Internet Investigation Solutions Ltd

Blackdot Videris OSINT Investigations Software accessed via the Long Arm® Platform

Videris OSINT platform enables users to conduct OSINT investigations faster and more accurately and identify hidden connections and risks. Collect, analyse and visualise Open Source Intelligence and combine with internal data. Videris is used by government agencies and law enforcement to transform efficiency and effectiveness in OSINT investigations.

Features

• Search across 100+ live OSINT data sources simultaneously
• Automated data filtering and categorisation
• Data and network visualisation on a chart
• Automate manual tasks like collection and plotting data on visualisations
• Automatic evidential source capture
• Controls investigators’ online footprint when browsing and collecting data
• Supports any language and script
• Optional integration with internal or additional data sources
• Multiple deployment options, remote access available
• Service benefits

Benefits

• 5x productivity improvement by accessing all data within one platform
• Find the right information amongst large volumes of internet data
• Understand networks faster and spot connections you wouldn’t have otherwise
• Spend less time on manual collection and more on analysis
• Never lose evidence, even if it’s removed from the internet
• Stay secure and avoid revealing your identity to malicious actors
• Gain unrivalled ability to collect and analyse social media data
• Enrich internal data with live internet data for new insights
• Fast time to value with world-class training and support
• Increased effectiveness through collaborative team working

£6,000 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contracts@ii-solutions.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

355600507879698

Contact

Claire Pickup
0344 247 0115
contracts@ii-solutions.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: None
• System requirements:
  • A computer with internet access
  • An up to date Microsoft Edge, Chrome or Safari

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 24 hours (excluding UK bank holidays and weekends)
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Full technical support is provided throughout the licence term. A technical account manager is designated to each client.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Full user training provided onsite and online as required. Full user documentation provided. Additional training provided throughout the licence term.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Users can remove their data to their own or third party systems in a number of formats including JSON, CSV, PDF.
• End-of-contract process: There are no additional costs at the end of the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Full investigations platform including network analysis, search and reporting visualisations.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: An accessibility audit was undertaken by an independent organisation.
• API: Yes
• What users can and can't do using the API: Users can push and pull data.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Data sources can be added by the client or the supplier.

Scaling

• Independence of resources: The architecture is designed with a focus on resilience. This configuration has been rigorously tested across a range of scenarios to confirm its robustness in high-pressure situations. This includes failover mechanisms, redundancy systems, and disaster recovery protocols in a cloud-hosted setting.

Analytics

• Service usage metrics: Yes
• Metrics types: User level data including full usage statistics.
• Reporting types: Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Blackdot Solutions Ltd

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Videris users can export their data in various formats including PDF, JSON, CSV and through the Videris import/export API.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats: JSON

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The minimum overall Service Availability uptime for Videris is 99.5%. The client is entitled to financial credits if this is not met, subject to contract.
• Approach to resilience: We use multiple availability zones and industry-leading resiliency technologies. More information is available on request.
• Outage reporting: Email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access is provided on a least privilege model. MFA is utilised where possible. Videris offers SSO via SAML with IAM systems or role-based access controls with Keycloak IAM in AWS.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: SGS United Kingdom Ltd
• ISO/IEC 27001 accreditation date: 23/07/2023
• What the ISO/IEC 27001 doesn’t cover: N/a
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Penetration test performed by a CREST-accredited security testing company

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Information security policies are centrally managed and reviewed by management annually. All staff complete annual training on key topics and are aware of their requirements to ensure that we maintain compliance.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Blackdot Solutions follows ISO27001 best practices regarding change management. Our ISO27001 Information Security Management System documentation outlines our approach to change management. All changes are planned, logged, reviewed by senior engineering managers and tested for both stability and security before being promoted to any Production environment.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our ISO27001 Information Security Management System documentation outlines our approach to the management of technical vulnerabilities in our software. We commission a penetration test by a CREST-accredited third-party after every major change or every 12 months. Any vulnerabilities discovered during a penetration test are immediately assessed and ticketed for remediation. Updates can be distributed to all customers rapidly (hours) and customers can choose to enable automatic security patching if they prefer.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Blackdot Solutions monitors access patterns, usage levels and errors for abnormal activity across our services. Alerts are generated for our Operations and Information Security teams and a response is actioned. If required, updates can be distributed to all customers effectively immediately.
• Incident management type: Supplier-defined controls
• Incident management approach: All incidents are reported and managed in accordance with the Incident Response Policy. Incidents are investigated and appropriate actions are taken to remediate and control any identified risk. Post-incident retrospectives are held and findings are communicated. All efforts are taken to reduce the likelihood of future incidents. Users can report suspected incidents to our Technical Support team.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Blackdot Solutions is committed to achieving Net Zero emissions by 2035 at the latest. A Carbon Reduction Plan is in place to help us achieve this goal. All employees are encouraged to think about their impact on the planet and play an active role in reducing their own emissions by reducing energy usage, water consumption and recycling responsibly both at home and in the office. Our Carbon Reduction Plan is published on our website and can be viewed here: https://blackdotsolutions.com/wp-content/uploads/2023/11/PPN-0621-Carbon-Reduction-Plan-BDS-1.pdf

  Equal opportunity

  Blackdot Solutions is committed to promoting equality and respect for all individuals, regardless of their race, gender, age, religion, sexual orientation, or any other characteristic. We stand against all forms of discrimination and inequality. In line with this commitment, we are dedicated to ensuring that our business practices, as well as those of our suppliers and partners, rigorously oppose modern-day slavery, human trafficking, forced labour, and any form of exploitation. We pledge to conduct regular audits and implement stringent controls to ensure that our supply chains and business operations are free from unethical practices. Every employee and business partner is expected to uphold these principles, contributing to a fair, equitable, and ethical working environment.

  Wellbeing

  Blackdot Solutions is committed to practicing Corporate Social Responsibility (CSR) as part of our business ethos. This extends beyond profits and encompasses a dedication to ethical business practices, environmental stewardship, and the well-being of the communities we serve. By integrating social and environmental considerations into our decision-making processes, we aim to create a positive and lasting impact.

Pricing

• Price: £6,000 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Full Videris licence, user training and technical support.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contracts@ii-solutions.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.