CESIUM - Child Exploitation, Assessment, and Identification Using Machine Learning

CESIUM has been built with safeguarding professionals as a tool to assist in the complex risk assessment and decision making associated with safeguarding children. The ethical AI platform allows multi-agency data to be shared, integrated and analysed securely, surfacing insights and areas of concern for consideration.


  • A secure environment for sharing multi-agency safeguarding data
  • Multi-agency environment to share analysis and inform MACE decision making
  • Search across multiple databases for different records of same person
  • Explore page to generate focussed queries of CESIUM’s database
  • Timeline analysis to analyse all recorded events about a case
  • Associates diagram to visualise and analyse a case’s known connections
  • Risk analysis to assess a child's likelihood of MACE referral
  • Data engineering service to integrate a safeguarding partnership’s databases
  • Data sharing agreements which incorporate ethical impact assessment
  • Digital literacy training to interpret and critique CESIUM's machine learning


  • Identify at-risk children who may have otherwise been missed
  • Reduce the time taken to identify at-risk children
  • Reduce the time taken to assess at-risk children
  • Enable secure and ethical data sharing between multi-agency partners
  • Dramatically reduce the administrative burden of case management
  • Give more time to focus on individual cases
  • Increase operational efficiency of case management
  • Enable a more strategic view of cases in operational area
  • More time to focus on case management, less on adminstration
  • Increase situational awareness of operational safeguarding requirements


£64,800 to £72,000 a licence a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

1 6 1 7 0 5 2 7 7 5 0 7 3 7 6


Telephone: 02070528285

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
A database integration is required for implementation
System requirements
  • Internet access, and a supported web browser installed
  • Open API access to identified databases
  • Virtual Private Network (VPN) access to whilelist IP range

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 2 day for high priority items.

Ticketing support provided within the application.

Pre-agreed response times between service desk & customer.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
99% availability except for scheduled maintenance & other maintenance updates.

Technical support: Monday to Friday from 9.00 to 17.00.

Incident response time: If the incident is received after 15.00 hs the response may be delayed until 11.00 hs on the next business day.
Support available to third parties

Onboarding and offboarding

Getting started
Onboarding is firstly achieved through database integration and is supported with 5 days of end user setup, which includes training.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
CESIUM does not create data, it provides a read-only view of existing databases, therefore, customer data is deleted.
End-of-contract process
Upon conclusion of the service: user accounts and configuration data are removed from the system.

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Designed for use on mobile devices
Service interface
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
Web application
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
All images/graphs used contain alt-text and colour is not used as exclsuive means to differentiate. A minimum font size of 12 points is used with sentence case, high contrast is used throughout, and form fields are clearly labelled.

The interface has been tested by people with colour blindness. Further testing is planned.
Customisation available


Independence of resources
The service is built in a public cloud that uses state-of-the art databases and micro-services built to scale and does so automatically on-demand.


Service usage metrics
Metrics types
Usage over time; feature usage; compute time per user; data usage; data storage; number of users; API calls.

Further metrics can be implemented.
Reporting types
Regular reports


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Other data at rest protection approach
CESIUM runs on Amazon Web Services (AWS). AWS adheres to independently validated privacy, data protection, security protections and control processes.

AWS is responsible for the security of the cloud; customers are responsible for security in the cloud. AWS enables customers to control their content (where it will be stored, how it will be secured in transit or at rest, how access to their AWS environment will be managed).

Wherever appropriate, AWS offers customers options to add additional security layers to data at rest, via scalable, efficient encryption features. AWS offers flexible key management options and dedicated hardware-based cryptographic key storage.
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Data export formats
Other data export formats
Data import formats
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Availability is that which is offered by Amazon Web Services and varies among different components of the STRIAD platform. AWS currently provides SLAs for several services which are available on the AWS website via the link below:
Approach to resilience
CESIUM leverages the AWS Business Continuity plan, which details the process that AWS follows in the case of an outage, from detection to deactivation. AWS has developed a three-phased approach: Activation and Notification Phase, Recovery Phase, and Reconstitution Phase. This approach ensures that AWS performs system recovery and reconstitution efforts in a methodical sequence, maximizing the effectiveness of the recovery and reconstitution efforts and minimizing system outage time due to errors and omissions.

