Synalogik Innovative Solution

Synalogik and Forensic Analytics Joint Services

By harnessing the power of Synalogik’s Scout® and DataHunter platforms within Forensic Analytics CSAS and CDAN Nexus, our customers will benefit from the most streamlined investigation processes and in the knowledge that appropriate checks are in place to ensure legislative and Regulatory requirements are adhered to throughout.

Features

  • Single access to multiple open source (OSINT) data feeds
  • UK and Global Commercial, CRA data, Government data, Police data
  • Single Intelligence Database with open source data built in
  • Upload of users own data to clash against Scout data
  • Combine open source with risk assessment and search terms
  • Optional capability to automatically identify links between seemingly disassociated enquiries
  • Search for People, Companies, Addresses, Phone Numbers, Email Addresses, VRNs
  • Robot Process Automation, Scalable, Compliant, Multiple language searching, Bulk upload
  • Automatically collates reports, tables and node-view into bespoke reports
  • Create bespoke configurations as templated workflows, faster and accurate searching

Benefits

  • Hours of manual research conducted delivered in minutes, 85% efficiency
  • Automates the manual process of collating relevant information
  • Highly intuitive and easily accessible platform interface
  • Evidential and provides increased operational efficiency, fully auditable
  • Reduced investigation costs, time, collation, Evergreen platform, UK held data
  • Greater accuracy, Automated aggregation and auditing resolves human errors
  • Supercharged operational efficiency, single intelligence environment that maximises efficiencies
  • Create templated searches with fixed risk assessments, used bulk/individually;
  • Secure, multi factor authentication, cloud based GDPR compliant, encrypted
  • Fuzzy logic and pattern matching to assist entity-resolution

Pricing

£499 to £2,145 a unit

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at public.sector@synalogik.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

1 2 3 2 2 3 6 6 3 5 1 3 1 5 7

Contact

Synalogik Innovative Solution Julie Hewitt, Head of Government Sales
Telephone: +44 7949222013
Email: public.sector@synalogik.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
None
System requirements
  • Cloud based, have cloud licences or willing to purchase them
  • Platform will require firewall access configuration within organisational security policies.
  • Accessed via secure, pre-authorised, URL at fixed IP addresses
  • Third party data access via existing contract or via Synalogik
  • Access via standard web browser
  • Harnessing core technologies (microservices architecture, Apache Kafka, ArangoDB) for integrations

User support

Email or online ticketing support
Email or online ticketing
Support response times
Dependant on the Priority of the Service Level Agreements
Priority 1 - Phone - 1 working hour response time, 24hr resolution time, updates every 2 working hours
Priority 3- Phone /Email- 4 working hours response time, 3 working days resolution time, updates every 8 working hours
Priority 4 - Phone /Email- 48 working hours response time, 5 working days resolution time, updates daily.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Synalogik inclusive support levels include email and on-line ticketing and services. Responses during working timelines; UK Mon-Friday 9-5. Prioritisation ticketing available. Account managers and cloud support engineers provided. Ongoing Support Incident Management During transition Synalogik provide Early Life Support: Controlled handover of the platform to Service Operation (BAU). This includes operational support and knowledge transfer. After platform integration Synalogik provide centralised incident management service providing single point-of-contact with triage responsibility.
Support available to third parties
No

Onboarding and offboarding

Getting started
For customers who wish to use our standard AWS cloud, onboarding with Scout® is a straightforward process, led by our Operations Team. However, in the circumstance where a customer wishes to be deployed in an alternative environment e.g. private cloud, an element of professional services is required to facilitate that delivery.
In our experience, the deployment of Scout® into a new environment requires enterprise-wide collaboration between stakeholders and business functions such as Service Owners, Design Boards, Accreditors and DevOps teams. Synalogik Professional Services offer end-to-end services to assist with all necessary steps to support the related integration activities within our programme management delivery, using either waterfall (PRINCE2), agile (Kanban) or blended project delivery styles as preferred.
For new user accounts for Scout® Synalogik offer, per account:

User Guides

*Online self-help portal (populated with electronic user instructions)

*Business Hours Helpdesk

*Computer-Based Explainer Videos and other support as follows:

*90-minute basic user session giving an introduction to the functions and capability within the Scout® platform.

*30-minute extension to the 90-minute basic user session for super-users to deal with managing users' permissions.

