Phonehub IO Ltd

Phonehub Advanced Contacts Manager

Secure intelligent system to identify, authenticate, and manage prisoner contacts. Designed to reduce resource requirements, improve security and public protection, and improve family contact. Integrates with HMPPS systems.

Features

• Integrated prisoner contacts management system.
• Intelligent risk management.
• Process customisable at establishment or prisoner level.
• Real-time status dashboard.
• Secure two-factor authentication for prison staff.
• Integrates with phone system.
• Maintains full audit trail.
• Automatic telephone number classification.

Benefits

• Significantly improves security and public protection around prisoner contacts.
• Reduces resource requirements.
• Facilitates stronger family ties and reduced stress.
• Increases efficiency of prisoner communications.
• Helps compliance with Strengthening Prisoners’ Family Ties Policy Framework.
• Enables establishments to comply with PSI 04/2016.

£0.10 to £0.20 a transaction

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at alex.redston@phonehub.io. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

337311455325874

Contact

Alex Redston
01603340589
alex.redston@phonehub.io

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements: Compatible with PIN system and NOMIS.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: During business hours we aim for a 2-hour response time.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: None.
• Onsite support: Yes, at extra cost
• Support levels: Phone and email support goes directly to both technical and customer service team. All queries responded to rapidly. Technical support available within similar timeframes.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Setup and process documentation is provided for prison staff and management. Video training is provided for relevant staff. On-site training is provided at extra cost.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Prison staff can ask our team for a complete data download.
• End-of-contract process: The data stored in the service will remain accessible on a read only basis for a period of 90 days unless written instructions are provided requesting that the data is removed. After 90 days the data for that establishement will cease to be accessible over the API or web interface.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Users interact with the service via a secure dashboard.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We have tested it with users of assistive technology.
• API: No
• Customisation available: Yes
• Description of customisation: Buyers can request customisation of the vetting process employed at particular establishments, for particular populations of prisoners.; ; Further details on request.

Scaling

• Independence of resources: We use capacity planning to ensure that there is dedicated and reserved capacity within our cloud services for user demands. This completely eliminates resource contention issues.

Analytics

• Service usage metrics: Yes
• Metrics types: Volume of numbers checked.; Number of call diversions identified.; Number of contacts added.; Response rate of contacts.; Contacts per prisoner.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Prison staff can export data in spreadsheet or CSV format at any time from the dashboard.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats: Excel
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • Excel
  • Manual input

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99.9% uptime. Any vetting attempted during downtime will be vetted free of charge.
• Approach to resilience: Available on request.
• Outage reporting: Email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Two-factor authentication required to access management interfaces and support interfaces.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Lloyds Register
• ISO/IEC 27001 accreditation date: 05/07/2021
• What the ISO/IEC 27001 doesn’t cover: None of our business activities are not within the scope of our ISO 27001 certification. Our statement of applicability excludes outsourced software development, which we do not engage in. All development is done in-house.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Security Metrics
• PCI DSS accreditation date: 26/01/2020
• What the PCI DSS doesn’t cover: N/A
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Information available upon request.
• Information security policies and processes: Information available upon request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes to our applications and environment are conducted iteratively and tested on in-house staging environment and are shared amongst all staff including entire development team and directors before implementing in live environment to ensure relevant concerns are addressed. Changes are then deployed to small batches of users for testing before being rolled-out globally.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: For known product vulnerabilities we regularly apply all operating system and software updates.; ; Daily automated third party vulnerability scanning using tenable.io
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Pervasive security controls with Next Generation Antivirus (NGAV); Endpoint Protection and Response (EDR); and Threat Graph.
• Incident management type: Supplier-defined controls
• Incident management approach: We have automated monitoring systems to detect when any of our services go offline which alert engineering team via SMS and email. Our systems are continuously being improved to remove the causes of any recurring issues.; Users can report incidents by email, SMS, or phone.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Climate change is something of great importance to Phonehub IO Ltd and we endeavour wherever possible to select partners who share these same values. For example, we have selected Google as our primary cloud provider, as they are committed to achieving net-zero emissions across all of their operations and value chain by 2030 and their UK operations are on track to operate at or near 90% carbon-free energy in 2025. Similarly, we chose Amazon Web Services due to their commitment to using 100% renewable energy and their goal to achieve net-zero carbon emissions by 2040. ; ; Closer to home, we also encourage all of our team members to cycle and/or walk to work wherever and whenever possible. This not only lowers our carbon footprint, but helps encourage physical activity that is important for both physical and mental wellbeing.

  Covid-19 recovery

  Phonehub IO develop and promote local employment opportunities to support those made redundant and struggling with unemployment following the pandemic. Additionally, we work with local companies wherever possible and commit to identifying opportunities where we can support local innovation and economic recovery following Covid-19.

  Tackling economic inequality

  Phonehub IO Ltd offers all members of our team opportunities to learn new skills and encourages them to take advantage of one another’s expertise and training materials to boost their own skillset within a collaborative and supportive environment.; ; Furthermore our applications are all aimed at helping prisoners and their families communicate more effectively. This directly supports the wellbeing of this disadvantaged group which has a positive impact on family ties, reducing re-offending, and in turn supports their future prospects for life outside the criminal justice system.

  Equal opportunity

  We prevent bias within employment by offering equal opportunities for vulnerable and disadvantaged groups; and never discriminating against any protected characteristics such as gender, race, religion, sexual orientation, disability, pregnancy, or maternity/paternity.; ; We work with prisons to create employment opportunities for prisoners in appropriate risk assessed positions.; ; We seek to employ neurodiverse individuals who face specific challenges in mainstream employment. The benefit is mutual, unlocking the hidden potential and unique perspectives of individuals with autism.; ; We provide an inclusive workplace, supporting our LGBTQ+ colleagues.

  Wellbeing

  In today's fast-paced and highly pressurised tech industry, where innovation and productivity are crucial, the well-being of our team is at the forefront of our agenda and we endeavour to support all facets of their wellbeing. We encourage all members of our team to promote their physical and mental wellbeing by walking or cycling to work. ; ; We also support social and intellectual wellness by encouraging our team to work collaboratively and gain insight into new ways to expand their knowledge and skillset. Communication and collaboration are at the core of how we operate and we are, not only, committed to empowering one another to be share ideas and ask questions, but embrace individual failure as an opportunity to learn and grow.; ; As a tech company, we understand the personal growth and continuous learning of our developers is an invaluable investment for their wellbeing. When a new developer joins our team, we nestle them in a supportive and friendly group of peers who can guide them and support them in their growth and development and ensure they feel secure and confident in their role.

Pricing

• Price: £0.10 to £0.20 a transaction
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Basic tier is free of charge.; Advanced tier has a 60 day free trial including up to 150 contacts.
• Link to free trial: https://vetting.phonehub.io

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at alex.redston@phonehub.io. Tell them what format you need. It will help if you say what assistive technology you use.