MISCO TECHNOLOGIES LIMITED

Crypto Analysis

Explore. Investigate. Take Action. Reactor is the investigation software that connects cryptocurrency transactions to real-world entities. Examine criminal activity, such as the movement of stolen funds, as well as legitimate activity like flash loans and NFT transfers

Features

• Reporting
• Forensic Tracking
• SOC 2 Certified
• Comprehensive Scanning
• Real time Scanning

Benefits

• Understand real world activity
• Follow the money
• Trace transactions across blockchains
• Build a narrative to present your case

£10,500 a user a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at kerryo@misco.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

284293303039926

Contact

Kerry O'Halloran
07722029727
kerryo@misco.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: There are other modules which include; Transaction Monitoring for compliance; Cryptocurrency benchmarking for risk analysis; Market Intelligence for investors; Customer intelligence module
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements:
  • Access to the internet
  • Access to a Firefox / Chrome browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response within 4 hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: There is a technical account manager available for users to help resolve issues quickly
• Web chat accessibility testing: N/a
• Onsite support: Onsite support
• Support levels: We can provide Mon / Fri 9am -6pm UK local time; there is an option to upgrade to 24 x 7 x 365 on Gold and Platinum support upgrades; this is dependant on the number of users
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: User documentation available
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: We do not hold customer data. This is controlled by the customer at all times. So no data extraction is required
• End-of-contract process: The solution is cloud based, so at the end of the contract, it will cease to work. You have the option to remove the software from devices. The solution is priced on a per device and per software bridge basis. You are charged on a monthly basis (i.e. pay as you use model) one month in arrears. You only pay for the devices or bridge that are being used. You can choose to add or remove devices on an ad-hoc basis, and you are charged for those devices that are on the cloud portal. You are able to generate automated reports which will give you details of what has been used in the previous month.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The application scales to improve user experience when accessing from a mobile device
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: Advice on configuring through API can be given through our technical help desk
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: This is a dedicated resource , with built in scaling and N+1 availability shared across datacentres

Analytics

• Service usage metrics: Yes
• Metrics types: User access , Search activity
• Reporting types: Reports on request

Resellers

• Supplier type: Reseller (no extras)
• Organisation whose services are being resold: Chainalysis

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: As we do not hold any data, there is no data to export
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.9% availability
• Approach to resilience: N+1 availability across multiple Datacentres
• Outage reporting: Via a dedicate email to System Admins

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Password enforcement and 2FA
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: CDL Group Ltd
• ISO/IEC 27001 accreditation date: 29/11/2023
• What the ISO/IEC 27001 doesn’t cover: N/a
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: There is and Information Security Policy within Chainalysis, and it is made available to staff. In order to protect our internal policies and customers we no longer share these documents externally. Further information can be given under Non Disclosure

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We focus on process improvement, risk mitigation, stakeholder communication, performance monitoring, project budgeting, quality assurance, resource allocation, time management, scope definition, and issue resolution.; Any changes made to the software is carefully tested on isolated platforms to ensure that changes made have a positive impact on updates. These are then documented, before any changes are made to the live platform. Customers are then notified of changes on their portal, and version release documents is also provided to show changes made, benefits to users.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: We use Greenbone.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: This would be use of Greenbone will alert the team for immediate response.
• Incident management type: Supplier-defined controls
• Incident management approach: We have an internal process defined for incident reporting.; Reports are made directly to our security and compliance team from internal or external sources.; Each incident will be assessed based on severity and impact.; reports will be provided for incident will feature time / date of incident; Severity , sensitivity of data and level of impact.; Severity ratings range from 1-4 with severity 1 incidents on a 1 hour to respond SLA regardless of customers support level

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity

  Fighting climate change

  Our solution is designed to be run as a software only platform, so that no additional hardware is required thus having a carbon neutral impact. Our solution is designed as work from home solution, and positively helps customers with their own Covid 19 solutions. We are an equal opportunity employer and staff, irrespective of gender are paid the same for the same job.

  Covid-19 recovery

  Our solution is designed to be run as a software only platform, so that no additional hardware is required thus having a carbon neutral impact. Our solution is designed as work from home solution, and positively helps customers with their own Covid 19 solutions. We are an equal opportunity employer and staff, irrespective of gender are paid the same for the same job.

  Equal opportunity

  Our solution is designed to be run as a software only platform, so that no additional hardware is required thus having a carbon neutral impact. Our solution is designed as work from home solution, and positively helps customers with their own Covid 19 solutions. We are an equal opportunity employer and staff, irrespective of gender are paid the same for the same job.

Pricing

• Price: £10,500 a user a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Demo licence for testing purposes up to 90 days

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at kerryo@misco.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.