Hubstream Inc

Hubstream ONE

The Hubstream platform combines investigative case management, analysis and visualization, and customizable workflows into one easy-to-use product.

Features

• Investigative case management
• Flexible data model that is easily customized
• Task and team management
• Data visualizations including link analysis, timelines, geospatial
• Workflow automation
• Interactive dashboards
• Data import from email, spreadsheet upload, API
• Role-based and attribute-based security
• AI capabilities for computer vision, natural language processing
• Entity extraction, linking, matching

Benefits

• Manage the deluge of data coming into investigative teams
• Improve investigator productivity with workflows and automation
• Bring automated data visualizations directly into the investigative process
• Extract information from documents, text, and media for linking
• Reduce the impact of content with investigator harm reduction features
• Customize the data hub to matching your evolving requirements

£1,300 a user a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at john.hancock@hubstream.net. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

342312986533963

Contact

John Hancock
+1 425 608 0712
john.hancock@hubstream.net

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: None
• System requirements: Modern browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Priority 1 (Errors that cause a critical functionality of the software to not operate, affects all users, has a significant business impact); 2 hours followed by updates every 4 hours; ; Priority 2 (Error that causes service degradation, affects a significant percentage of Client’s users and has a moderate business impact): 8 hours followed by updates every 4 hours; ; Priority 3 (Error that is limited in scope, only affects a small percentage of Client’s users, and has a minimal business impact, or an error or other issue not constituting a Severity 1 Error or a Severity 2 Error): Next business day
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: We use ZenDesk for support, see https://www.zendesk.com/company/agreements-and-terms/accessibility/
• Onsite support: Yes, at extra cost
• Support levels: Premium and Enterprise subscriptions include a Customer Success Manager to assist with ongoing configuration and assistance.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: A Customer Success Manager will onboard new customers with an online session to help select and configure a template for the new investigative hub. For users, the application includes an "Explore Your Hub" experience to help them get started with videos, documentation and shortcuts to common features.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Data can be downloaded using the application user interface, as a series of zip files that includes structured data as XML files, and unstructured data as attached documents and media.
• End-of-contract process: If a customer elects not to continue with a subscription, at no additional cost they are able to download their data and notify Hubstream when complete so that the service can be decommissioned.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: User experience on devices is optimized for mobile
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Web-based application
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Testing via accessiBe
• API: Yes
• What users can and can't do using the API: Users (with appropriate permission) can query data, update data, import and export data. They cannot configure the service through an API.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Hubstream ONE can be easily customized to match investigative teams' requirements, starting from a growing catalog of templates based on best practices from a range of domains. All aspects of the system can be customized using the application UI, including data model and workflows.

Scaling

• Independence of resources: Each customer is deployed in separate resource groups

Analytics

• Service usage metrics: Yes
• Metrics types: All user activity is logged in the audit trail and available for reports/dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export their data by sorting/filtering the relevant entities and then choosing "Download as CSV". They can also download specific entities (such as a complete investigation) as a zip file including structured data as XML/JSON and unstructured attachments.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XLSX
  • XML
  • JSON

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The service includes a service level agreement with a Monthly Uptime Percentage target. In the event that the uptime percentage levels are not met, the customer can receive a credit against their next annual subscription that is related to the monthly uptime (25% credit for <95%, 50% credit for <85%, 100% credit for <80%)
• Approach to resilience: Hubstream is built on native Microsoft Azure services, and leverages Azure features to maintain high levels of availability.
• Outage reporting: Customer Success Manager will alert customer via a pre-agreed secure channel

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: Access is restricted to authorized users via role membership
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: SOC2

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: SOC2
• Information security policies and processes: Hubstream is independantly SOC2 certified

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Changes to the organization, business processes, information processing facilities, and systems that affect information security in the production environments shall be controlled. All significant changes to in-scope systems are documented, including:; • Processes for planning and testing of changes, including remediation measures; • Documented approval and authorization before proceeding with changes that may have a significant impact on information security, operations, or the production platform; • Advance communication of changes, including schedules and a description anticipated effects, provided to all internal and external stakeholders; • Documentation of all emergency changes and subsequent review; • A process for remediating unsuccessful changes
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: External vulnerability scans shall be run on the production environment at least quarterly. Interior vulnerability scans shall be run against test environments which mirror production configurations.; Penetration tests of the applications and production network shall be performed at least annually. Additional scanning and testing shall be performed following major changes to production systems.; The IT and Engineering departments shall evaluate the severity of vulnerabilities, and if it is determined to be a critical or high-risk vulnerability, a service ticket will be created. Tickets are assigned to the system, application, or platform owners for further investigation and/or remediation.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Production infrastructure is configured to produce detailed logs appropriate to the function served by the system or device. Event logs recording user activities, exceptions, faults and information security events are produced, kept and reviewed through manual or automated processes as needed. Appropriate alerts are configured for events that represent a significant threat to the confidentiality, availability or integrity of production systems or Confidential data. Incident response times are based on severity.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Hubstream has an Incident Response Plan for managing information security incidents and events, and offers guidance for employees or incident responders who believe they have discovered, or are responding to, a security incident. Users report incidents via support portal, email or via pre-arranged secure channel with Customer Success Manager. Incident reports are delivered by CSM via secure channel.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Leverages Microsoft Azure which reduces environmental footprint due to efficient data centers.

Pricing

• Price: £1,300 a user a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at john.hancock@hubstream.net. Tell them what format you need. It will help if you say what assistive technology you use.