CESIUM - Child Exploitation, Assessment, and Identification Using Machine Learning
CESIUM has been built with safeguarding professionals as a tool to assist in the complex risk assessment and decision making associated with safeguarding children. The ethical AI platform allows multi-agency data to be shared, integrated and analysed securely, surfacing insights and areas of concern for consideration.
Features
- A secure environment for sharing multi-agency safeguarding data
- Multi-agency environment to share analysis and inform MACE decision making
- Search across multiple databases for different records of same person
- Explore page to generate focussed queries of CESIUM’s database
- Timeline analysis to analyse all recorded events about a case
- Associates diagram to visualise and analyse a case’s known connections
- Risk analysis to assess a child's likelihood of MACE referral
- Data engineering service to integrate a safeguarding partnership’s databases
- Data sharing agreements which incorporate ethical impact assessment
- Digital literacy training to interpret and critique CESIUM's machine learning
Benefits
- Identify at-risk children who may have otherwise been missed
- Reduce the time taken to identify at-risk children
- Reduce the time taken to assess at-risk children
- Enable secure and ethical data sharing between multi-agency partners
- Dramatically reduce the administrative burden of case management
- Give more time to focus on individual cases
- Increase operational efficiency of case management
- Enable a more strategic view of cases in operational area
- More time to focus on case management, less on adminstration
- Increase situational awareness of operational safeguarding requirements
Pricing
£64,800 to £72,000 a licence a year
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
1 6 1 7 0 5 2 7 7 5 0 7 3 7 6
Contact
TRILATERAL RESEARCH LTD
Kush Wadhwa
Telephone: 02070528285
Email: Sociotech@trilateralresearch.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- A database integration is required for implementation
- System requirements
-
- Internet access, and a supported web browser installed
- Open API access to identified databases
- Virtual Private Network (VPN) access to whilelist IP range
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Within 2 day for high priority items.
Ticketing support provided within the application.
Pre-agreed response times between service desk & customer. - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
99% availability except for scheduled maintenance & other maintenance updates.
Technical support: Monday to Friday from 9.00 to 17.00.
Incident response time: If the incident is received after 15.00 hs the response may be delayed until 11.00 hs on the next business day. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Onboarding is firstly achieved through database integration and is supported with 5 days of end user setup, which includes training.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- CESIUM does not create data, it provides a read-only view of existing databases, therefore, customer data is deleted.
- End-of-contract process
- Upon conclusion of the service: user accounts and configuration data are removed from the system.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- No
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
- Web application
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
-
All images/graphs used contain alt-text and colour is not used as exclsuive means to differentiate. A minimum font size of 12 points is used with sentence case, high contrast is used throughout, and form fields are clearly labelled.
The interface has been tested by people with colour blindness. Further testing is planned. - API
- No
- Customisation available
- No
Scaling
- Independence of resources
- The service is built in a public cloud that uses state-of-the art databases and micro-services built to scale and does so automatically on-demand.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Usage over time; feature usage; compute time per user; data usage; data storage; number of users; API calls.
Further metrics can be implemented. - Reporting types
- Regular reports
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
- Other
- Other data at rest protection approach
-
CESIUM runs on Amazon Web Services (AWS). AWS adheres to independently validated privacy, data protection, security protections and control processes.
AWS is responsible for the security of the cloud; customers are responsible for security in the cloud. AWS enables customers to control their content (where it will be stored, how it will be secured in transit or at rest, how access to their AWS environment will be managed).
Wherever appropriate, AWS offers customers options to add additional security layers to data at rest, via scalable, efficient encryption features. AWS offers flexible key management options and dedicated hardware-based cryptographic key storage. - Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- N/A
- Data export formats
- Other
- Other data export formats
- N/A
- Data import formats
- Other
- Other data import formats
- N/A
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- Availability is that which is offered by Amazon Web Services and varies among different components of the STRIAD platform. AWS currently provides SLAs for several services which are available on the AWS website via the link below: https://aws.amazon.com/legal/service-level-agreements/
- Approach to resilience
-
CESIUM leverages the AWS Business Continuity plan, which details the process that AWS follows in the case of an outage, from detection to deactivation. AWS has developed a three-phased approach: Activation and Notification Phase, Recovery Phase, and Reconstitution Phase. This approach ensures that AWS performs system recovery and reconstitution efforts in a methodical sequence, maximizing the effectiveness of the recovery and reconstitution efforts and minimizing system outage time due to errors and omissions.