AWS maintains a ubiquitous security control environment across all regions. Each data centre is built to physical, environmental, and security standards in an active-active configuration, employing an n+1 redundancy model, ensuring system availability in the event of component failure. Components (N) have at least one independent backup component. All data centres are online and serving traffic. In case of failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites.
Outage reporting
Service outages are reported via the Public dashboard; personalised dashboard with API and events; configurable alerting (email / SMS / messaging).

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Access in management interfaces is restricted using user roles and user groups with clearly defined policies.
- Restricted to user accounts with relevant privileges
- Username and complex password
- Can be restricted to particular domains or IP addresses
- Separation of environment at Management/Network/Hypervisor/Storage layers
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
The technical lead is responsible for security policy. The Senior Data Protection Advisor and Data Protection Technical Advisor provide regular guidance on procedures. The team have qualifications in computer science, experience in IT and stay informed of best practice. Cyber security systems are tested internally by the technical team on a regular basis and annually by independent penetration tests. We are Cyber Essentials accredited. Staff have experience in applying Risk Management Frameworks such as ISO:27005 which incorporates applying information security management standards such as ISO:27001, NIST Risk Management Framework (NIST 800-37) and associated NIST Security Control frameworks - NIST 800-37.
Information security policies and processes
Trilateral have established an Information Security Management System (ISMS) based on ISO/IEC:27001. Our software and underlying technology platforms align with the UK National Cyber Security Centre Cloud Security Principles.

Trilaterals’ ISMS cover the following controls:
- Information Classification
- Physical & Environmental Security
- Access Control
- Operations Security (Acceptable Use, Software Usage, Backup, Disaster Recovery, Malware Protection, Vulnerability Management, Logging and Monitoring, Remote Access, Removable Media, Password Management, Email Use, Clear Desk and Clear Screen
- Mobile devices, teleworking
- Change Management
- Human Resource Security
- Incident Management
- Asset Management
- Cryptographic and Encryption Controls
- Communications Security
- Data Protection Compliance
- System Acquisition, Development and Maintenance
- Supplier Relationship Management
- Training and Awareness
- Business Continuity Management

Policy Governance:
Policies are implemented via technical/organisational structures, enumerated via procedures, monitored via measurement of KPIs, self-assessment, auditing/evaluation. Methodologies align with ISO/IEC:27004. The board of directors has oversight of policy efficacy, with an Information Security Board overseeing ISMS implementation and maintenance. Policy enforcement is via defined roles and responsibilities, training and awareness programmes, and disciplinary review and corrective action procedures.

Reporting structures, enumerated via procedures. The Information Security Director has direct access to Board of Directors.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Configuration and Change Management processes are in place governing hardware, software, documentation and procedures related to running, support and maintenance of systems.

A CMDB is used to record information about hardware and software assets.

Proposed changes must be approved. The change management process includes the raising and recording of changes, assessing the impact, cost, benefit and risk assessment of proposed changes, applying security control mitigations, developing business justification, obtaining approval, managing and coordinating change implementation, monitoring and reporting on implementation, reviewing and closing change requests.

Change management is incorporated into the software development process. Project managers coordinate with Change Managers
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
We align with ISO:27001 Technical vulnerability management controls, informed by ISO:27002 guidance. There is a technical vulnerability management process in place. Vulnerability management tools are integrated with the CMDB. Identified vulnerabilities are responded to based on a timeline aligned to class of severity and risk. Changes are made under the Change Management process. Patches are tested prior to deployment.

Mitre CVE database is monitored for relevant items.

Procedures are in place to address situations where vulnerabilities are identified and no suitable countermeasures are available.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
We align with ISO:27001 / Monitoring, measurement, analysis and evaluation, informed by ISO:27002 implementation guidance. There is a defined process for identifying assets that need to be monitored. Appropriate roles and responsibilities are established. The protective monitoring process is incorporated into our risk management framework. Data points that require monitoring are determined, measurement and evaluation criteria are defined. Reporting tools are integrated into relevant OSI layers.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
We align with ISO:27035. Incident management responsibilities and procedures are established. An incident response team (IRT) exists to respond to incidents. The IRT is tasked with implementing the following facets of incident the response process:
- effective detection of information security events;
- appropriate assessment of events;
- ensure efficient incident response;
- minimise adverse effects of incidents on operations;
- support vulnerability management;
- incorporate learning from incidents into processes and procedures.

