WHITESPACE GLOBAL LIMITED

Report and Insight Generation

Natural language interface, utilising LLMs, that provides in-depth researching, reporting, insight generation and analysis, extracting relevant information from large data sources. Queries both internal and publicly available information to corroborate data sources. Searches/queries are obfuscated to ensure security, and insights presented in organisational report formats with interactive knowledge graphs.

Features

• Indepth research capabilities across varied data sources
• Flexible reporting formats
• Realtime AI powered insights
• Capitalise on your data whilst maintaining ownership

Benefits

• Research at pace, across data formats and sources.
• Reporting format most appropriate to use case / user
• Allows decisions to be made with confidence
• Data soverignty - data retained within organisation

£199.99 to £500,000.00 a unit

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at frameworks@white.space. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

102694647265177

Contact

Elizma Knowles
02890994405
frameworks@white.space

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: None
• System requirements: Web Browser and internet connection

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: SLA specific to client requirements
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Internal UX and design team reviews as well as external software provider process
• Onsite support: Yes, at extra cost
• Support levels: Standard support is included in our software licence. Support hours are Monday-Friday, 0800-1800 daily.; Bespoke SLA available at extra cost.; Technical account manager and cloud support engineer available at extra cost
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Initial users are on-boarded and walked through the platform using teleconferencing. A first-time user experience/onboarding in the product allows users to explore the key features in their own time, alongside an extensive in product knowledge guide and help centre.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: If required, clients can request that their data is exported. This may induce extra costs.
• End-of-contract process: Once the contract ends, access to the system is terminated and all client data is removed.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Responsive design. Further information available on request.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Browser based GUI
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Has been tested with Jaws, Windows Narrator, and Chrome's Chromevox Classic.
• API: Yes
• What users can and can't do using the API: All functionality available via the graphical user interface, is available via a set of APIs.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Customers can configure the data sources, the research settings and the report generation.

Scaling

• Independence of resources: The infrastructure supporting the product is sized for current and projected load, ensuring that user demand does not affect others. ; Additional resources, if available can be automatically added if required.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export their data either:; - Via the download function within the application ; - Via the API; - Via a support request
• Data export formats:
  • ODF
  • Other
• Data import formats:
  • ODF
  • Other

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Specific SLAs are agreed per project and documented in the contract
• Approach to resilience: We use a redundant and fault tolerant architecture that has no single point of failure and is distributed across multiple public cloud regions. Further information is available on request.
• Outage reporting: Dashboard and e-mail alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
• Access restrictions in management interfaces and support channels: User credentials are used to secure management interfaces and support channels and provide strong authentication. All communications make use of session level encryption to protect confidentiality and integrity.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: SGS
• ISO/IEC 27001 accreditation date: 19/08/2022
• What the ISO/IEC 27001 doesn’t cover: This certification covers all aspects of the service
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Information security policies and procedures conform to ISO27001:2013

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Conforms to ISO 27001:2013 standards. All development activities, including change management are tracked and audited through industry leading applications and platforms, including Confluence, Jira and GitLab. Change requests are tracked through internal tickets, merge requests reviewed (static analysis and manual review processes) and deployed through development, staging and production environments. At each step, manual and automated third party static code analysis is performed.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We use a combination of the below methods, and any issue detected will automatically trigger a task for it to be resolved:; Manual & automatic code review ; Package management (Automated scanning for known issues & upgrade paths); Container scanning; Daily dynamic code analysis & penetration testing; Static code analysis
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Compromises are identified through several means: (a) User reports; (b) Results of automated scans, including vulnerability and penetration testing services; (c) Internal Q&A testing. Incident management policies conform to ISO 27001:2013 standards.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incidents are reported by email. Tickets are raised on the back of the email and we will follow the same approach as detailed for change management, whereby incidents are reviewed both automatically and manually. Code is then tested and reviewed again.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Other
• Other public sector networks:
  • MODNet
  • MODCloud

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We have sought to maximise the use of technology to both minimise unnecessary travel and encourage sustainable solutions. At the same time through working with clients we are looking at how we can develop specific applications to support better sustainable decision making, and optimising the use of sustainable fuels.

  Covid-19 recovery

  In the wake of COVID-19 we have permanently moved to a remote working environment to ensure we can support all of our staff appropriately, bringing teams together as and when required both for business benefit and personal well-being.

  Tackling economic inequality

  As an SME based within Northern Ireland we have worked hard to generate and support a wider innovation and technology SME eco-system that can support each other and return economic benefit to the communities where we are located.

  Equal opportunity

  Fully transparent recruitment and promotion processes are supported by flexible and remote working arrangements to accommodate our team’s and individual needs. An equal opportunity employer we make reasonable adjustments as required to ensure we can recruit and retain our staff and in addition adhere to the Armed Forces Covenant.

  Wellbeing

  Championing health and wellbeing across the business, we strive to support our team’s mental and physical health. Provision of flexible work hours and the 4-day working week during July, August and December, as well as the last Friday in every month off helps to reduce peak pressures. In addition regular monthly team breakfasts, book club and welfare fund allow teams to share issues and problems in addition to bidding for more practical support.

Pricing

• Price: £199.99 to £500,000.00 a unit
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at frameworks@white.space. Tell them what format you need. It will help if you say what assistive technology you use.