the Incident Manager module. It allows you to create your own bespoke Incident Action Plans (IAP). Each document produced has an owner, version number, review date and review frequency to allow effective version control. When complete, these documents are stored in the Media Asset Manager where they can be accessed at any time.

Yes, Standard Operating Procedures can be created in iSOP Wizard. You can fill in the sections with the details of the SOP and attach it to the related incident plan. The SOP is then stored on Media Asset Manager and users will be sent the document as an attachment to the incident alert when it is launched.

Yes, if a Standard Operating Procedure is attached to the related incident, users will receive the SOP when the incident is launched.

Yes. The Standard Operating Procedure is stored in Media Asset Manager and iSOP Wizard on the web portal and can be accessed at any time. If the SOP is attached to the related incident, any user opening that incident on their app or web application will be able to access the SOP.

When creating a Standard Operating Procedure, you must select an owner of the file and a review date. Crises Control will send reminders to the owner to review the SOP either weekly, monthly, quarterly or annually.

You can store most file formats associated with the following:

  • Word, Excel and PDF documents
  • Images
  • Videos
  • Audio files
  • Hyperlinks