Unify Business Solutions Limited

Prisoner In Cell Solution (PICS)

The Unify PICS Solution is designed to provide simple cost-effective access to Applications or Resources from either Unify PICS Terminals or Handheld devices. User Applications available via the system are presented as “Tiles” on the lobby screen.

Features

• User Lobby
• Cost Effective In Cell Solution
• Third Party Content Support
• Safe & Secure
• In Cell Education Facility
• Safe and Secure Smart Messaging
• Access to CMS & NOMIS

Benefits

• Access to prisoner content
• Safe contact with families

£1.50 a device a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at kbean@unifybusiness.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

277921153825880

Contact

Keith Bean
01246811882
kbean@unifybusiness.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: NOMIS and CMS
• Cloud deployment model: Public cloud
• Service constraints: No constraints
• System requirements: Internet access is essential

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 4hrs
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Support for the PICS solution is 24/7/365 due to the environment the solution is designed to be installed in. The cost of the support is included in the manage service price. Responce times are 4hrs responce and 8 hrs fix.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onsite training will be provided along with user documentation. Users can include prisoners/detainees and also staff to administrate the service.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: All data remains accessible via the API at the end of the contract. Furthermore, direct database access can be provided on request
• End-of-contract process: Included in the pricing would be the decommissioning of hardware products, excluding cabling. Software services would end with the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Service interface is to administrate users of the PICS system and also to administrate the system. The interface is a major part of the solution and will be required.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Testing is conducted on a regular basis along with new tests once a change is made to the existing firmware.
• API: Yes
• What users can and can't do using the API: Every data point in the system e.g. user data, prisoners numbers etc, is administrable through the API. The prisoners screen can be administered via the API.; Overall this means the entirety of a system endpoint (administrative, in-cell) could be replaced by a user-built alternative if required.; There are no limitations to the API, all system functions are abstracted through the API.
• API documentation: No
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: By providing dedicated hardware we can affirm in advance the maximum concurrent capacity of the system. This would mean that users engaging the system at or beyond it's concurrent limit would be denied access to the system thus preserving function for the current users.

Analytics

• Service usage metrics: Yes
• Metrics types: Concurrent and user usage data.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Less than once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: API endpoints expose all system data as JSON formatted messages. The Unify client allows export of system data is desktop file formats
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: SLA's are agreed in consultation with the customer and service availability is similarly a product of discussion around security risk tolerance with regard to patching and associated downtime.; We typically achieve in excess of a 99.9% up time
• Approach to resilience: In broadly generic terms all pieces of equipment are deployed alongside one or more failover counterparts. All pieces of equipment are automatically monitored for health and their redundant counterparts take control unbidden
• Outage reporting: Private health monitoring of low-level system health is available to Unify, high-level system health data is available to the user through our maintenance utility.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: LDAP authentication is used to control access to our management interface by integration with the customers own active directory infrastructure
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 20/10/2021
• What the ISO/IEC 27001 doesn’t cover: Our ISO 27001 certification is complete as per the 2017 standards
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Unify are ISO 9001 and 27001 accredited along with CE and CE Plus accredited.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Change is requested, requester, change details, impact, testing and rollback procedures are logged. Approval required by both the customer and Unify before change is carried out. All changes tracked in a change log.; Changes are assessed for security implications at the time of request and dealt with accordingly
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: All inbound network traffic is restricted based on endpoint and port and deviations from these are reviewed for their threat level.; We periodically assess the contents of the firewall logs to check for new vulnerabilities and/or threats.; We have a scripted rolling rebuild on a cycle agreed with the customer to suit their downtime tolerance. This rebuild process always delivers an up to date system and thus negates entirely the risk of patching and associated testing overheads.; Information regarding potential threats comes from a trusted security partner.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We periodically check firewall logs to identify potential compromises, along with file integrity of each component of our system.; Our response would be tailored to the customer's specific wishes, but taking into account the nature of the potential compromise and the degree of risk associated with it.; Customers would be notified immediately of a system compromise.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We ascertain the number of individuals affected, the type of data involved and the impact on the particular system(s).; Incidents are reported to the Directors of the business. The report includes full details of the incident including the person reporting, type of data involved and if the data relates to individuals (and if so how many).; An investigation is conducted by a designated individual who creates a formal incident report which depending on the type of incident is either filed internally or sent to the appropriate customer.; We have pre-defined processes for common events.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Wellbeing

  Fighting climate change

  Unify are ISO14001 accredited and we are constantly monitoring and trying to improve our recycling.

  Wellbeing

  Unify provide access to a 24hr mental health helpline funded by Unify and provided by a third party medical provider.

Pricing

• Price: £1.50 a device a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at kbean@unifybusiness.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.