ABM Intelligence Limited

Altia OSINT Investigator

An Internet Intelligence Investigation solution, tackling the growing volume of digital intelligence allowing more investigators to monitor and capture content from the internet. Open-Source enables investigators to capture content quickly, securely and evidentially. Data is integrated within our case management solution, Insight, or captured in an easy-to-access data repository.

Features

• Capture data securely and quickly from the internet
• Monitor internet for specific keywords (with automated capture)
• Video capture
• Non attributable hidden footprint
• Redaction
• Full audit trail
• Reporting
• Dark web
• Mobile intelligence and investigation

Benefits

• Collaborative working
• Alerts, eliminate duplication
• Evidential
• Ease of use / minimum training
• Reduce reliance on dedicated digital investigation teams
• Fully auditable
• Compliant
• Secure
• Increased efficiency

£209 to £2,980 a licence a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@altiaintel.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

193736435919927

Contact

Paul Hardman
0330 808 8600
tenders@altiaintel.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: The software is offered as a cloud solution and there are no constraints for customers.
• System requirements:
  • End-User accesses via an Internet Browser
  • Security controls enabled to permit access to the cloud service

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: An automated email is sent following the submission of a case where the user is provided with a unique case number. The case is then triaged and reviewed. Based on the priority of the call, follow-up communication will then take place between 9 to 5 (UK time), Monday to Friday. Cases raised during the weekend will be responded to on the Monday unless the service decides to take the optional out of hours support offering, in which case a response will be provided over the weekend.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: None to date
• Onsite support: Yes, at extra cost
• Support levels: Urgent (Severity 1): Interruption making a critical functionality inaccessible or a complete network interruption causing a severe impact on services availability in a production environment. There is no possible alternative. This is what you will expect from Alta. First Response (FRT) Time: 30 Minutes. Resolve within 4 hours. Periodic Updates every 30 Minutes. Pausable Update: Not Applicable. High (Severity 2): Critical functionality or network access interrupted, degraded or unusable, having a severe impact on services availability. No acceptable alternative is possible. FRT Time: 60 Minutes. Resolve within two Business Days. Periodic Updates every 4-hours. Pausable Update: Not Applicable. Normal (Severity 3): Non-critical function or procedure, unusable or hard to use having an operational impact, but with no direct impact on services availability. A workaround is available. FRT Time: 90 Minutes Resolved within the Next Major Release Periodic Update: Not Applicable Pausable Update, potentially within two days. Low (Severity 4): Application or personal procedure unusable, where a workaround is available, or a repair is possible; considered “feedback”. FRT Time: One business day Resolved within consideration for Future release Periodic Update: Not Applicable Pausable Update: Not Applicable Full details as part of the contract
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Altia has a dedicated training team that covers all products. The team also includes former law enforcement professionals who have worked in this area of Investigation. Training can be provided either on the customer site or at our dedicated training centre in Nottingham. Full user guides are also available to assist users. These are available across the entire system. Our Business Consultants also conduct process workshops to ensure the application is tailored to the organisation’s needs. At the point of go-live, Altia provides dedicated support to ensure the process is completed smoothly and that any issue raised is quickly dealt with. This can be provided on-site, remotely or a hybrid of both as required by the customer. Following go-live, Altia regularly holds User Groups where the customer can send representatives to network with colleagues as well as suggesting and agreeing product enhancements which are invariably incorporated within a future product release as part of the standard licence and support package- at no additional cost.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Naturally we would work hard with our customer in the hope that they would not seek to leave. However it is understood that requirements change and Altia will agree an exit strategy at the beginning of the contract, to provide our customers with reassurance regarding how any exit, for any reason would be managed. The exit strategy will contain the steps and activities to be taken that will lead to the cessation of service delivery to the customer. This will ensure the safe delivery of customer data, aligned to any specific customer requirements. The exit strategy documents the transfer and / or deletion of any data, the format in which it will be available for return to the Customer. Altia has a standard output format and transfer method and will deliver the data in an agreed flat file format on an encrypted Hard Drive which is usually provided and collected by the customer.
• End-of-contract process: Within 30 days or an agreed period following contract termination, Altia will provide any of the Customer's data held, in database dump format; together with associated documentary attachments to an agreed secure location. At this point the Customer's data is deleted from the cloud platform and all / any Altia group systems. As an alternative, if necessary, it may be possible to agree a "read only" access to the system data on payment of all 3rd party hosting costs and associated service management costs incurred by Altia in maintaining access to the "read only" system.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The solution is a cloud based web application that can be accessed through a number of different gateways depending on the level of security required by the organisation. The application uses a responsive web design to assist users interface with the system on a variety of devices and screen sizes via modern internet browsers.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The solution is a cloud based web application that can be accessed through a number of different gateways depending on the level of security required by the organisation. The application uses a responsive web design to assist users interface with the system on a variety of devices and screen sizes via modern internet browsers.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: None to date
• API: Yes
• What users can and can't do using the API: Users can bulk upload and download data through the API
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: Each customer is provided with a dedicated Server on the secure 3rd Party Hosting service engaged by Altia to provide the service.

