Focus Data Services Ltd

Focus112 copy

Focus Data's design systems tailored for both communication providers and law enforcement agencies, facilitating the streamlined handling of requests, retrieval, and analysis of communication data. Efficiently manage the acquisition of communication data from cellular service providers and transform it into actionable intelligence, benefiting operational inquiries and court proceedings.

Features

• Logs and manages cell data for law enforcement
• Automates cell data retrieval and dispatch
• Connects to live cell tower networks for instant data collection
• Stores CDR and subscriber/CRM data downloads for inquiries
• Bespoke cell data reporting from all cell providers
• Enforces strict controls ensuring agencies request are legally entitled
• Suite of products to manage data release in dynamic situations

Benefits

• Provides Law enforcement logistical data location and conformation.
• Easy access for all Law enforcement personnel
• Automated processes reduce the potential for human error
• Streamlines the process of requesting, retrieving, and analysing communication data
• Controls ensure requests for data adhere to legal regulations
• Enriches raw data with additional details, subscriber, cell site information
• Reduce costs associated with storage and management,
• A comprehensive solution for managing communication data requests

£60,000.00 to £250,000.00 a licence a year

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@focus112.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

120013022676912

Contact

Ray Green
07770441414
info@focus112.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Only accessed via Law Enforcement
• System requirements:
  • Access to a computer devuce and the Internet
  • Authority to access data (local legal requirements)
  • Password and two step authentication
  • Legal Authority

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: 3 hour response and 12 hour fix policy
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our client support framework guarantees personalised assistance through dedicated contact managers assigned to address individual client concerns. Support services are accessible via email and telephone, with the added option of on-site visits should the need arise.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: New users have to be recommened by their department heads. An email will be required and then a password generated.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Users do not retain ownership of the data; it is the property of the Law Authorities and Cell Company. Account cancellation triggers internal law enforcement protocols to be enacted.
• End-of-contract process: Unknow

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Entrance to our web portal/services is via a login screen with two-step authentication. The system then asks a set of predefined questions to ensure authorization is permitted.
• Accessibility standards: None or don’t know
• Description of accessibility: Focus112 is a web based service. Access is via a secure login process.
• Accessibility testing: Unknown
• API: Yes
• What users can and can't do using the API: Unknow
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: As part of a design feature and to comply with local legislation, customers have the ability to customize services.