*Videos in the self-help portal

*Monthly user clinics hosted online on various Scout® pieces of functionality
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Scout contains functionality for Client to export all Search Results from Scout at any time. All Search Results in Scout will be automatically deleted 90 days after the end of the Subscription Term for Scout or the MSA. If requested by Client, Synalogik shall (at Client’s cost) provide reasonable assistance for up to 30 days following the end of a Subscription Term for Scout or the MSA to enable Client to export Client Searches from
Scout.
End-of-contract process
Either Party may terminate the MSA for convenience by giving 90 days’ notice to the other Party at any time after the Initial Term. Scout contains functionality for Client to export all Search Results from Scout at any time. All Search Results in Scout will be automatically deleted 90 days after the end of the Subscription Term for Scout or the MSA. If requested by Client, Synalogik shall (at Client’s cost) provide reasonable assistance for up to 30 days following the end of a Subscription Term for Scout or the MSA to enable Client to export Client Searches from Scout.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The is no difference other than the formatted layout
Service interface
Yes
User support accessibility
None or don’t know
Description of service interface
We create a bespoke URL for access for all clients. each client environment has access to their own zen desk for all their support needs
Accessibility standards
None or don’t know
Description of accessibility
We are still in the testing stages of accessibility - at present we don't believe there are any restrictions on what users can and can't do.
Accessibility testing
We haven't yet started testing with users of assistive technology.
API
Yes
What users can and can't do using the API
Synalogik have an inbound and outbound API facility available for our platforms, meaning that clients can integrate with the Scout® platform and retrieve results from our data aggregation, risk scoring and visualisation tools direct from their user interfaces.

Users can initiate workflows, aggregate multiple data source results and cleanse potentially relevant “results” using our picklist list through our Inbound API.

Users can run searches, create picklists, set templated workflows, automate Open source enquiries and receive risk scored results through the outbound API.

The Scout Public API is provided as a stateless RESTful API. Our API has relevant URL endpoints, accepts specific-format JSON request bodies, returns JSON-encoded responses, and uses standard HTTP status codes.

The purpose of this API is to allow user organisations to remotely manage their interaction with the Synalogik Scout service.

Full documentation is available for both APIs, upon request.
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Customisation includes the data sources, functionality, open-source templates and templated workflows. Superusers have the ability to select the data sources, functionality, open-source templates and the ability to create templated workflows. Standard users do not have these functions available.

Scaling

Independence of resources
The Synalogik cloud based autoscaling technologies ensure we can cope with the demands on the service from multiple users/accounts on the service.

Analytics

Service usage metrics
Yes
Metrics types
Management Information reports are available showing usage of Scout®, enabling managers to identify any non-usage and respond accordingly. The reports can also help to identify training, tradecraft gaps and weaknesses, which can then be addressed – all of which are delivered by Synalogik as part of our commitment to best-in-class investigations and customer support.

Reporting consists of a monthly emailed “MI” report setting out the required information. Instantiation deployment to Official Sensitive or above, Synalogik cannot access to this information and as such MI reporting is not available, however, it can be retrieved by internal users directly from the system.
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Scout® reports can be exported into pdf, excel, word or an outbound API (JSON format) into their CRM system.
Data export formats
CSV
Data import formats
  • CSV
  • Other
Other data import formats
JSON

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Synalogik shall endeavour to make Scout available to Client Users 24/7 and monitor for any issues. All Data Feeds are subject to Data Supplier SLAs. Synalogik shall agree and meet the Scout SLA and the Technical SLA in the Service Level Schedule to the Order Form. If Synalogik fails to meet the Service Levels in the Service Level Schedule, Synalogik shall: (a) take those actions reasonably necessary to correct the problem and begin meeting the Service Levels as soon as reasonably practicable; (b) initiate investigations to identify the root causes of such failure; and (c) where
appropriate, make written recommendations to Client, including the actions proposed by Synalogik and to be carried out by Client, for improvement in procedures to satisfy the Service Levels and prevent any recurrence of such failure; (d) adopt a ‘work the problem’ approach
to seek to correct and minimise recurrences of all Service Level failures for which it is responsible. Synalogik shall deliver to Client, within 15 Business Days after the end of each Calendar Month, a report setting out performance against the Scout SLA and the Technical Support SLA.
Approach to resilience
Available upon request
Outage reporting
The Scout® service will automatically send an alarm internally to alert Synalogik of an outage - once received, an email alert is sent to all clients. In the event this doesn't happen, Synalogik provides a centralised incident management service for Scout® / DataHunter and all supported data interfaces. This provides our customers with a single point of contact for DataHunter and places the responsibility to triage incidents on the relevant data interface supplier with Synalogik.

Synalogik will manage all incident resolutions between 2nd Line and 3rd Line via separate, agreed ways of working with our data interface suppliers.

Synalogik defines incidents as either ‘Standard’ or ‘Outage.’ The initial response time is calculated from when the incident is reported to Synalogik to when an initial response has been communicated from Synalogik Support. The resolution is the time agreed for Synalogik to find a resolution to the incident or request - initial business response within 1hr and resolution of the outage within 1 hour

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication
IP /VPN Pre-registration
Access restrictions in management interfaces and support channels
User and system access is provided at four levels:
ADMIN - Access to the Synalogik Administration and Helpdesk, Ability to reset passwords, unlock accounts and disable user access
SUPERUSER - Investigator functionality with admin functionality, Ability for investigators to also reset passwords and unlock accounts
GENERAL USER - Investor/Analyst, Ability to use full functionality of the Scout® platform
AUDIT - Professional standards/Compliance, Ability to view user activity
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Description of management access authentication
IP/VPN Pre- registration.

