Safehaus Group Ltd

LEIAA: End to end ethics, compliance and regulatory investigations management platform

LEIAA: Your Investigations Command Centre. A state-of-the-art, highly secure, SaaS platform that harnesses state-of-the-art AI and automation to enable organisations to manage and conduct every stage of ethics, compliance and regulatory investigations much more effectively by maximising efficiency with LEIAA’s game-changing features.

Features

• Single interface, end to end investigations management platform;
• Leverage AI search algorithms to identify key documentary evidence fast
• Identify indicators of fraud with AI-powered document fraud detector
• Conduct game-changing in-person and automated witness interviews
• Utilise bespoke witness evidence bundle and interview outline creation tools
• Deploy investigation templates to standardise end-to-end process
• Generate automated reports and enable smart workflows, reducing administrative burden
• Integrate with leading e-discovery tools with always-on sync
• Build a collaborative ecosystem with task management and team collaboration
• ISO 27001 and SOC2 compliant

Benefits

• Save significant cost with advanced automation and Al-powered analytics
• Smart workflows and automation significantly reduce investigation time
• Make data driven decisions to ensure investigations are conducted defensibly
• Leverage state-of-the-art platform security, resilience, stability and SSO
• Enterprise firewalls, IDS, VPCs, and end-to-end data encryption
• Alleviate the strain on resource through time optimisation, maximising efficiency
• Direct-to-client reporting to provide full visibility as required
• Stakeholder trust with LEIAA's customisable ethics reporting and communication platform
• Rapid deployment, flexible configuration and implementation with customisable bespoke dashboards

£3,000 to £10,000 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ssundaram@safehaus-group.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

251553654705174

Contact

Sam Sundaram
07795290215
ssundaram@safehaus-group.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: There will be planned maintenance slots. The accessibility minimum requirements are specified where applicable.
• System requirements:
  • Wndows 8.1 or greater
  • Mac OS Monterey or greater
  • Internet Explorer 11, Microsoft Edge, Firefox or Chrome
  • Bandwidth greater than 5mbs

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Service levels for incident response and restoration are defined by priority levels and tailored to client's requirements.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: To be defined by client specifications
• Web chat accessibility testing: NO
• Onsite support: Yes, at extra cost
• Support levels: Service levels for incident management and restoration are defined by priority levels and tailored to client's requirements.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: A Customer Experience Manager is assigned to each customer and will assess, arrange and conduct all necessary training and onboarding, as well as being an additional resource to help customers with any queries or assistance they may need.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Video
• End-of-contract data extraction: Users have the ability to download or permanently delete their data through the platform. We are able to arrange for data to be copied and returned to the customer on a mutually agreed and acceptable format.; ; Once the data is confirmed as being returned, all data is wiped from our systems. Customer data is deleted within 60 days of contract termination.
• End-of-contract process: We place great emphasis on ensuring continuity of service to minimise business disruption. We will agree exit strategies and detailed plans with the client as required.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: Customisation is available and is specific to individual customer's requirements. We discuss, design and implement bespoke solutions including integrations with existing tools and existing bespoke features. We enter into a separate development agreement for these services.

Scaling

• Independence of resources: Each client has a dedicated cloud instance of their entire application so performance is not affected by addition of other clients.

Analytics

• Service usage metrics: Yes
• Metrics types: Download of a key stroke log audit directly from the platform and through discussion / bespoke reports through consultation with Customer Experience Managers
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Augmetec Ltd

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: We deploys strong AES Base 256 bit encryption on servers that holds all data. Additionally VPCs, Enterprise firewalls, Intrusion detection systems, DDoS and SQL Injection attack Protection
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be exported directly through the platform or arranging a suitable export mechanism in consultation with our customer experience managers.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • .pst
  • .TXT
  • .XLXS
  • .docx
  • .pptx
  • .pdf
  • .jpg
  • .png

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Full details can be found at https://augmetec.com/security
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Virtual Private Cloud and enterprise grade firewalls.; ; Full details can be found at https://augmetec.com/security

Availability and resilience

• Guaranteed availability: We will work with the customer to agree what is required and ensure compliance
• Approach to resilience: Data resilience is enhanced with dedicated cloud infrastructure. Further information is provided at https://augmetec.com/security
• Outage reporting: We report through a dashboard.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: Users are able log using secure SAML Single Sign On with the ability to connect to enterprise identity management accounts such as Active Directory and Google workspace. ; ; Our solution is and can be integrated with the customers Active Directory and other ID managements systems as required.
• Access restrictions in management interfaces and support channels: We have privileged level access controls that ensure only company authorised staff can access secure parts of the system This is audited.; ; Enterprise grade firewalls and intrusion detection systems ensure we are able to restrict access where required.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Insight Assurance LLC
• ISO/IEC 27001 accreditation date: 28 March 2024
• What the ISO/IEC 27001 doesn’t cover: Statement of Applicability is available on request
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: SOC 2

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: UK GDPR, HIPPA, SOC2, Cyber essentials.
• Information security policies and processes: Further information can be found at https://trust.augmetec.com

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We maintain robust version control and have a clear change management policy.; ; All changes to the software are tested, assessed and go through formal approval cycles.; ; Changes are reviewed and implemented in a controlled manner minimising the risk of negatively affecting the integrity, security and performance of the system.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Vulnerability scans are frequently performed on top of existing intrusion detection and threat monitoring systems. We also deploy enterprise grade antivirus and firewalls.; ; Where a vulnerability is identified, the severity and impact is evaluated and remediated in accordance with our operations security policy.; ; Public available information is proactively monitored and our partners in security also regularly advice us on actions necessary.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Vulnerability scans are frequently performed on top of existing intrusion detection and threat monitoring systems. We also deploy enterprise grade antivirus and firewalls.; ; Where a potential compromise is identified, the severity and impact is evaluated and remediated in accordance with our operations security policy.; ; Public available information is proactively monitored and our partners in security also regularly advice us on actions necessary.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Please see TRUST.AUGMETEC .COM for our incident management and response procedures.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Tackling economic inequality

  We encourage employment and training opportunities where ever possible. We have internships and coaching for those that need it to strive for better jobs and quality of life.; ; Our CSR work with local charities ensure we play a part to support those that need it within our community.; ; One of our Director commits to 20 % of his time to voluntary services locally.

  Equal opportunity

  We continue to ensure equal opportunities for all that work for the company and those around our work. We encourage this with training and development work. We have inclusion as a core value and ensure we have a diverse workforce that reflects the diversity of our customer base and the community we operate in.

  Wellbeing

  We take the wellbeing of our staff very seriously. In all areas of work we use team building days, coaching and mentoring [where required] to support staff. Our social activities and interactions with charities as part of our CSR work are all means to ensure a balanced lifestyle and general wellbeing of the staff.

Pricing

• Price: £3,000 to £10,000 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We can agree the scope of a pilot programme in respect of nature of service and duration.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ssundaram@safehaus-group.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.