Common events have pre-defined processes in order to facilitate more efficient response.
Incident reports are compiled and provided to management. Learnings are incorporated into processes and procedures.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)

Social Value

Fighting climate change

Fighting climate change

We operate remote working to allow staff to reduce their carbon footprint.

We encourage staff to attend client/project meetings and events virtually where possible. Where that is not possible, we encourage staff to combine travel requirements where possible to reduce the number of journeys made and to use public transport.

We host CESIUM in AWS Cloud, which reduces energy consumption as opposed to hosting servers on premises. A 2019 study found that AWS is 3.6 times more energy efficient than surveyed enterprise data centers.
We have implemented several digital software solutions such as digital signing software, time management and HR information systems thereby significantly reducing paper-usage.

We organise remote configuration for devices thereby reducing the transport / courier required to equip our staff.

We use office-space that has energy-saving options with light and heat so that we only use what is required, e.g., we ensure the use of motion-sensitive lighting in our offices.

We implement procurement guidelines including information on electrical equipment, so we select efficient devices centrally and provide guidance for staff who work from home on what devices we approve. For example, we select printers with ISO14001 certification demonstrating they are working to manage and reduce their impacts.

We source only FSC certified or 100% recycled paper and timber, to reduce our impact on forests.

We are involved in multiple research projects and commercial contracts intended to have a positive influence on environmental protection and improvement.
Covid-19 recovery

Covid-19 recovery

We allow remote-working and flexible working for staff. This allows them to continue to contribute to their local communities rather than travelling sometimes long distances to work.

We offer paid time off via a Volunteer Day, for staff who wish to support a local community initiative, group or charity that aims to have a positive impact on society.

When we do require staff to attend the office, we provide adequate opportunity for remote working, social distancing and we also operate hybrid meetings where staff can attend virtually if they feel unsure about attending in person.
Tackling economic inequality

Tackling economic inequality

We have created a Sociotech for Good Academy, which offers internships to those who wish to work within the tech industry but have not yet secured a role. These offer both the opportunity to acquire valuable technical experience, but also provides generic skills training and outplacement support.
We are in the process of creating a second internship program for our research services business unit.
We pay a minimum of London Living Wage to all internships regardless of location.

We have identified and managed cyber security risks in the delivery of our contracts and in our supply chain. This has included auditing the GDPR and Data Protection and Cyber Security approaches from our significant suppliers to ensure third party suppliers meet or exceed our basic cybersecurity requirements under Cyber Essentials Plus standards.
Equal opportunity

Equal opportunity

We are Disability Confident employers – all candidates and prospective employees are invited to tell us of any adjustments they may need, and we use experts such as Occupational Health advisors to ensure we are providing the correct support to employees.

We are signatories of the Armed Forces Covenant, and target specific activities such as advertising and providing time off for those who are ex-members or members of reserve forces.

We have a Modern Slavery Statement, which is loaded voluntarily on the UK Government’s Modern Slavery Statement Registry. We have specific actions we have taken and plan to take within the remit of this statement to ensure we support fair and equal access to work. We are also signatories to the UN Global Compact on Human Rights, with a specific plan of actions including policy and procedure review and implementation and training which we adhere to.

All decisions such as selection, reward, training, promotion etc are made on objective criteria and managers are trained to ensure this is consistent through the organisation.


As part of our response to the COVID -19 pandemic and its effect on our workforce and society, we implemented an Employee Assistance Program, which we have offered to all who work with us, employees or otherwise. This provides psychological, legal, financial and health advice and guidance to our staff. Most services are available not just to the staff but to their close family as well.

We operate flexible and remote working to ensure good work life balance and a healthy approach to managing work and stress.

We provide stress training to managers and staff to support resilience.
For those employees whose role requires significant amounts of time spent on work that could possibly trigger secondary-trauma due to the nature of the work, we provide specialised support including training, supervision, wellbeing time off, and work practices such as rotation of personnel so that adequate time away is achieved.

We work on significant sociotech projects tackling complex topics such as child exploitation, modern slavery and human trafficking in a co-design manner so that we ensure we provide robust solutions and delivery.


£64,800 to £72,000 a licence a year
Discount for educational organisations
Free trial available
Description of free trial
We offer a Feasibility Study - See Pricing Document & Service Definition for further information.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.