BROADSTONES SOLUTIONS LTD

AI Data Intelligence, Analytics, and Automation

Our unique discovery platform works alongside you, using AI to serve relevant information and insight swiftly and securely. Whether you’re complying with GDPR, using enterprise search, decommissioning legacy platforms, or getting the most accurate data science insights, our insight engine adapts to your needs. Financial Times-recognised top UK management consultant.

Features

• Enterprise Search, Extractive and Generative AI Support
• Content Discovery including Legal Discovery
• Content Analytics
• GDPR and PCI Risk Dashboarding and Mitigation
• Document Summarisation
• Topic Extraction
• Business Metadata Navigation
• Subject Access Request and Right to be Forgotten Handling
• Intelligent Data Cataloguing
• Top UK management consultancy as per the Financial Times.

Benefits

• Find content across multiple sources quickly and easily.
• Find data alongside documents in one search.
• Remove manual effort and error in document metadata classification.
• Classification and Enrichment of data automatically according to rules.
• Automate migration to, from and between cloud storage.
• Provide access to unstructured data for data science queries.
• Reduce data science engineering time.
• Accelerate productionisation of data science models.
• Decommission legacy data and content platforms.
• Visualise information in time-series, list, map and chart formats.

£302.50 to £2,420 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@broadstones.tech. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

299626119748052

Contact

Gary Henn
07730822197
sales@broadstones.tech

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: No significant constraints.
• System requirements: Requires either Windows or Linux operating systems.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: P1 - 30 Minutes P2 - 2 Hours P3 - 4 Hours P4 - 8 Hours Within UK business hours.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Please contact for more information.
• Onsite support: Yes, at extra cost
• Support levels: Support is provided by our UK based service desk and by dedicated DevOps engineers. We provide support at 10% of the license cost (note that example license pricing provided here includes this 10%). DevOps engineers are aligned to specific customers and provide personalised support.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: There are two sets of users that are involved in the Insight Engine onboarding process; Insight Engine administrators (i.e. those responsible for administering the Insight Engine service for their respective organisation), and end users (i.e. those who will use the service to perform their role). For Insight Engine administrators, user friendly, high quality documentation and guidance materials are provided and cover the following areas: installation, configuration, testing, and security. FAQ’s and help pages are also available. Knowledge articles and demonstration materials exist for core Insight Engine Applications designed to educate and raise awareness to end users with an engaging overview of what the platform functions are, for what purpose, and how these can be used. Moreover, user experience is a core focus for all Insight Engine product development efforts, ensuring the service is as intuitive and easy to use as possible. End users and administrators also have access to an online Insight Engine community whereby knowledge articles are shared. This also exists as a forum for sharing questions and getting in touch with dedicated Insight Engine experts who are on hand to offer best practice guidance and advice. A full 3 week bootcamp is available.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: The service does not hold the original data, it's simply an index of the text from the source, therefore there is no need to extract the index. The index may be enriched with metadata by Insight Engine , or by users of the software. This information can be provided at the end of the service term in CSV format as part of the service close down. There is no charge for provision of this information.
• End-of-contract process: At the end of the contract, Insight Engine components and Elastic will be uninstalled and all access to applications revoked. ; ; Elastic components will be removed from the instance: ; ; - The Elastic instance will be closed down and the data held will be deleted. ; ; - Customer can retain all main indices within Elastic in CSV format. These exports contain the indices, the data outputs from the crawling and enrichment, text content and specify any classification applied to documents. ; ; Data can be exported using a CSV export utility that will output the attributes of documents enabling the administrator to select what attributes to be exported : ; ; - Elastic nodes will be closed down and removed from any servers it is installed. - Elastic service will be closed down ; ; - Kibana service will be closed down ; ; The Insight Engine components that will be removed include: ; ; Insight Engine Logs: ; ; - Log production will cease ; - Historic Insight Engine logs will be deleted ; ; Insight Engine services that will be uninstalled: ; ; - Insight Engine Source Agent ; - Insight Engine Enrichment ; - Insight Engine Security ; - Insight Engine Content ; ; Agent Applications made inaccessible: ; ; - Insight Engine ; - Kibana

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The web interface is fully responsive to the client form factor.
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: The service provides two APIs, the Search API which can be used to build applications (e.g. Low Code) applications that interface with the service, and the Data Science API (a licensed module) that allows full access to the service for analytics and reporting purposes.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The branding, colour scheme, data sources and data enrichment processes can all be customised. This customisation is carried out by Aiimi's DevOps engineers.

Scaling

• Independence of resources: The application is scaled according to data volume and user load. Discovery loading is multi-threaded and can be scaled up and down to avoid impact on other services and users. Customers are segregated at Hypervisor level and allocated dedicated resources appropriate to their expected usage.

