Synalogik Innovative Solution

Datahunter

Meet Datahunter by Synalogik, a one-of-a-kind, auditable and evidential data aggregation platform for discovering hidden risks and providing searches across third-party, internal, and open-source data sets. Datahunter automates enquiries individually or bulk upload. Real-time interrogation of multiple investigations with automated risk analysis for identification of fraud or other criminal activity.

Features

• Single access to multiple open source (OSINT) data feeds
• UK and Global Commercial, CRA data, Government data, Police data
• Single Intelligence Database with open source data built in
• Upload users own data
• Combine open source with risk assessment and search terms
• Optional capability to automatically identify links between seemingly disassociated enquiries
• Search for People, Companies, Addresses, Phone Numbers, Email Addresses, VRNs
• Scalable, Compliant, Multiple language searching, Bulk upload
• Automatically collates reports, tables and node-view into bespoke reports
• Create bespoke configurations as templated workflows, faster and accurate searching

Benefits

• Hours of manual research conducted delivered in minutes, 85% efficiency
• Automates the manual process of collating relevant information
• Highly intuitive and easily accessible platform interface
• Evidential and provides increased operational efficiency, fully auditable
• Reduced investigation costs, time, collation, Evergreen platform, UK held data
• Greater accuracy, Automated aggregation and auditing resolves human errors
• Supercharged operational efficiency, single intelligence environment that maximises efficiencies
• Create templated searches with fixed risk assessments, used bulk/individually;
• Secure, multi factor authentication, cloud based GDPR compliant, encrypted
• Fuzzy logic and pattern matching to assist entity-resolution

£6,000 an instance a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at a.booth@synalogik.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

129655975265951

Contact

Andrew Booth
0800 260 6985
a.booth@synalogik.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: None
• System requirements:
  • Cloud based, have cloud licences or willing to purchase them
  • Platform will require firewall access configuration within organisational security policies.
  • Accessed via secure, pre-authorised, URL at fixed IP addresses
  • Third party data access via existing contract or via Synalogik
  • Access via standard web browser
  • Harnessing core technologies (microservices architecture, Apache Kafka, ArangoDB) for integrations

