IB Boost

OCTANE Data Integration and Reporting for Law Enforcement

IB Boost’s OCTANE platform is a customisable, secure, data integration, reporting and analytics platform including case and quality management modules allowing organisations to develop workflows, forms, reports and dashboards in a shared, modern web-based platform. OCTANE for Law Enforcement and Policing includes sector specific accelerators and domain expert services.

Features

• SaaS-style deployment for Law Enforcement and Policing multi-agency data sharing
• Advanced analytics and reporting capabilities including real-time dashboards for performance
• Data driven: Extensive data integration capabilities from any source
• Scalable: no data set size or analytics requirement too large
• Unlimited range of APIs and external integration with ORQA robots
• Case management workflows for Law Enforcement procedures
• LEO Modules for: SOC, MoRiLE, Tasking, Threat Management, Referrals, etc.
• Evidence and Quality management of Law Enforcement procedures
• Orchestration and collaboration on document management and scheduling
• Law Enforcement specific case management workflows for forensics, prosecution, etc.

Benefits

• Low-cost and flexible analytics, visualisations, business intelligence and reporting tools
• Fully extensible to utilise custom business domain data and workflows
• Custom workflows, task management and alerts for optimal productivity
• Fully managed SaaS or private service options with customisable SLAs
• Multi-organisation data sharing and coordination with secure and granular permissions
• Integrate and reconcile any data-source even API-less legacy systems
• Produce publication ready documents with analytics and self-service scheduled extracts
• Run hybrid/private network nodes for in-house integrations and use-specific portals
• Secure platform: HMG Security Policy Framework compliant OFFICIAL-SENSITIVE and higher
• Out-of-the-box law enforcement-specific data models and workflows accelerate projects

£7.50 to £50 a user a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@ibboost.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

188461433336395

Contact

Nicholas Goodley
+44 118 230 1337
tenders@ibboost.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Offered services are designed to run on public cloud, however the platform can run on private or hybrid cloud. Cloud application availability is dependent on the desired cloud infrastructure platform suggested e.g. Azure, AWS, UKCloud, GCP, etc. and integration capabilities with Buyer's own infrastructure (where applicable).
• System requirements:
  • At least IE 11 is required for full visualisation capabilities
  • At least IE 9 required for rich web interface interactions
  • At least Windows Vista for desktop application operation
  • Systems to be integrated must be accessible from chosen system

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Standard SLA terms down to 30 minutes for P1 events and longer for less severe priorities. For non-critical questions, typical turnaround is within a day dependent on complexity.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: None
• Onsite support: Yes, at extra cost
• Support levels: Service levels are configurable according to client requirements. Service desk, email, phone, live chat, and on-site support are available. Support is accessible to third-party suppliers. 24/7 to 9-5 to on-demand support models available with standard support P1 response times of one hour and incident escalation options, as needed. We provide a cloud support engineer during UK business hours and a technical account manager for out-of-hours escalation.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide onsite training, supplemented by phone, email and documentation, as well as user documentation.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: Users can export all their data using self-service mechanisms at any time.
• End-of-contract process: The service will simply be switched off and the accounts deactivated. In a private installation, all services and provisioned machines would need to be deleted. There is no deactivation charge in our public shared-platform instances. Any additional costs of exit or migration or transfer of service not already defined as part of the service offering will be charged at our SFIA rate card and will not be included in our subscription cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Due to the complex nature of reporting and analytics, mobile data entry is optimised only for access to records rather than data entry by default. Further configuration can create mobile-optimised usage. Where ORQA is used, ORQA robotics are unable to run on mobile devices.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: RESTful and SOAP web interface APIs for various business and administrative services
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: None
• API: Yes
• What users can and can't do using the API: Users can configure, execute and retrieve results via the API for all primary functions.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: The service can be customised for use according to client requirements including network connectivity, numbers of users, and number of parallel processes. Connectivity and integration with private or hybrid clouds is possible. The platform can utilise customised testing and automation scripts of the user's own design. In private instances of the platform, the users can define their own super users who can control the users of the platform and the functions they have the ability to use.; Further business objects, data forms, workflows, event triggers, task queues, short-cuts, views, reports and extracts and reference data lists can all be customised to varying degrees in the OCTANE platform.