AWS maintains a ubiquitous security control environment across all regions. Each data centre is built to physical, environmental, and security standards in an active-active configuration, employing an n+1 redundancy model, ensuring system availability in the event of component failure. Components (N) have at least one independent backup component. All data centres are online and serving traffic. In case of failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites. - Outage reporting
- Service outages are reported via the Public dashboard; personalised dashboard with API and events; configurable alerting (email / SMS / messaging).
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
-
Access in management interfaces is restricted using user roles and user groups with clearly defined policies.
- Restricted to user accounts with relevant privileges
- Username and complex password
- Can be restricted to particular domains or IP addresses
- Separation of environment at Management/Network/Hypervisor/Storage layers - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Dedicated link (for example VPN)
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- Between 6 months and 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- Between 6 months and 12 months
- How long system logs are stored for
- Between 6 months and 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- The technical lead is responsible for security policy. The Senior Data Protection Advisor and Data Protection Technical Advisor provide regular guidance on procedures. The team have qualifications in computer science, experience in IT and stay informed of best practice. Cyber security systems are tested internally by the technical team on a regular basis and annually by independent penetration tests. We are Cyber Essentials accredited. Staff have experience in applying Risk Management Frameworks such as ISO:27005 which incorporates applying information security management standards such as ISO:27001, NIST Risk Management Framework (NIST 800-37) and associated NIST Security Control frameworks - NIST 800-37.
- Information security policies and processes
-
Trilateral have established an Information Security Management System (ISMS) based on ISO/IEC:27001. Our software and underlying technology platforms align with the UK National Cyber Security Centre Cloud Security Principles.
Trilaterals’ ISMS cover the following controls:
- Information Classification
- Physical & Environmental Security
- Access Control
- Operations Security (Acceptable Use, Software Usage, Backup, Disaster Recovery, Malware Protection, Vulnerability Management, Logging and Monitoring, Remote Access, Removable Media, Password Management, Email Use, Clear Desk and Clear Screen
- Mobile devices, teleworking
- Change Management
- Human Resource Security
- Incident Management
- Asset Management
- Cryptographic and Encryption Controls
- Communications Security
- Data Protection Compliance
- System Acquisition, Development and Maintenance
- Supplier Relationship Management
- Training and Awareness
- Business Continuity Management
Policy Governance:
Policies are implemented via technical/organisational structures, enumerated via procedures, monitored via measurement of KPIs, self-assessment, auditing/evaluation. Methodologies align with ISO/IEC:27004. The board of directors has oversight of policy efficacy, with an Information Security Board overseeing ISMS implementation and maintenance. Policy enforcement is via defined roles and responsibilities, training and awareness programmes, and disciplinary review and corrective action procedures.
Reporting:
Reporting structures, enumerated via procedures. The Information Security Director has direct access to Board of Directors.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Configuration and Change Management processes are in place governing hardware, software, documentation and procedures related to running, support and maintenance of systems.
A CMDB is used to record information about hardware and software assets.
Proposed changes must be approved. The change management process includes the raising and recording of changes, assessing the impact, cost, benefit and risk assessment of proposed changes, applying security control mitigations, developing business justification, obtaining approval, managing and coordinating change implementation, monitoring and reporting on implementation, reviewing and closing change requests.
Change management is incorporated into the software development process. Project managers coordinate with Change Managers - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
We align with ISO:27001 Technical vulnerability management controls, informed by ISO:27002 guidance. There is a technical vulnerability management process in place. Vulnerability management tools are integrated with the CMDB. Identified vulnerabilities are responded to based on a timeline aligned to class of severity and risk. Changes are made under the Change Management process. Patches are tested prior to deployment.
Mitre CVE database is monitored for relevant items.
Procedures are in place to address situations where vulnerabilities are identified and no suitable countermeasures are available. - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- We align with ISO:27001 / Monitoring, measurement, analysis and evaluation, informed by ISO:27002 implementation guidance. There is a defined process for identifying assets that need to be monitored. Appropriate roles and responsibilities are established. The protective monitoring process is incorporated into our risk management framework. Data points that require monitoring are determined, measurement and evaluation criteria are defined. Reporting tools are integrated into relevant OSI layers.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
We align with ISO:27035. Incident management responsibilities and procedures are established. An incident response team (IRT) exists to respond to incidents. The IRT is tasked with implementing the following facets of incident the response process:
- effective detection of information security events;
- appropriate assessment of events;
- ensure efficient incident response;
- minimise adverse effects of incidents on operations;
- support vulnerability management;
- incorporate learning from incidents into processes and procedures.