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Dependant on the Priority of the Service Level Agreements:; Priority 1 - 1 working hour acknowledgement - 4 hour response time, ; Priority 2 - 4 working hour response time - 24hr resolution time; Priority 3- 4 working hours response time, 3 working days resolution time; Priority 4 - 48 working hours response time, 5 working days resolution time
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Synalogik inclusive support levels include email and on-line ticketing and services. Responses during working timelines; UK Mon-Friday 9-5. Prioritisation ticketing available. Account managers and cloud support engineers provided. Ongoing Support Incident Management During transition Synalogik provide Early Life Support: Controlled handover of the platform to Service Operation (BAU). This includes operational support and knowledge transfer. After platform integration Synalogik provide centralised incident management service providing single point-of-contact with triage responsibility.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: In our experience, the deployment of Datahunter into a new environment requires enterprise-wide collaboration between stakeholders and business functions such as Service Owners, Design Boards, Accreditors and DevOps teams. Synalogik Professional Services offer end-to-end services to assist with all necessary steps to support the related integration activities within our programme management delivery, using either waterfall (PRINCE2), agile (Kanban) or blended project delivery styles as preferred.; For new user accounts for Datahunter, Synalogik offer, per account:; ; User Guides; ; *Online self-help portal (populated with electronic user instructions); ; *Business Hours Helpdesk; ; *Computer-Based Explainer Videos and other bespoke training support as required.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Datahunter contains functionality for Client to export all Search Results at any time. All Search Results will be automatically deleted 90 days after the end of the Subscription Term or the MSA. If requested by Client, Synalogik shall (at Client’s cost) provide reasonable assistance for up to 30 days following the end of a Subscription Term or the MSA to enable Client to export Client Searches from the platform.
• End-of-contract process: Either Party may terminate the MSA for convenience by giving 90 days’ notice to the other Party at any time after the Initial Term. Datahunter contains functionality for Client to export all Search Results from Datahunter at any time. All Search Results in Datahunter will be automatically deleted 90 days after the end of the Subscription Term for Datahunter or the MSA. If requested by Client, Synalogik shall (at Client’s cost) provide reasonable assistance for up to 30 days following the end of a Subscription Term for Datahunter or the MSA to enable Client to export Client Searches.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The is no difference other than the formatted layout
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: We create a bespoke URL for access for all clients. each client environment has access to their own support area and support access functionality.
• Accessibility standards: None or don’t know
• Description of accessibility: We are still in the testing stages of accessibility - at present we don't believe there are any restrictions on what users can and can't do.
• Accessibility testing: We haven't yet started testing with users of assistive technology.
• API: Yes
• What users can and can't do using the API: Synalogik have an inbound and outbound API facility available for our platforms, meaning that clients can integrate with the Scout® platform and retrieve results from our data aggregation, risk scoring and visualisation tools direct from their user interfaces.; ; Users can initiate workflows, aggregate multiple data source results and cleanse potentially relevant “results” using our picklist list through our Inbound API.; ; Users can run searches, create picklists, set templated workflows, automate Open source enquiries and receive risk scored results through the outbound API.; ; The Scout Public API is provided as a stateless RESTful API. Our API has relevant URL endpoints, accepts specific-format JSON request bodies, returns JSON-encoded responses, and uses standard HTTP status codes.; ; The purpose of this API is to allow user organisations to remotely manage their interaction with the Synalogik Scout service. ; ; Full documentation is available for both APIs, upon request.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Customisation includes the data sources, functionality, open-source templates and templated workflows. Superusers have the ability to select the data sources, functionality, open-source templates and the ability to create templated workflows. Standard users do not have these functions available.

Scaling

• Independence of resources: The Synalogik cloud based autoscaling technologies ensure we can cope with the demands on the service from multiple users/accounts on the service.

Analytics

• Service usage metrics: Yes
• Metrics types: Management Information reports are available showing usage of Datahunter, enabling managers to identify any non-usage and respond accordingly. The reports can also help to identify training, tradecraft gaps and weaknesses, which can then be addressed – all of which are delivered by Synalogik as part of our commitment to best-in-class investigations and customer support.; ; Reporting consists of retrieval of “Management Information” which can be retrieved by internal administrative users directly from the system.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Datahunter reports can be exported into pdf, excel, word or an outbound API (JSON format) into client Case Management systems.
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats: JSON

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Synalogik shall endeavour to make Datahunter available to Client Users 24/7 and monitor for any issues. All Data Feeds are subject to Data Supplier SLAs. Synalogik shall agree and meet the Datahunter SLA and the Technical SLA in the Service Level Schedule to the Order Form. If Synalogik fails to meet the Service Levels in the Service Level Schedule, Synalogik shall: (a) take those actions reasonably necessary to correct the problem and begin meeting the Service Levels as soon as reasonably practicable; (b) initiate investigations to identify the root causes of such failure; and (c) where; appropriate, make written recommendations to Client, including the actions proposed by Synalogik and to be carried out by Client, for improvement in procedures to satisfy the Service Levels and prevent any recurrence of such failure; (d) adopt a ‘work the problem’ approach; to seek to correct and minimise recurrences of all Service Level failures for which it is responsible. Synalogik shall deliver to Client, within 15 Business Days after the end of any issue, a report setting out performance against the Datahunter SLA and the Technical Support SLA.
• Approach to resilience: Available upon request
• Outage reporting: The Dathunter service will automatically send an alarm internally to alert Synalogik of an outage - once received, an email alert is sent to all clients. In the event this doesn't happen, Synalogik provides a centralised incident management service for DataHunter and all supported data interfaces. This provides our customers with a single point of contact for DataHunter and places the responsibility to triage incidents on the relevant data interface supplier with Synalogik. ; ; Synalogik will manage all incident resolutions between 2nd Line and 3rd Line via separate, agreed ways of working with our data interface suppliers.; ; Synalogik defines incidents as either ‘Standard’ or ‘Outage.’ The initial response time is calculated from when the incident is reported to Synalogik to when an initial response has been communicated from Synalogik Support. The resolution is the time agreed for Synalogik to find a resolution to the incident or request - initial business response within 1hr, resolution time varies depending on the issue.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: IP /VPN Pre-registration
• Access restrictions in management interfaces and support channels: User and system access is provided at four levels:; ADMIN - Access to the Synalogik Administration and Helpdesk, Ability to reset passwords, unlock accounts and disable user access; SUPERUSER - Investigator functionality with admin functionality, Ability for investigators to also reset passwords and unlock accounts; GENERAL USER - Investor/Analyst, Ability to use full functionality of the Scout® platform; AUDIT - Professional standards/Compliance, Ability to view user activity
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: IP/VPN Pre- registration.