Analytics

• Service usage metrics: Yes
• Metrics types: Insight provides a user Dashboard thatre ports on the status of Investigations logged on the system.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Other
• Other data at rest protection approach: VM Encrypted disk
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Altia provides a number of methods for exporting data with the easiest being a simple data extract into a standard data interchange format (DIF) of TAB Delimited Ascii Text. This DIF file can be read and imported by most commercial packages available including opening directly in Excel or can easily be converted into comma separated or any other form of delimited file. Alternatively Insight can write directly into external data tables or “staging tables” for use by other relational database products directly.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • TAB Delimited files
  • Excel
  • XML
  • To other systems via API
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Excel workbooks
  • XML
  • Other systems via API

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Osint Investigator is hosted on Microsoft Azure and has a guaranteed 99.9% availability. (subject to and excluding planned downtime) The SLA provides detail of the associated guarantees.
• Approach to resilience: Altia are a Microsoft Silver Partner. The premises used for the management of its Azure services are distinctly separate and at a distance from each of their respective data centre premises. All data centres used for this service are UK domiciled and located within secure premises. Should high availability be required, then we can offer this across the two sites detailed above. Further information is available upon request.
• Outage reporting: All pre-planned outages will be reported and identified as planned maintenance, emergency maintenance, or platform issues. In addition, Altia will proactively contact customers via e-mail and, if required, other means as appropriate and agreed.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: Altia supports Forms Based Authentication(Sign-on and Password) with a variety of configurable password policies, Active Directory(AD) Authentication with singular or multiple AD Group membership supported, Azure AD for cloud based authentication or to extend on-premise Directory Services out to the cloud as part of a federated strategy, for example in conjunction with Office365, or Open Connect(OAuth) Authentication. All of these methods of Authentication can be supplemented by Two-Factor Authentication (2FA) with a randomised token sent to a predefined mobile number
• Access restrictions in management interfaces and support channels: Customers have the option to raise a support request via telephone, email or our support portal. We will always authenticate the identity of the user by validating the information within our customer portal.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: Users must first be authenticated on the Altia network (by direct connection or by VPN connection to the network). Access to the cloud platform then requires a further logon username and password to access the management portal or VM.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Lloyds Register
• ISO/IEC 27001 accreditation date: 23/12/2005
• What the ISO/IEC 27001 doesn’t cover: 14.2.7 Outsourced development
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: Altia has a number of inter-connected governance frameworks in place which control both how the Company operates and the manner in which it delivers its services to its customers. Altia is registered to ISO27001 by LRQA, a UKAS accredited audit body, and best practice is circulated and adopted across the group. The Company is governed by an integrated suite of information security policies. Under the top level Information Security Policy itself are second-level documents with specific focus on Acceptable Use, Asset Management, Business Continuity Management, Data Protection, Password Management, and many others.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Altia has documented configuration and change management policies and processes, which have been implemented, maintained and assessed in accordance with the guidance from ourISO27001 standard and which is programmatically enforced by industry standard tools including Azure DevOps. Formal configuration management activities, including record management and asset reporting, are monitored and validated constantly, and any identified discrepancies promptly escalated for investigation. All changes will be subject to the Altia processes covering technical testing, quality assurance and user testing including review for potential security related threats prior to release.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Altia has a documented vulnerability management policy and process, which have been implemented, maintained and assessed in accordance with the guidance from our current ISO27001 standards. Where technically possible, real-time updates and status reports are identified and sourced from credible vendor sources.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Altia follows best practices for its coding, application servers and databases. The Cloud Service Provider follows the best practice from the National Cyber Security Centre, The Cloud Service Provider protects it's platforms with 24x7 enhanced protective monitoring services, vulnerability scanning and assessment. Their approach to protective monitoring at minimum meets the Protective Monitoring Controls outlined in NCSC document GPG13. It includes checks against systems events (SIEM) and network traffic analysis, including time sources, cross-boundary traffic, suspicious activities at a boundary, network connections and status of backups. Any alerts generated are logged and investigated 24x7.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Altia has a documented incident management policy and process, which have been implemented, maintained and assessed in accordance with the guidance from the current ISO27001 standard. This activity is responsible for the progression of issues identified by Altia personnel, and incidents identified and reported to Altia by its customers and partners. All incidents are promptly reported into a central ticketing system, which ensures that each is promptly assigned to an appropriate resource, and its progress tracked (and escalated, as required) to resolution.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity

  Fighting climate change

  Fighting climate change Altia are committed to keeping our carbon footprint to a minimum and have pledged to be carbon neutral by 2035. To monitor this Altia have partnered with Positive Planet to measure our carbon footprint. We were awarded Positive Planet Carbon Neutral Certification stating that our net emissions tCO2e were -77.00. ; ; Company practices support remote/hybrid working across the Group, therefore reducing the amount of carbon emissions expelled on the work commute. To promote commuting using public transport our office locations are chosen ensuring that they have easy access to public transport systems. Employee travel is monitored, and carbon emissions are off-set where possible. ; ; To reduce the amount of travel Altia encourage the use of online platforms for team and customer meetings. This platform is also used to deliver customer training, where appropriate. ; ; Altia’s company car scheme promotes that current vehicles should be replaced with Electric Vehicles when they are due to be changed. ; ; All Altia staff are provided with the opportunity to register with ‘On Hand’ which is an app which records all corporate volunteering and sustainability actions. Staff are encouraged to complete pledges within the app which will assist, not only with environmental and sustainability issues, but with activities which will benefit the person. Examples of pledges which can be made include, but are not limited to the following: ; • Using reusable shopping bags – Use a reusable bag once-a-week for a month; • Cool Clothes – Wash clothes at 30 degrees ; • Make a Clothing Donation; ; This app also allows corporate events to be uploaded so that staff are aware and can participate.; ; Altia will identify and manage ESG risks that could impact the business. ESG considerations will be integrated into the risk management framework to ensure that we are prepared for potential risks and opportunities.

  Equal opportunity

  Altia, when recruiting for roles advertises both internally and externally, encouraging personal development and promotion from within the company. We also work with external recruitment agencies and in these cases ask for applications using anonymised CVs, where possible we request that their advertising will include a gender bias decoder.; ; Altia’s growth plans will enable further recruitment of graduates from local universities as well as opportunities for work experience candidates from all backgrounds.; ; All employees at Altia are offered the opportunity to participate within volunteering opportunities within their local community, charitable causes, work experience placements, coaching & mentoring, and offering ideas for further continued initiatives.; ; To ensure that Altia are meeting the company’s requirements on recruitment monthly stats are reported into the Board.

Pricing

• Price: £209 to £2,980 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@altiaintel.com. Tell them what format you need. It will help if you say what assistive technology you use.