Scaling

• Independence of resources: Instances by default are private and entirely dedicated to clients or subject to community agreement in community cloud instances.

Analytics

• Service usage metrics: Yes
• Metrics types: Standard reports on users and costs.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
• Other data at rest protection approach: Where required, data can be encrypted using cloud-specific data storage encryption procedures, and can further be encrypted at the OS-level should it be required
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Self-service mechanisms in the web UI
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XLS
  • PDF
  • XML
  • JSON
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • XLS
  • TXT
  • XML
  • JSON

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 98% - This is the standard service level expected. Higher SLAs are available subject to separate service fees, primarily resulting from increased IaaS costs for such availability. Application uptime-only guarantee when related to private cloud or on-premise infrastructure.; Refund available for 200% of the supplier-caused service unavailability up to a maximum of the month's service charges, calculated on a service-month basis.
• Approach to resilience: Our service uses distributed service-discovery, and active monitoring to ensure sufficient resources available to provide high-availability. The platform can be spread across multiple availability zones to ensure availability even with regional cloud service disruptions.
• Outage reporting: A web dashboard, API and email alerts are all available with usage restrictions.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: Spring Security is used to implement the above described authentication mechanisms.
• Access restrictions in management interfaces and support channels: Management interfaces can have additional access constraints such as use of bastion hosts, whitelisted IP address and 2FA.; All access needs to come in via dedicated VPNs controlled by multi-factor authentication by named accounts. Further restrictions via security groups at the IaaS cloud-platform level limit the potential originating source of threats.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: Spring Security is used to implement the above described authentication mechanisms.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: Policies are enforced technically where possible. Where they aren't, documentation of procedures and policies exists to ensure all access and use of data and systems conforms to specification. A board member is dedicated to security principles and all reporting eventually ends up in this reporting line.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Source-control and automation-first principles applied to all. All components have full-history, audited version source control. All artifacts are created with unique, canonical identifiers and checksums. All releases are based upon manifests of these canonical identifiers and checks done to ensure installation integrity. Security checks are conducted with automated tools and manual peer review.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our service platform is built in full awareness of the modern threat environment and the service designed appropriately. For public platforms, mitigating actions are taken wherever possible to implement least privileges necessary for the tasks at hand. Services are proactively monitored for unexpected usage behaviour. For private platforms, we can configure additional access controls and additional functionality to take advantage of the more sanitised environment.; ; Patching can be done intraday with minimal service interruption for severe issues and we are on mailing lists for primary zero-day exploits.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Monitoring of logs for unexpected packets, or usage. Implementation of restrictive firewall rules. Email and chat channel alerts for unexpected behaviour. We respond to any alerts based on such behaviour being identified with the utmost priority.
• Incident management type: Supplier-defined controls
• Incident management approach: We have policies and procedures in the manner of ITIL service management processes for all activities relating to our platform and can provide reports accordingly.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  IB Boost is committed to running a sustainable corporation. We have a comprehensive Environmental Policy that supports our people in making decisions that reduce our emissions as well as operating in a generally environmentally friendly way. We ensure that environmental impacts of our decision making are always thoroughly assessed and, where possible, mitigated or eliminated.; ; We have consulted a number of industry and other relevant reports, as well as specific information from various suppliers, to ensure that we are choosing to purchase products and services from suppliers that take steps to reduce their emissions, and that consequently have reported emissions that are low compared to other potential suppliers.; ; We are committed to achieving net zero emissions by well before the UK’s target of 2050. Our commitment to net zero is enabled by company leadership providing firm support to achieving this goal, and we are focused on growing our business in a way that is sustainable.; ; Whilst long proponents of flexible working strategies, since the COVID pandemic IB Boost has been re-oriented to be a remote-first company, dramatically reducing our broader carbon footprint and spearheading our reduction in greenhouse gas emissions.
• Covid-19 recovery:

  Covid-19 recovery

  Following government guidance issued in March 2020 regarding the new spread of Covid in the UK, IB Boost implemented a fully remote working model to allow our employees to remain at home and avoid public transport and public places. We have always promoted a flexible approach to work (including locations and times) so the transition to full-time working from home was smooth and caused no interruption to our business.; ; We continue to operate this remote working model. Our employees appreciate the flexibility and it helps support the wider Covid recovery efforts by helping to avoid more transmission of the highly contagious variants still circulating. It also helps support our climate change / net zero commitments by avoiding unnecessary travel.; ; We have supported our employees’ physical, psychological and financial health during this period, including the introduction of a private medical insurance plan which helps to reduce strain on NHS resources. More information on this can be found in our Wellbeing statement.
• Tackling economic inequality:

  Tackling economic inequality

  IB Boost commits to always paying, at minimum, the London Living Wage for all staff working for us. Our Modern Slavery Statement, available on our website, outlines our opposition to any form of slavery, servitude, forced labour and human trafficking. ; ; In regards to our supply chain, we seek out businesses whose values align with ours, and prioritise new, small and minority-owned businesses where appropriate. We are advocates of innovative technologies and aim to deliver these to our clients at lower costs.
• Equal opportunity:

  Equal opportunity

  IB Boost’s success depends on each and every person working for us, and it is critical we effectively use our resources to make the most out of every situation. IB Boost is committed to encouraging equality and diversity among our workforce and eliminating unlawful discrimination.; ; We strive to create a positive, fair and respectful working environment that encourages diversity and is free of discrimination on the grounds of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race (including colour, nationality, and ethnic or national origin), religion or belief, sex (gender) and sexual orientation.; ; We follow these equal opportunity policies in all recruitment and employment and practices, including but not limited to interviewing, advertising, promotions, social activities, training, employee development, compensation, performance appraisals, grievances and disciplines, and terms and conditions of employment.; ; The responsibility to uphold this commitment is shared by, and is intended to benefit, every employee of IB Boost.; ; We make sure our employees are able to address any concerns (personal or otherwise) about potential discrimination at IB Boost in a safe and confidential manner. These concerns are addressed promptly, seriously and in confidence and thorough investigations will be carried out. Employees who are found to be discriminating against others will be liable to disciplinary action, including dismissal.
• Wellbeing:

  Wellbeing

  IB Boost believes that the wellbeing of its employees is an intrinsic part of our overall business strategy and is committed to supporting our employees in any way we can. This can include their physical, psychological, and financial wellbeing.; ; An employee who doesn’t feel supported by their organisation will struggle to give their best. The IB Boost management team has put a lot of time and effort into building strong relationships with our employees, and we always encourage anyone who is struggling to speak with us if/when they feel comfortable. These conversations are kept confidential and are dealt with on a case by case basis – there is no ‘one size fits all’ approach to the wellbeing and mental health of our employees.; ; In particular, we know COVID has put additional strains on our employees. At the start of the pandemic, we quickly moved to a remote working model (which we still operate today). We worked (and continue to work) with each employee to make sure they had what they needed to continue to do their job and kept in regular contact both individually and as a team as a way of minimising the social isolation that many people experienced. Employees received fully paid sick leave and paid time off for vaccination appointments, and we offer flexible working arrangements to accommodate things like childcare. We also keep everyone up to date on the health of the business, as to alleviate any anxiety over job security.; ; We offer employees a private medical plan which includes multiple options for mental health and wellbeing support. This allows them to seek support on their own in instances where they may not feel comfortable talking with IB Boost management or HR.

Pricing

• Price: £7.50 to £50 a user a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: A free trial account can be established depending on use case with appropriate constraints on usage (e.g. limited numbers of results, non persistent reports, etc.)

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@ibboost.com. Tell them what format you need. It will help if you say what assistive technology you use.