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International
• ISO/IEC 27001 accreditation date: 22/03/2024
• What the ISO/IEC 27001 doesn’t cover: Only minor items identified in the SDS - Statement of Applicability v1.3 Everything else in the company remains covered and a copy of the Statement of Applicability is available upon request.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Our Head of Compliance is the Compliance Officer and DPO. We have an Chief Information Security Manager, who is fully dedicated to the roles of Risk Management, Business Continuity and Information Security Management. Everyone else in the compliance team is IS027001 Lead Auditor Qualified. Mandatory Training relating to GDPR and information security is in place for all staff.; ; Synalogik are ISO:27001 and Cyber Essentials Plus certified. We are annually penetration tested by CREST qualified penetration testers.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Synalogik have a change management policy which is underpinned by processes and procedures based on ITIL best practice. This is a mature process. We use a service management tool that integrates change management, incident management, problem management, configuration management and knowledge management. Our change management policy, processes, and procedures are regularly audited. Formal risk analysis is employed using an approved information risk analysis phase for developments/changes. Security requirements for the system are identified and continue to be considered throughout the life of the product.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Annual penetration testing regime. Automated scanning for vulnerable software using AWS Patch Manager on EC2 instances and all Apple Mac endpoint devices are Mobile Device managed to push the latest security and macOS patches to the devices without delay. We hold NCSC security accredited ‘Cyber Essentials Plus’ via IASME. We undergo a full annual technical audit of all our systems and endpoints, by an external IASME qualified assessor who examines technical security controls, testing that they exclusively work through a technical audit including internal and external vulnerability scans. Cyber Essentials Plus certification includes automatic addition to their cyber liability insurance.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We utilise AWS Guard Duty with AWS Security Hub which scans all our access logs and immediately alerts to our Slack instance if it identifies anything suspicious. We then intervene to take the necessary action as required. We also receive National Cyber Security Centre (NCSC) Weekly Threat Reports and act to incorporate any mitigations to threats & vulnerabilities identified that are relevant to our IT estate.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Synalogik provides a centralised incident management service for Scout® / DataHunter and all supported data interfaces. This provides our customers with a single point of contact for DataHunter and places the responsibility to triage incidents on the relevant data interface supplier with Synalogik. ; ; Users can report incidents directly via Zendesk (built into Scout®). Incident reports are provided by email once the full Root Cause Analysis has been undertaken.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Covid-19 recovery
  • Tackling economic inequality

  Covid-19 recovery

  Synalogik software was used during the pandemic to mitigate the fraud impact on the Bounce Back loan scheme.

  Tackling economic inequality

  Synalogik's software is used every day i the fight against fraud and to protect vulnerable people who choose to transact digitally. Our software helps prevent them from harm in a variety of use cases.

Pricing

• Price: £6,000 an instance a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at a.booth@synalogik.com. Tell them what format you need. It will help if you say what assistive technology you use.