Audit information for users

Access to user activity audit information
Users receive audit information on a regular basis
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
QMS International
ISO/IEC 27001 accreditation date
22/03/2020
What the ISO/IEC 27001 doesn’t cover
Only minor items identified in the SDS - Statement of Applicability v1.3 Everything else in the company remains covered.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Our Chief Commercial Officer is the Company’s Compliance Officer and DPO. We have an Information Security Manager, reporting to the CEO who is fully dedicated to the roles of Risk Management, Business Continuity and Information Security Management. Mandatory Training is in place for all staff and a disciplinary policy should it not be followed.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Synalogik have a change management policy which is underpinned by processes and procedures based on ITIL best practice. This is a mature process. We use a service management tool that integrates change management, incident management, problem management, configuration management and knowledge management. Our change management policy, processes, and procedures are regularly audited. Formal risk analysis is employed using an approved information risk analysis phase for developments/changes. Security requirements for the system are identified and continue to be considered throughout the life of the product.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Annual penetration testing regime. Automated scanning for vulnerable software using AWS Patch Manager on EC2 instances and all Apple Mac endpoint devices are Mobile Device managed to push the latest security and macOS patches to the devices without delay. We hold NCSC security accredited ‘Cyber Essentials Plus’ via IASME. We undergo a full annual technical audit of all our systems and endpoints, by an external IASME qualified assessor who examines technical security controls, testing that they exclusively work through a technical audit including internal and external vulnerability scans. Cyber Essentials Plus certification includes automatic addition to their cyber liability insurance.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
We utilise AWS Guard Duty with AWS Security Hub which scans all our access logs and immediately alerts to our Slack instance if it identifies anything suspicious. We then intervene to take the necessary action as required. We also receive National Cyber Security Centre (NCSC) Weekly Threat Reports and act to incorporate any mitigations to threats & vulnerabilities identified that are relevant to our IT estate.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Synalogik provides a centralised incident management service for Scout® / DataHunter and all supported data interfaces. This provides our customers with a single point of contact for DataHunter and places the responsibility to triage incidents on the relevant data interface supplier with Synalogik.

Users can report incidents directly via Zendesk (built into Scout®). Incident reports are provided by email once the full Root Cause Analysis has been undertaken.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

Recruited 1.5FTE to decrease cloud costs for running our platforms, as commitment to our Carbon Reduction plan. We have introduced remote working for all staff to reduce the environmental footprint and committed to not expand the office size, training is provided to all staff on their responsibilities to this.
Covid-19 recovery

Covid-19 recovery

Awarded a grant from UK/R for £15k for external resource, which was used to pay for legal resources, enabling it to be taken to market quicker. The funds allowed us to employ 15 staff to integrate the data sources in the Data Hub.

Investment of £3m allowed us to employ a further 30 staff across compliance, data security and IT to integrate data sources in our product. The founders did not take any money and decreased their shares to feed back into the company to support expansion and growth, including training of staff.

Synalogik are committed to take summer internships for university or college leavers or those taking holidays from their studies.

Synalogik are also in the process of writing digital intelligence and investigation skills courses with a view to having them available for City & Guilds Accreditation. Our staff will benefit from these for free, as a benefit of their employment with the business.

Futhermore, the investment saw us grow from 20 to 60 staff from Feb 2020 to April 2022, with plans to recruit a further 6 staff in 2022.
Tackling economic inequality

Tackling economic inequality

A founder is still in chambers as a Barrister and has 50 days per year in the criminal justice system. This includes work experience for those in training to become a legal professional.

The Chief Operating Office is undertaking a PhD in Risk Management, which is funded by Synalogik to support his personal development. We will provide this opportunity to one staff member as we grow each year.

We fund training course for staff development including data protection and compliance to develop specialist skills, and have a sales course planned for the sales teams in year.

Udemy Business is provided to all staff to develop both professional and personally with courses they can choose. We provide 2 hours per week to dedicate training time for this.

We are looking to support charities that provide clothing for interviews, by donations from our staffs own clothing.

We have committed to supply chain resilience by creating our Supplier Diversity Policy which is available on our website.
Equal opportunity

Equal opportunity

Signed the Disability Confident scheme, level 1 and Signing the Armed Forces covenant later in 2022 to support work opportunities. Policy for diverse staff/inclusion is underway. Remote working allows staff with disabilities, caring responsibilities or other commitments to achieve a better work/life balance and remove obstacles for employment.
Wellbeing

Wellbeing

Provide private healthcare and minor life insurance for dependants as staff benefit to support their wellbeing and families wellbeing. Dogs in the office days to boost morale and wellbeing. Flexible working hours are standard for all staff. Support staff in training opportunities with local sports and sponsorship. Charity committee being set up to support charity provisions, including volunteer days for staff to listen to children read and support foodbanks, provide workwear for interviews for unemployed persons, and raise money for charities as voted for by staff, all improving community cohesion.

Pricing

Price
£499 to £2,145 a unit
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Synalogik offer new customers a complimentary 20-day trial of the core Scout® platform (for up to 5 Users) to demonstrate functionality and operational value. In advance of any trial, appropriate contracts for Data Protection purposes need to be agreed and signed.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at public.sector@synalogik.com. Tell them what format you need. It will help if you say what assistive technology you use.