Common events have pre-defined processes in order to facilitate more efficient response.
Incident reports are compiled and provided to management. Learnings are incorporated into processes and procedures.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
-
- Public Services Network (PSN)
- Police National Network (PNN)
Social Value
- Fighting climate change
-
Fighting climate change
We operate remote working to allow staff to reduce their carbon footprint.
We encourage staff to attend client/project meetings and events virtually where possible. Where that is not possible, we encourage staff to combine travel requirements where possible to reduce the number of journeys made and to use public transport.
We host CESIUM in AWS Cloud, which reduces energy consumption as opposed to hosting servers on premises. A 2019 study found that AWS is 3.6 times more energy efficient than surveyed enterprise data centers.
We have implemented several digital software solutions such as digital signing software, time management and HR information systems thereby significantly reducing paper-usage.
We organise remote configuration for devices thereby reducing the transport / courier required to equip our staff.
We use office-space that has energy-saving options with light and heat so that we only use what is required, e.g., we ensure the use of motion-sensitive lighting in our offices.
We implement procurement guidelines including information on electrical equipment, so we select efficient devices centrally and provide guidance for staff who work from home on what devices we approve. For example, we select printers with ISO14001 certification demonstrating they are working to manage and reduce their impacts.
We source only FSC certified or 100% recycled paper and timber, to reduce our impact on forests.
We are involved in multiple research projects and commercial contracts intended to have a positive influence on environmental protection and improvement. - Covid-19 recovery
-
Covid-19 recovery
We allow remote-working and flexible working for staff. This allows them to continue to contribute to their local communities rather than travelling sometimes long distances to work.
We offer paid time off via a Volunteer Day, for staff who wish to support a local community initiative, group or charity that aims to have a positive impact on society.
When we do require staff to attend the office, we provide adequate opportunity for remote working, social distancing and we also operate hybrid meetings where staff can attend virtually if they feel unsure about attending in person. - Tackling economic inequality
-
Tackling economic inequality
We have created a Sociotech for Good Academy, which offers internships to those who wish to work within the tech industry but have not yet secured a role. These offer both the opportunity to acquire valuable technical experience, but also provides generic skills training and outplacement support.
We are in the process of creating a second internship program for our research services business unit.
We pay a minimum of London Living Wage to all internships regardless of location.
We have identified and managed cyber security risks in the delivery of our contracts and in our supply chain. This has included auditing the GDPR and Data Protection and Cyber Security approaches from our significant suppliers to ensure third party suppliers meet or exceed our basic cybersecurity requirements under Cyber Essentials Plus standards. - Equal opportunity
-
Equal opportunity
We are Disability Confident employers – all candidates and prospective employees are invited to tell us of any adjustments they may need, and we use experts such as Occupational Health advisors to ensure we are providing the correct support to employees.
We are signatories of the Armed Forces Covenant, and target specific activities such as advertising and providing time off for those who are ex-members or members of reserve forces.
We have a Modern Slavery Statement, which is loaded voluntarily on the UK Government’s Modern Slavery Statement Registry. We have specific actions we have taken and plan to take within the remit of this statement to ensure we support fair and equal access to work. We are also signatories to the UN Global Compact on Human Rights, with a specific plan of actions including policy and procedure review and implementation and training which we adhere to.
All decisions such as selection, reward, training, promotion etc are made on objective criteria and managers are trained to ensure this is consistent through the organisation. - Wellbeing
-
Wellbeing
As part of our response to the COVID -19 pandemic and its effect on our workforce and society, we implemented an Employee Assistance Program, which we have offered to all who work with us, employees or otherwise. This provides psychological, legal, financial and health advice and guidance to our staff. Most services are available not just to the staff but to their close family as well.
We operate flexible and remote working to ensure good work life balance and a healthy approach to managing work and stress.
We provide stress training to managers and staff to support resilience.
For those employees whose role requires significant amounts of time spent on work that could possibly trigger secondary-trauma due to the nature of the work, we provide specialised support including training, supervision, wellbeing time off, and work practices such as rotation of personnel so that adequate time away is achieved.
We work on significant sociotech projects tackling complex topics such as child exploitation, modern slavery and human trafficking in a co-design manner so that we ensure we provide robust solutions and delivery.
Pricing
- Price
- £64,800 to £72,000 a licence a year
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- We offer a Feasibility Study - See Pricing Document & Service Definition for further information.