Analytics

• Service usage metrics: Yes
• Metrics types: The application provides an interface for service analytics which provides the following metrics: - Page popularity - Volume of users by month and by function - Volume of searches - Search performance - User feedback - Usage by department - Search term usage
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Aiimi

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Data can be exported in JSON format on request to our DevOps engineers by raising a ticket through the support desk. Data can be exported by end users by adding records to a collection and then using the Export functionality within the UI to create a CSV extract,
• Data export formats:
  • CSV
  • Other
• Data import formats: Other

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: If hosted in Azure, Google or Amazon datacentres, we provide a 99.99% uptime SLA for the application (agreed maintenance windows excepted). The solutions ability to crawl new source data or to be accessible from the customer network is covered to the perimeter of the Aiimi provided facility, e.g. we do not provide an SLA for customer network connections. Customers receive support service credits when SLAs are not met.
• Approach to resilience: Insight Engine can be provisioned in Azure, AWS and GCP environments as well as on-premises, each with similar approaches to resilience. An Aiimi implementation will include best practice resilience measures, including taking advantage of geographical and in-datacentre resilience features provided by the datacentre. Examples include ensuring that multiple machines are used to support the service, each patched and maintained at different times and with independent power, cooling and network connections. The service itself makes use of stateless connections, load balanced web application servers and sharded indexes. Background activities such as source system crawls and metadata enrichment processes can run on any available server, providing resilience for back-end services. The resilience approach appropriate to your chosen infrastructure provided will be discussed prior to implementation.
• Outage reporting: We routinely monitor the health of our elasticsearch cluster through Kibana Monitoring to ensure that the cluster is in a healthy state and performing as expected. Aiimi will also monitor dashboarding offered by cloud providers e.g. Google Stackdriver Monitoring or Azure Monitor. These dashboards allow us to track the performance of our hardware and software in real time. E-mail alerts are also setup to notify Administrators, should any metrics exceed pre defined thresholds.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: The Insight Engine uses domain independent authorisation for management and support interface access. These logons only allow access to the management interfaces and full audit is recorded for all management actions. A starters movers, leavers process is used to control and audit who is authorised to access systems and this is provided on a 'need to know' basis rather than access being granted to all support and service staff to all systems.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 22/11/2022
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: Our policies cover various aspects of information security, including data classification, access control, encryption, incident response, and regulatory compliance.; ; Our reporting structure includes designated Information Security Officers (ISOs) responsible for overseeing the implementation and enforcement of security policies across the organisation. They work closely with departmental security leads and compliance teams to ensure alignment with industry standards and regulatory requirements.; ; To ensure policies are followed, we conduct regular security awareness training for all employees to educate them about their responsibilities and best practices for information security. We also perform periodic audits and assessments to evaluate compliance with security policies and identify areas for improvement.; ; Additionally, we employ technical controls such as intrusion detection systems, access controls, and encryption mechanisms to enforce security policies and mitigate risks. Incident response procedures are well-defined, with clear escalation paths and protocols for reporting and resolving security incidents promptly.; ; Continuous monitoring and review mechanisms are in place to track adherence to security policies and address any deviations promptly. By maintaining a robust framework of policies, processes, and controls, we uphold a strong security posture and foster a culture of vigilance and accountability across the organisation.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Instances of Insight Engine hosted by Aiimi will be commissioned on Azure infrastructure in a customer resource group and the change management approach for that instance will be agreed with the customer. Based upon a template that defines the annual maintenance windows, KPIs, SLAs, RPO and RTO for the instance, change management activities will be governed by those requirements. Application releases and code components are managed in GitHub and all releases are penetration tested in-house on QA environments and again when released to a customer environment.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Aiimi deploys two key mechanism for assessing threats to the application. First is a peer code review by developers trained in secure software development. Training is provided by KnowBe4. The second is through the use of AppCheck to perform vulnerability scans on internal deployments of Insight Engine. These are performed monthly and the output reports are fed into the development backlog. Patches to security issues are immediately prioritised for development and can be released outside the standard release cycle. High risk security patches are applied by our DevOps team within two days of being issued, or according to customer schedule.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Protective monitoring is only commissioned by Aiimi where we host the application on our customer's behalf in Microsoft Azure datacentres. We use Microsoft Antimalware for Azure Cloud Services and Virtual Machines to identify compromises. Aiimi responds within 30 minutes to an alert, whether that is a potential compromise or an incident.
• Incident management type: Supplier-defined controls
• Incident management approach: The Aiimi Service Desk processes are determined by the Incident Management tool in use and based on the ITIL V3 framework. Incidents are logged, classified, categorized, prioritized, assigned for investigation and investigated until resolved. Customers log incidents via a dedicated email address, a dedicated landline phone number or an on-line portal. Routine events are handled through scheduled maintenance windows. Recurring issues are logged as Problem tickets for root cause analysis. Periodic reports are generated using the Incident Management tool and used by customers and internal teams for trend analysis, performance review and continual service improvement.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Broadstones has funded the planting of 2,769 trees and creation of 41 sustainability projects this year (as of May 2024 via Ecologi).

Pricing

• Price: £302.50 to £2,420 a unit a day
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@broadstones.tech. Tell them what format you need. It will help if you say what assistive technology you use.