Scaling

• Independence of resources: We ensure each user gets consistent access despite demand fluctuations with dynamic resource allocation. Priority access is granted to law enforcement for prompt service, even during peak times. Sophisticated load balancing evenly distributes requests, preventing overload. Continuous monitoring allows proactive issue identification and resolution. These measures guarantee users are unaffected by demand, maintaining optimal service quality.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data is exported via reports available in CSV, Doc and excel.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Unknow, Ray I need help with this one
• Approach to resilience: Focus Data serves as a vital conduit for law enforcement agencies to access telecommunications data efficiently and legally. Notably, we operate on a principle where we do not retain any data obtained from either law enforcement entities or telecommunication companies. Our commitment to data privacy and security is paramount, reflected in our meticulous approach to data storage. The source code powering our systems is securely stored in the cloud using Azure services, a platform known for its stringent security measures. Azure's compliance with ISO 27001 standards and its integration with Microsoft Office 365 ensure robust protection against unauthorized access and data breaches, reinforcing our dedication to maintaining the integrity and confidentiality of sensitive information. Focus Data Services also holds the ISO 27001 certificate.
• Outage reporting: For end users, our protocol ensures prompt awareness and resolution of any outages in our web-based services. Upon detection, our system automatically generates notifications to our dedicated Support Engineers via multiple channels, including email, telephone calls, and digital security alerts. Simultaneously, users are promptly informed of any service disruptions through various means. These include a localized dashboard, providing real-time status updates, an API for integration with existing systems, and additional email notifications. This multi-tiered approach ensures transparency, enabling users to stay informed and allowing for swift action to address any issues, thereby minimizing downtime and ensuring a seamless user experience.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Unknown, please help
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSi
• ISO/IEC 27001 accreditation date: 00/06/2021
• What the ISO/IEC 27001 doesn’t cover: The following falls outside our remit within ISO/IEC 27001:; ; 1. Human Resources; 2. Financial Accounting; 3. Some software packages, for example, Azure and Microsoft 365, each have their own ISO 27001 certification.; 4. Business Development and Marketing
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We adhere to comprehensive information security policies and processes to safeguard sensitive data and ensure compliance with regulatory standards ISO27001:2022. Our policies cover information security, data confidentiality, integrity, and availability.; ; Our policies cover data classification, access control, encryption standards, incident response procedures, and employee awareness training.; ; Access to sensitive data is strictly controlled through role-based mechanisms necessary for job responsibilities. We enforce encryption protocols to protect data in transit and rest, ensuring data remains secure across all communication channels and storage systems.; ; We have established protocols for incident detection, reporting, and response.; ; Regular training is conducted for all employees, covering information security practices and the latest threats and vulnerabilities.; ; Our information security policies are overseen by our Information Security Officer, who reports directly to senior management. The ISO is responsible for developing, implementing, and enforcing security policies and procedures.; ; Regular audits and assessments evaluate compliance with security policies and procedures. Compliance is monitored through automated systems, employee training, and periodic reviews by the ISO. Deviations from the policy are promptly identified and addressed through corrective actions, including additional training, process improvements, or disciplinary procedures. This ensures a safe environment for all data.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: At Focus Data, we track service components and assess changes for security impact. Changes undergo rigorous evaluation, including impact analysis and security assessment. Higher-risk changes require stakeholder approval. Security assessments consider vulnerabilities, compliance, and best practices. Continuous monitoring ensures adherence to policies and identifies areas for improvement. We maintain service stability, reliability, and security through these processes while facilitating agile adaptation to business needs.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: At Focus Data, our vulnerability management process is meticulous and proactive. We regularly assess potential threats to our services through continuous monitoring, threat intelligence feeds, and penetration testing. Once vulnerabilities are identified, we prioritize and deploy patches swiftly based on severity and potential impact. Our patch deployment process is streamlined to minimise downtime and ensure rapid mitigation. We gather information about potential threats from various sources, including industry advisories, security research organisations, vendor announcements, and government agencies. This comprehensive approach enables us to stay ahead of emerging threats and maintain the security of our services.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: The protective monitoring processes at Focus Data are designed to identify and respond to potential compromises immediately. We employ advanced monitoring tools and techniques to detect anomalous activities and indicators of compromise in real time. Our team immediately initiates investigation and containment procedures when a potential compromise is identified. Response times are prioritised based on the severity of the incident, with critical incidents addressed urgently. Our goal is to respond to incidents promptly, minimising the impact on our systems and data. Continuous refinement of our monitoring processes ensures agility and effectiveness in safeguarding our services against emerging threats.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We maintain comprehensive incident management processes to ensure effective resolution of disruptions or security incidents. We have processes for everyday events, outlining clear identification, assessment, and response steps. Users can report incidents through designated channels, including dedicated support channels, email, and phone. Our incident response team promptly initiates investigation and mitigation procedures upon receiving an incident report. Incident reports are provided to stakeholders through timely and transparent communication channels, detailing the nature of the incident, its impact, and actions taken for resolution. Our goal is to minimise downtime, mitigate risks, and ensure our services' ongoing integrity and security.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  Provides law enforcement with up to date information to aid their investigations ensuring members of the public are safe. Assisting law enforcement to apprehend criminals easily with documented evidence ensuring quality of service.

Pricing

• Price: £60,000.00 to £250,000.00 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@focus112.com. Tell them what format you need. It will help if you say what assistive technology you use.